1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Browsers can't connect to internet

Discussion in 'Malware and Virus Removal Archive' started by fishrmn70, 2010/03/21.

  1. 2010/03/21
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    [Resolved] Browsers can't connect to internet

    Good morning,

    I have a problem and found your website after a web search, so I hope that you can help me get this resolved.

    Background:

    My laptop was working fine on 3/13. I went away on business all week and came back this past Friday (3/19) and found that I cannot connect to the internet. My wife's laptop connects just fine so I have ruled out a connection problem. She told me she used my laptop to check her email and facebook account on Tuesday (3/16), but hasn't used it since.

    I have run AVG, Lavasoft Ad-Adware, Spybot Search and Destroy and Malwarebytes Anti-Malware. This programs did not find any major problems, just tracking cookies. However, part of the problem is that I cannot connect to the internet to update them. One other thing, at times the browsers (Internet Explorer and Firefox) will display some pages, but not others. Most of the time, it loads the page about 90%, but then just hangs up.

    Below are the two log files from dds. Thank you in advance for all of your help.



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Adam Pollack at 9:46:13.53 on Sun 03/21/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.411 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\javaws.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Adam Pollack\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [<NO NAME>]
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
    DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190581169125
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\adampo~1\applic~1\mozilla\firefox\profiles\4u7q2djn.default\
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\adam pollack\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\adam pollack\application data\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-31 64288]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-18 216200]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-23 29512]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-18 242696]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-14 353672]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-16 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-28 24652]
    S2 gupdate1c985a4ed8029a0;Google Update Service (gupdate1c985a4ed8029a0);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
    S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

    =============== Created Last 30 ================

    2010-03-21 00:58:58 0 d-----w- c:\docume~1\adampo~1\applic~1\Malwarebytes
    2010-03-21 00:58:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-21 00:58:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-21 00:58:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-21 00:58:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-03-17 01:20:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-09 22:38:44 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

    ==================== Find3M ====================

    2010-03-17 01:20:11 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-17 01:19:49 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-01-29 23:49:53 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-05-10 21:56:13 107581 ----a-w- c:\program files\pidgin-uninst.exe
    2009-03-02 14:23:10 881087 ----a-w- c:\program files\pidgin.dll
    2009-03-02 14:23:10 45603 ----a-w- c:\program files\pidgin.exe
    2009-03-02 14:23:06 573922 ----a-w- c:\program files\libpurple.dll
    2009-03-02 14:22:48 131072 ----a-w- c:\program files\ssl3.dll
    2009-03-02 14:22:46 266240 ----a-w- c:\program files\softokn3.dll
    2009-03-02 14:22:46 106496 ----a-w- c:\program files\smime3.dll
    2009-03-02 14:22:32 28672 ----a-w- c:\program files\plc4.dll
    2009-03-02 14:22:32 24576 ----a-w- c:\program files\plds4.dll
    2009-03-02 14:22:10 372736 ----a-w- c:\program files\nss3.dll
    2009-03-02 14:22:10 249856 ----a-w- c:\program files\nssckbi.dll
    2009-03-02 14:22:10 159744 ----a-w- c:\program files\nspr4.dll
    2009-03-02 14:21:44 77888 ----a-w- c:\program files\libsasl.dll
    2009-03-02 14:21:42 200704 ----a-w- c:\program files\freebl3.dll
    2008-11-21 00:48:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112020081121\index.dat

    ============= FINISH: 9:46:22.95 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/22/2007 7:27:51 PM
    System Uptime: 3/21/2010 7:57:18 AM (2 hours ago)

    Motherboard: Hewlett-Packard | | 30C6
    Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U1 | 1729/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 15 GiB total, 2.576 GiB free.
    D: is FIXED (NTFS) - 60 GiB total, 51.528 GiB free.
    E: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\HPQ0006\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\HPQ0006\2&DABA3FF&0
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30A5103C&REV_01\3&B1BFB68&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_30A5103C&REV_01\3&B1BFB68&0&FB
    Service:

    ==== System Restore Points ===================

    RP669: 12/22/2009 8:05:24 AM - Avg8 Update
    RP670: 12/26/2009 10:39:49 AM - System Checkpoint
    RP671: 12/27/2009 2:47:11 PM - System Checkpoint
    RP672: 12/29/2009 8:48:16 AM - System Checkpoint
    RP673: 12/31/2009 3:54:09 PM - System Checkpoint
    RP674: 1/1/2010 9:10:40 AM - Avg8 Update
    RP675: 1/2/2010 11:05:06 AM - System Checkpoint
    RP676: 1/3/2010 4:47:58 PM - System Checkpoint
    RP677: 1/6/2010 6:49:45 PM - System Checkpoint
    RP678: 1/9/2010 8:51:47 AM - System Checkpoint
    RP679: 1/10/2010 9:17:40 AM - System Checkpoint
    RP680: 1/12/2010 9:00:27 PM - Software Distribution Service 3.0
    RP681: 1/13/2010 9:37:08 PM - System Checkpoint
    RP682: 1/14/2010 10:00:33 PM - System Checkpoint
    RP683: 1/16/2010 8:32:42 AM - System Checkpoint
    RP684: 1/17/2010 6:33:32 PM - System Checkpoint
    RP685: 1/18/2010 7:39:01 PM - Avg8 Update
    RP686: 1/20/2010 9:12:12 AM - System Checkpoint
    RP687: 1/21/2010 10:51:40 AM - System Checkpoint
    RP688: 1/21/2010 9:46:24 PM - Software Distribution Service 3.0
    RP689: 1/23/2010 8:29:27 AM - System Checkpoint
    RP690: 1/24/2010 5:05:34 PM - System Checkpoint
    RP691: 1/25/2010 6:24:14 PM - System Checkpoint
    RP692: 1/26/2010 6:52:43 PM - Avg8 Update
    RP693: 1/27/2010 7:05:42 PM - System Checkpoint
    RP694: 1/29/2010 6:24:35 PM - System Checkpoint
    RP695: 1/30/2010 6:29:08 PM - System Checkpoint
    RP696: 1/31/2010 7:33:15 PM - System Checkpoint
    RP697: 2/2/2010 9:50:29 AM - System Checkpoint
    RP698: 2/3/2010 2:41:15 PM - System Checkpoint
    RP699: 2/4/2010 6:01:46 PM - System Checkpoint
    RP700: 2/5/2010 7:01:30 PM - System Checkpoint
    RP701: 2/6/2010 7:30:13 PM - System Checkpoint
    RP702: 2/8/2010 8:22:59 AM - System Checkpoint
    RP703: 2/8/2009 2:33:45 PM - System Checkpoint
    RP704: 2/8/2010 8:16:28 PM - System Checkpoint
    RP705: 2/10/2010 7:22:21 AM - System Checkpoint
    RP706: 2/13/2010 10:27:20 AM - Software Distribution Service 3.0
    RP707: 2/14/2010 5:44:19 PM - System Checkpoint
    RP708: 2/15/2010 6:21:19 PM - System Checkpoint
    RP709: 2/16/2010 6:47:28 PM - System Checkpoint
    RP710: 2/18/2010 7:56:44 PM - System Checkpoint
    RP711: 2/21/2010 6:44:39 PM - System Checkpoint
    RP712: 2/22/2010 7:22:56 PM - System Checkpoint
    RP713: 2/23/2010 8:14:22 PM - System Checkpoint
    RP714: 2/23/2010 10:23:13 PM - Software Distribution Service 3.0
    RP715: 2/25/2010 6:45:41 PM - System Checkpoint
    RP716: 2/28/2010 10:11:05 AM - System Checkpoint
    RP717: 3/2/2010 6:18:01 PM - System Checkpoint
    RP718: 3/4/2010 6:28:01 PM - System Checkpoint
    RP719: 3/6/2010 7:16:11 AM - System Checkpoint
    RP720: 3/7/2010 1:06:19 PM - System Checkpoint
    RP721: 3/9/2010 4:40:55 PM - Software Distribution Service 3.0
    RP722: 3/11/2010 7:21:21 PM - System Checkpoint
    RP723: 3/12/2010 7:58:56 PM - System Checkpoint
    RP724: 3/13/2010 9:16:29 PM - System Checkpoint
    RP725: 3/16/2010 8:43:14 AM - System Checkpoint
    RP726: 3/16/2010 8:17:59 PM - Avg8 Update
    RP727: 3/16/2010 8:20:44 PM - Avg Update
    RP728: 3/19/2010 7:46:57 AM - System Checkpoint
    RP729: 3/19/2010 7:07:58 PM - Restore Operation
    RP730: 3/21/2010 9:08:28 AM - Removed Java(TM) 6 Update 7
    RP731: 3/21/2010 9:09:17 AM - Removed Java(TM) 6 Update 3

    ==== Installed Programs ======================

    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Shockwave Player 11.5
    AnswerWorks 5.0 English Runtime
    Aspell English Dictionary-0.50-2
    AVG Free 9.0
    Belarc Advisor 7.2
    Broadcom 802.11 Wireless LAN Adapter
    Calculator Powertoy for Windows XP
    CCleaner
    Conexant HD Audio
    DivX Content Uploader
    DivX Web Player
    GNU Aspell 0.50-3
    Google Earth
    Google SketchUp 6
    Google SketchUp 7
    Google Update Helper
    Google Updater
    GTK+ Runtime 2.14.7 rev a (remove only)
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Image Resizer Powertoy for Windows XP
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 13
    LEGO Digital Designer
    LightScribe 1.4.136.1
    Malwarebytes' Anti-Malware
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Visual C++ 2005 Redistributable
    Move Media Player
    Mozilla Firefox (3.0.8)
    Mozilla Firefox (3.6)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    OpenOffice.org 2.3
    Pidgin
    Quicken 2009
    R for Windows 2.10.1
    SAS 9.1
    SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)
    Savings Bond Wizard
    ScreenPrint32 v3.5
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC 9.0 Runtime
    VideoLAN VLC media player 0.8.6c
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows XP Service Pack 3
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    3/21/2010 9:08:51 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    3/20/2010 8:33:19 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    3/19/2010 6:55:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/19/2010 6:45:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 BANTExt Fips intelppm

    ==== End Of File ===========================
     
    fishrmn70,
    #1
  2. 2010/03/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/03/21
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    Thank you for the quick response, below are the two files that you requested. I really appreciate your help.


    ComboFix 10-03-20.06 - Adam Pollack 03/21/2010 15:06:37.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.327 [GMT -5:00]
    Running from: c:\documents and settings\Adam Pollack\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
    .

    2010-03-21 00:58 . 2010-03-21 00:58 -------- d-----w- c:\documents and settings\Adam Pollack\Application Data\Malwarebytes
    2010-03-21 00:58 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-21 00:58 . 2010-03-21 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-21 00:58 . 2010-03-21 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-21 00:58 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-19 23:46 . 2010-03-19 23:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2010-03-17 01:20 . 2010-03-17 01:20 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-03-17 01:20 . 2010-03-17 01:20 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-03-17 01:20 . 2010-03-17 01:20 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
    2010-03-17 01:20 . 2010-03-17 01:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-09 22:38 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-02-19 22:58 . 2010-02-19 22:59 -------- d-----w- c:\documents and settings\Adam Pollack\Local Settings\Application Data\Move Networks
    2010-02-19 22:58 . 2010-02-19 22:58 1795704 ----a-w- c:\documents and settings\Adam Pollack\Application Data\Move Networks\MoveMediaPlayerWin_071705000014.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-21 14:09 . 2007-10-23 23:02 -------- d-----w- c:\program files\Java
    2010-03-21 00:18 . 2008-10-19 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-03-20 23:04 . 2007-09-23 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-03-17 01:20 . 2008-05-18 14:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-17 01:20 . 2007-09-23 21:16 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-17 01:19 . 2008-05-18 14:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-11 12:46 . 2007-12-09 20:34 1 ----a-w- c:\documents and settings\Adam Pollack\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
    2010-03-11 12:46 . 2007-12-09 20:33 -------- d-----w- c:\documents and settings\Adam Pollack\Application Data\OpenOffice.org2
    2010-03-11 00:42 . 2009-11-27 16:50 79488 ----a-w- c:\documents and settings\Adam Pollack\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-07 17:49 . 2009-09-27 16:13 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2010-02-23 00:07 . 2009-09-12 03:42 4464453 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-02-19 22:58 . 2009-10-19 23:20 144160 ----a-w- c:\documents and settings\Adam Pollack\Application Data\Move Networks\uninstall.exe
    2010-02-19 22:58 . 2008-01-07 23:20 -------- d-----w- c:\documents and settings\Adam Pollack\Application Data\Move Networks
    2010-02-19 22:58 . 2009-12-07 01:22 5603776 ----a-w- c:\documents and settings\Adam Pollack\Application Data\Move Networks\plugins\npqmp071705000014.dll
    2010-02-06 14:39 . 2007-10-01 00:24 -------- d-----w- c:\program files\Google
    2010-02-04 23:49 . 2009-07-05 18:53 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2010-02-04 23:49 . 2009-07-05 18:53 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2010-02-04 23:49 . 2009-07-05 18:53 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2010-01-30 02:26 . 2010-01-30 02:26 -------- d-----w- c:\documents and settings\Adam Pollack\Application Data\dvdcss
    2010-01-05 10:00 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 10:00 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-26 13:13 . 2009-10-21 21:58 6725632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
    2009-05-10 21:56 . 2009-05-10 21:56 107581 ----a-w- c:\program files\pidgin-uninst.exe
    2009-03-02 14:23 . 2009-03-02 14:23 881087 ----a-w- c:\program files\pidgin.dll
    2009-03-02 14:23 . 2009-03-02 14:23 45603 ----a-w- c:\program files\pidgin.exe
    2009-03-02 14:23 . 2009-03-02 14:23 573922 ----a-w- c:\program files\libpurple.dll
    2009-03-02 14:22 . 2009-03-02 14:22 131072 ----a-w- c:\program files\ssl3.dll
    2009-03-02 14:22 . 2009-03-02 14:22 266240 ----a-w- c:\program files\softokn3.dll
    2009-03-02 14:22 . 2009-03-02 14:22 106496 ----a-w- c:\program files\smime3.dll
    2009-03-02 14:22 . 2009-03-02 14:22 28672 ----a-w- c:\program files\plc4.dll
    2009-03-02 14:22 . 2009-03-02 14:22 24576 ----a-w- c:\program files\plds4.dll
    2009-03-02 14:22 . 2009-03-02 14:22 372736 ----a-w- c:\program files\nss3.dll
    2009-03-02 14:22 . 2009-03-02 14:22 249856 ----a-w- c:\program files\nssckbi.dll
    2009-03-02 14:22 . 2009-03-02 14:22 159744 ----a-w- c:\program files\nspr4.dll
    2009-03-02 14:21 . 2009-03-02 14:21 77888 ----a-w- c:\program files\libsasl.dll
    2009-03-02 14:21 . 2009-03-02 14:21 200704 ----a-w- c:\program files\freebl3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-29 788880]
    "ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-17 01:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\SAS\\SAS 9.1\\sas.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/31/2009 11:12 AM 64288]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/18/2008 9:09 AM 216200]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/18/2008 9:09 AM 242696]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/16/2010 8:19 PM 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 8:19 PM 308064]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2009 11:24 AM 24652]
    S2 gupdate1c985a4ed8029a0;Google Update Service (gupdate1c985a4ed8029a0);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 9:12 PM 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - APPMGMT
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:49]

    2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:49]

    2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:49]

    2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:49]

    2010-03-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:49]

    2010-03-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-19 00:05]

    2010-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 02:12]

    2010-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 02:12]
    .
    .
    ------- Supplementary Scan -------
    .
    DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
    FF - ProfilePath - c:\documents and settings\Adam Pollack\Application Data\Mozilla\Firefox\Profiles\4u7q2djn.default\
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\Adam Pollack\Application Data\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\Adam Pollack\Application Data\Move Networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-Mozilla Firefox (3.0.8) - g:\documents\uninstall\helper.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(320)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-03-21 15:10:18
    ComboFix-quarantined-files.txt 2010-03-21 20:10

    Pre-Run: 2,709,192,704 bytes free
    Post-Run: 2,712,682,496 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - C72BE30C1900E4F32341EC5643A811C7



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:12:03 PM, on 3/21/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\javaws.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\ComboFix\CF14512.cfxxe
    C:\ComboFix\mbr.cfxxe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190581169125
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate1c985a4ed8029a0) (gupdate1c985a4ed8029a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6383 bytes
     
    fishrmn70,
    #3
  5. 2010/03/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log is clean :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ================================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    ===============================================================

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
    broni,
    #4
  6. 2010/03/21
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    Broni,

    I have run into an unexpected problem. I was able to download and run TFC with no problem. The problem arose when I went to the Kaspersky website. The 'Accept' button is grayed out and says that it requires Java framework 1.5 or later. I opened the about Java window and it shows I have version 6 update 13 (build 1.6.1_13-b03). I am not sure what the problem could be. I will be awaiting further instruction.
     
    fishrmn70,
    #5
  7. 2010/03/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #6
  8. 2010/03/21
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    Sorry to be a pain, but I can't update Java. I went to the website and downloader the installer. However, when I try to run it, it says it can't connect to the site to continue the download. I did try the website on another computer and it was working just fine, with a earlier version of java. Because of this, I think something else is blocking it from running, but that is just a guess. Please let me know what the next step should be.
     
    fishrmn70,
    #7
  9. 2010/03/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download "offline" file instead of "online" file.
     
    broni,
    #8
  10. 2010/03/22
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    I got the download of the newest Java installed successfully. I still run into a problem when I try to get to the Kaspersky site because of the intermittent connection problems. When I am browsing I can usually get to a site after multiple reloads/refreshes.

    On a side note, I saw in another post someone was having similar problems and you suggested uninstalling AVG and Zone Alarm. Do you think this may have something to do with my problems?

    Thanks in advance.
     
    fishrmn70,
    #9
  11. 2010/03/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #10
  12. 2010/03/23
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    Well it looks like the uninstall of AVG did the trick. I was able to finally get online and run the Kaspersky scan. I also ran a new HiJackThis. I have attached both below. If everything looks ok I will go ahead and try to reinstall AVG and see if the problem comes back.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, March 23, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Monday, March 22, 2010 21:03:51
    Records in database: 3848711
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 64910
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 01:52:58

    No threats found. Scanned area is clean.

    Selected area has been scanned.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:32:01 PM, on 3/23/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190581169125
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O23 - Service: Google Update Service (gupdate1c985a4ed8029a0) (gupdate1c985a4ed8029a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5718 bytes
     
    fishrmn70,
    #11
  13. 2010/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)
    Now, you have to have some protection, so I suggest, you download and install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

    =================================================================

    Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

    ===============================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    ==============================================================

    Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.

    ==============================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #12
  14. 2010/03/23
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    Any opinions about giving AVG another try, or is it time to dump it?
     
    fishrmn70,
    #13
  15. 2010/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It's been time to dump it since ver 8.0 came out :)
    That's what I did.
     
    broni,
    #14
  16. 2010/03/23
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    Will do. I will finish running everything tomorrow and check back in with the log files. Thanks again for all of your help.
     
    fishrmn70,
    #15
  17. 2010/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)
     
    broni,
    #16
  18. 2010/03/24
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    Ok, I think I have done everything that I needed to do. I got Avast installed. I took care of Java. I have all the viewpoint programs uninstalled. I fixed the items with HiJackThis. Below is the latest HiJackThis log file. Thank you once again.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:40:31 PM, on 3/24/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190581169125
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Google Update Service (gupdate1c985a4ed8029a0) (gupdate1c985a4ed8029a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5524 bytes
     
    fishrmn70,
    #17
  19. 2010/03/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very nice :)


    Your computer is clean :)

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #18
  20. 2010/03/28
    fishrmn70

    fishrmn70 Inactive Thread Starter

    Joined:
    2010/03/21
    Messages:
    10
    Likes Received:
    0
    Well it's been a couple of days and everything is still running fine. Thank you again for all your help with this problem. This forum seems like a wealth of information and I look forward to spending some time around here.

    Adam
     
    fishrmn70,
    #19
  21. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)
    Good luck and stay safe :)
     
    broni,
    #20

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...