1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved IE 7 won't start

Discussion in 'Malware and Virus Removal Archive' started by James1207, 2009/02/05.

  1. 2009/02/05
    James1207

    James1207 Inactive Thread Starter

    Joined:
    2009/02/05
    Messages:
    7
    Likes Received:
    0
    [Resolved] IE 7 won't start

    If anyone could help, I sure would appreciate it. My internet explorer stopped working yesterday. I thought I was smarter than this! It opens briefly but then closes before getting "online." I've run Adaware, AVG, A-squared, and SuperSpyware. I've tried numerous suggestions I read in threads here but nothing seems to work.

    I ran the DDS tool; results:


    DDS (Ver_09-02-01.01) - NTFSx86
    Run by James Minkel at 9:36:31.32 on 2009-02-05
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.525 [GMT -7:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\James Minkel\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = about:
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe "
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: : {fffffef0-5b30-21d4-945d-000000000000} - c:\progra~1\stardo~1\SDIEInt.dll
    TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe "
    mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: Download with Star Downloader - c:\program files\star downloader\sdie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0470E62C-C97E-4317-81E5-0774D8CBF7B7} - hxxp://www.endpointscan.com/EndPointScan.cab
    DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179540706147
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\jamesm~1\applic~1\mozilla\firefox\profiles\ndo0ileb.default\
    FF - plugin: c:\program files\download manager\npfpdlm.dll
    FF - HiddenExtension: XUL Cache: {4004FBC3-AF01-43A9-9B9F-DC8F72210BC8} - c:\documents and settings\james minkel\local settings\application data\{4004FBC3-AF01-43A9-9B9F-DC8F72210BC8}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000

    ============= SERVICES / DRIVERS ===============

    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2007-10-22 40464]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-6 325128]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-4-21 27656]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-6 107272]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
    R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-10 421496]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 903960]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 298264]
    R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2009-1-6 23352]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-11-20 603904]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2008-11-15 102912]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 BCASPROT;Advanced System Protector;c:\program files\systweak\advanced system protector\sasprot32.sys [2008-11-23 6656]
    S3 cpuz131;cpuz131;\??\c:\docume~1\jamesm~1\locals~1\temp\cpuz131\cpuz_x32.sys --> c:\docume~1\jamesm~1\locals~1\temp\cpuz131\cpuz_x32.sys [?]
    S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2008-12-5 23096]
    S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [2008-12-5 3768]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]

    =============== Created Last 30 ================

    2009-02-05 09:14 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
    2009-02-05 09:14 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
    2009-02-05 09:14 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
    2009-02-05 09:14 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
    2009-02-05 09:14 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
    2009-02-05 09:14 99,865 a------- c:\windows\system32\dllcache\xlog.exe
    2009-02-05 09:14 28,288 a------- c:\windows\system32\dllcache\xjis.nls
    2009-02-05 09:12 19,551 a------- c:\windows\system32\dllcache\watv02nt.sys
    2009-02-05 09:11 224,802 a------- c:\windows\system32\dllcache\usr1807a.sys
    2009-02-05 09:10 11,520 a------- c:\windows\system32\dllcache\twotrack.sys
    2009-02-05 09:09 138,528 a------- c:\windows\system32\dllcache\tgiulnt5.sys
    2009-02-05 09:08 3,968 a------- c:\windows\system32\dllcache\swusbflt.sys
    2009-02-05 09:07 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
    2009-02-05 09:06 11,136 a------- c:\windows\system32\dllcache\slip.sys
    2009-02-05 09:05 6,784 a------- c:\windows\system32\dllcache\serscan.sys
    2009-02-05 09:04 41,216 a------- c:\windows\system32\dllcache\s3mt3d.sys
    2009-02-05 09:03 41,472 a------- c:\windows\system32\dllcache\qvusd.dll
    2009-02-05 09:02 121,344 a------- c:\windows\system32\dllcache\phvfwext.dll
    2009-02-05 09:01 41,984 a------- c:\windows\system32\dllcache\ovui2rc.dll
    2009-02-05 09:00 51,552 a------- c:\windows\system32\dllcache\ntgrip.sys
    2009-02-05 08:59 13,664 a------- c:\windows\system32\dllcache\n9i128.sys
    2009-02-05 08:58 56,832 a------- c:\windows\system32\dllcache\msdvbnp.ax
    2009-02-05 08:57 797,500 a------- c:\windows\system32\dllcache\ltsmt.sys
    2009-02-05 08:56 18,688 a------- c:\windows\system32\dllcache\irsir.sys
    2009-02-05 08:55 26,624 a------- c:\windows\system32\dllcache\icam3ext.dll
    2009-02-05 08:54 391,199 a------- c:\windows\system32\dllcache\hsf_k56k.sys
    2009-02-05 08:53 2,688 a------- c:\windows\system32\dllcache\hidswvd.sys
    2009-02-05 08:52 22,090 a------- c:\windows\system32\dllcache\fem556n5.sys
    2009-02-05 08:51 283,904 a------- c:\windows\system32\dllcache\emu10k1m.sys
    2009-02-05 08:50 952,007 a------- c:\windows\system32\dllcache\diwan.sys
    2009-02-05 08:49 48,640 a------- c:\windows\system32\dllcache\cwrwdm.sys
    2009-02-05 08:48 314,752 a------- c:\windows\system32\dllcache\camdro21.sys
    2009-02-05 08:47 16,969 a------- c:\windows\system32\dllcache\amb8002.sys
    2009-02-05 07:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-02-05 07:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-02-05 07:34 <DIR> --d----- c:\docume~1\jamesm~1\applic~1\SUPERAntiSpyware.com
    2009-02-05 07:20 161,792 a------- c:\windows\SWREG.exe
    2009-02-05 07:20 98,816 a------- c:\windows\sed.exe
    2009-02-05 07:20 389,120 a------- c:\windows\system32\CF27999.exe
    2009-02-05 07:20 <DIR> --d----- C:\ComboFix
    2009-02-05 07:19 389,120 a------- c:\windows\system32\CF27852.exe
    2009-02-04 23:22 <DIR> --d----- c:\program files\Lavasoft
    2009-02-04 19:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-02-04 18:26 <DIR> --d----- c:\documents and settings\james minkel\IECompatCache
    2009-02-04 18:25 <DIR> --d----- c:\documents and settings\james minkel\PrivacIE
    2009-02-04 18:25 <DIR> --d----- c:\documents and settings\james minkel\IETldCache
    2009-02-04 18:17 <DIR> -cd----- c:\windows\ie8
    2009-02-04 15:28 <DIR> --d----- c:\program files\Auto Shutdown Genius
    2009-02-03 14:39 32 a------- c:\windows\go
    2009-02-02 12:40 69,712 a------- c:\windows\uninstall.dat
    2009-02-02 12:40 314 a------- c:\windows\uninstall.xml
    2009-01-30 15:04 <DIR> --d----- c:\program files\WinAVI MP4 Converter
    2009-01-28 17:05 3,532 a------- C:\drmHeader.bin
    2009-01-27 17:23 <DIR> --d----- c:\program files\VMNetSrv
    2009-01-27 17:23 <DIR> --d----- c:\docume~1\jamesm~1\applic~1\Steganos VPN
    2009-01-27 11:38 <DIR> --d----- c:\program files\WiresharkPortable
    2009-01-26 18:29 <DIR> --d----- c:\docume~1\jamesm~1\applic~1\Crayon Physics Deluxe
    2009-01-25 17:58 <DIR> --d----- c:\program files\Postal2STP
    2009-01-25 12:23 <DIR> --d----- c:\program files\NetWaiting
    2009-01-20 17:11 <DIR> --d----- c:\program files\Video Strip Poker Supreme
    2009-01-20 16:50 343 a------- c:\windows\_c.ini
    2009-01-20 16:45 343 a------- c:\windows\sw.ini
    2009-01-20 16:38 343 a------- c:\windows\ask.ini
    2009-01-20 16:37 446,464 a------- c:\windows\system32\vp31vfw.dll
    2009-01-20 16:37 <DIR> --d----- c:\program files\On2 Technologies
    2009-01-20 16:35 <DIR> --d----- c:\program files\Silver Wings
    2009-01-20 15:31 47,104 a------- c:\windows\system32\KMVIDC32.DLL
    2009-01-18 19:13 <DIR> --d----- c:\program files\GooTool
    2009-01-18 17:32 20,480 a------- c:\windows\system32\scrnrdr.exe
    2009-01-17 20:17 <DIR> --d----- C:\X360HP Temp
    2009-01-17 20:00 <DIR> --d----- c:\program files\Xbox 360 Hack Pack RC1
    2009-01-17 12:53 873,374 a------- c:\windows\system32\oem57.inf
    2009-01-17 12:51 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
    2009-01-17 12:51 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-01-17 12:51 3,698,040 a------- c:\windows\system32\dllcache\ieapfltr.dat
    2009-01-17 12:51 1,228,800 a------- c:\windows\system32\dllcache\ieframe.dll.mui
    2009-01-17 12:51 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
    2009-01-17 12:51 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
    2009-01-17 12:51 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
    2009-01-17 12:51 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2009-01-17 12:51 63,488 -------- c:\windows\system32\dllcache\icardie.dll
    2009-01-17 11:02 <DIR> --d----- c:\docume~1\jamesm~1\applic~1\Abuse
    2009-01-16 17:53 <DIR> --d----- c:\program files\ViStart Beta 6
    2009-01-16 10:15 65 a------- c:\windows\dartemup.ini
    2009-01-15 20:19 <DIR> --d----- C:\Download
    2009-01-15 20:16 <DIR> --d----- c:\docume~1\jamesm~1\applic~1\ViStart
    2009-01-15 02:22 49,152 -------- c:\windows\system32\msrating.dll.mui
    2009-01-15 02:21 2,560 -------- c:\windows\system32\mshta.exe.mui
    2009-01-15 02:19 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
    2009-01-15 02:19 81,920 -------- c:\windows\system32\iedkcs32.dll.mui
    2009-01-14 15:31 <DIR> --d----- c:\program files\Star Downloader
    2009-01-14 15:12 524,288 a------- c:\windows\system32\xvidcore.dll
    2009-01-14 15:12 139,264 a------- c:\windows\system32\xvidvfw.dll
    2009-01-14 10:35 <DIR> --d----- C:\Neighbours from Hell 2 Demo XS
    2009-01-13 17:13 <DIR> --d----- C:\cygdrive
    2009-01-13 16:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
    2009-01-13 16:28 441,760 a------- c:\windows\system32\drivers\timntr.sys
    2009-01-13 16:28 44,384 a------- c:\windows\system32\drivers\tifsfilt.sys
    2009-01-13 16:28 132,224 a------- c:\windows\system32\drivers\snapman.sys
    2009-01-13 16:28 368,480 a------- c:\windows\system32\drivers\tdrpman.sys
    2009-01-13 16:23 <DIR> --d----- C:\MaxtorDrv
    2009-01-13 14:15 <DIR> --d----- c:\program files\Aimersoft
    2009-01-12 16:19 <DIR> --d----- C:\Sandbox
    2009-01-12 16:19 1,834 a------- c:\windows\Sandboxie.ini
    2009-01-12 16:18 <DIR> --d----- c:\program files\Sandboxie
    2009-01-11 17:16 <DIR> --d----- c:\program files\SpeedFan
    2009-01-11 17:16 45 a------- c:\windows\system32\initdebug.nfo
    2009-01-11 16:48 <DIR> --d----- c:\program files\Motherboard Monitor 5
    2009-01-11 11:38 <DIR> --d----- c:\program files\stripPoker
    2009-01-11 11:29 51 a------- c:\windows\rblky.sys
    2009-01-10 22:59 <DIR> --d----- c:\program files\Axaware
    2009-01-10 21:15 <DIR> --d----- c:\program files\a-squared Free
    2009-01-10 20:33 <DIR> --d----- c:\documents and settings\james minkel\Application DataRetinax
    2009-01-10 20:32 1,010,720 a------- c:\windows\system32\MSCHRT20.OCX
    2009-01-10 20:32 951,104 a------- c:\windows\system32\tssOfficeMenu1d.ocx
    2009-01-10 20:32 515,584 a------- c:\windows\system32\RetinaTSpinEditXControl1.ocx
    2009-01-10 20:32 491,520 a------- c:\windows\system32\vbalSGrid6.ocx
    2009-01-10 20:32 312,128 a------- c:\windows\system32\tssPopupNotify.ocx
    2009-01-10 20:32 212,240 a------- c:\windows\system32\RICHTX32.OCX
    2009-01-10 20:32 94,208 a------- c:\windows\system32\vbalIml6.ocx
    2009-01-10 20:32 865,088 a------- c:\windows\system32\ExplorerBarXP2_vba.ocx
    2009-01-10 20:32 865,080 a------- c:\windows\system32\ExplorerBarXP2.ocx
    2009-01-10 20:32 851,968 a------- c:\windows\system32\ExplorerBarXP2Demo.ocx
    2009-01-10 20:32 143,360 a------- c:\windows\system32\LVbuttons.ocx
    2009-01-10 20:32 65,536 a------- c:\windows\system32\MBSplit.ocx
    2009-01-10 17:33 <DIR> --d----- c:\program files\NOMBZ Night of a Million Billion Zombies
    2009-01-10 17:33 89,777,067 a------- c:\windows\system32\xa31831015.exe
    2009-01-10 17:32 89,777,067 a------- c:\windows\system32\xa31774703.exe
    2009-01-10 14:40 <DIR> --d----- c:\program files\Mozilla ActiveX Control v1.7.12
    2009-01-10 14:39 <DIR> --d----- c:\program files\Graboid
    2009-01-09 10:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Innovative Solutions
    2009-01-09 10:11 42,496 a------- c:\windows\system32\AdvUninstCPL.cpl
    2009-01-09 10:11 <DIR> --d----- c:\program files\Innovative Solutions
    2009-01-09 09:33 <DIR> --d----- c:\program files\trend micro
    2009-01-08 10:47 129,784 -------- c:\windows\system32\pxafs.dll
    2009-01-07 16:25 446 a------- c:\windows\system32\tversity.cookies
    2009-01-06 19:49 60,273 a------- c:\windows\system32\pthreadGC2.dll
    2009-01-06 19:49 7,680 a------- c:\windows\system32\ff_vfw.dll
    2009-01-06 19:49 547 a------- c:\windows\system32\ff_vfw.dll.manifest
    2009-01-06 19:49 <DIR> --d----- c:\program files\ffdshow
    2009-01-06 19:47 <DIR> --d----- c:\program files\TVersity Codec Pack
    2009-01-06 19:45 <DIR> --d----- c:\program files\TVersity
    2009-01-06 17:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Launcher
    2009-01-06 17:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Graboid Inc
    2009-01-06 17:50 <DIR> --d----- c:\docume~1\jamesm~1\applic~1\MozillaControl
    2009-01-06 17:48 <DIR> --d----- c:\program files\VideoLAN
    2009-01-06 15:19 23,352 a------- c:\windows\system32\drivers\pnpcap.sys

    ==================== Find3M ====================

    2009-01-29 17:18 603,904 a------- c:\windows\system32\TUProgSt.exe
    2009-01-29 17:17 362,240 a------- c:\windows\system32\TuneUpDefragService.exe
    2009-01-29 09:01 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-01-29 09:01 10,520 a------- c:\windows\system32\avgrsstx.dll
    2009-01-29 09:01 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
    2009-01-24 22:04 410,984 a------- c:\windows\system32\deploytk.dll
    2009-01-16 09:35 87,608 a------- c:\docume~1\jamesm~1\applic~1\inst.exe
    2009-01-16 09:35 47,360 a------- c:\docume~1\jamesm~1\applic~1\pcouffin.sys
    2009-01-14 19:49 1,016 a------- C:\ErsXP.bat
    2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2008-12-23 11:52 385,024 a------- c:\windows\system32\srkey.exe
    2008-12-20 16:18 107,888 a------- c:\windows\system32\CmdLineExt.dll
    2008-12-20 16:12 413,696 a------- c:\windows\system32\wrap_oal.dll
    2008-12-20 16:12 110,592 a------- c:\windows\system32\OpenAL32.dll
    2008-12-12 23:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
    2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
    2008-12-11 03:57 333,952 a------- c:\windows\system32\drivers\srv.sys
    2008-12-11 03:57 333,952 a------- c:\windows\system32\dllcache\srv.sys
    2008-12-10 17:33 200,704 a------- c:\windows\system32\dtu100.dll
    2008-12-10 17:33 86,016 a------- c:\windows\system32\dpl100.dll
    2008-12-09 20:24 8,835,397 a------- c:\windows\system32\xa2761265.exe
    2008-12-09 20:24 8,835,397 a------- c:\windows\system32\xa2756265.exe
    2008-12-08 19:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
    2008-12-08 19:28 344,064 a------- c:\windows\system32\dpus11.dll
    2008-12-08 19:28 294,912 a------- c:\windows\system32\dpu11.dll
    2008-12-08 19:28 57,344 a------- c:\windows\system32\dpv11.dll
    2008-12-08 10:12 19,712 a------- c:\windows\system32\drivers\ndisprotiln.sys
    2008-12-05 12:40 3,400 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
    2008-12-05 12:32 349,048 a------- c:\windows\system32\SpoonUninstall.exe
    2008-12-02 19:52 1,066,544 a------- c:\windows\system32\mfc71.dll
    2008-12-02 11:48 32,365,900 a------- c:\windows\system32\xa16769968.exe
    2008-12-02 11:48 32,365,900 a------- c:\windows\system32\xa16766796.exe
    2008-12-01 18:15 7,302,267 a------- c:\windows\system32\easy_dvd_creator.exe
    2008-12-01 09:37 737,280 a------- c:\windows\iun6002.exe
    2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
    2008-11-27 11:47 10,240 a------- c:\windows\system32\RtNicProp32.dll
    2008-11-20 00:46 45,056 a------- c:\windows\system32\wnaspi32.dll
    2008-11-12 16:44 27,904 a------- c:\windows\system32\uxtuneup.dll
    2008-11-10 19:49 17,136 a------- c:\windows\system32\sasnative32.exe
    2008-08-18 12:59 108 a------- c:\docume~1\alluse~1\applic~1\913952bf.dat
    2007-10-16 17:35 185 a--shr-- c:\windows\Regbak.dat
    2006-12-16 15:42 0 a--sh--- c:\windows\sminst\HPCD.SYS

    ============= FINISH: 9:37:17.48 ===============



    HiJack This; results:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:54:21, on 2009-02-05
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\James Minkel\My Documents\Computer-Repair-Utility-

    Kit-V2\Computer-Repair-Utility-Kit-V2\Virus Removal\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

    "C:\Program Files\Outlook Express\msimn.exe "
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

    C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

    C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} -

    C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

    9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-

    EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1

    \STARDO~1\SDIEInt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

    C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

    Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch

    Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP

    Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

    Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks

    Shared\Platform\nmctxth.exe "
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common

    Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6

    \bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

    atboottime
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

    Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

    Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1

    \DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1

    \DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: Download with Star Downloader - C:\Program

    Files\Star Downloader\sdie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

    f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

    TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
    O16 - DPF: {0470E62C-C97E-4317-81E5-0774D8CBF7B7} (EndPointScan Class) -

    http://www.endpointscan.com/EndPointScan.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner

    3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

    http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan

    Agent 6.6) -

    http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activ

    ex/hcImpl.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -

    http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) -

    http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

    http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

    http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center

    Base Module) -

    http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -

    http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_

    site.cab?1179540706147
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -

    http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -

    http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

    http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1)

    - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) -

    http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -

    http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

    C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program

    Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH -

    C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

    Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -

    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -

    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32

    \IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

    Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service

    (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

    Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common

    Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems,

    Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -

    CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program

    Files\Sandboxie\SbieSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software -

    C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc)

    - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program

    Files\TVersity\Media Server\MediaServer.exe

    --
    End of file - 11197 bytes
     
  2. 2009/02/05
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    While you are waiting for one of out trained analysts to look over your log - may be a couple of days as they are very busy, have you tried starting IE in no-addons mode and what is the result?

    Right click IE icon on desktop > Start without Add-ons or Start > Programs > Accessories > System Tools > IE no add-ons.

    Another possible solution ....

    Right click IE icon on Desktop > Properties > Advanced > Reset.
     

  3. to hide this advert.

  4. 2009/02/05
    James1207

    James1207 Inactive Thread Starter

    Joined:
    2009/02/05
    Messages:
    7
    Likes Received:
    0
    Thank you for the suggestions, neither worked. When I opened w/o addons it opened to a blank page but just sat there. There are no toolbars, and no "title" on the bar at the top after the IE Icon. When I tried to get into properties, nothing happened...
    I'm at a complete loss here...
    Oh and thank you for the welcome!
     
  5. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi James, and sorry for the wait.

    Please download [color= "#FF0000"] GooredFix[/color] from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Double-click GooredFix.exe to run it.
    • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
    • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
    Note: Do not run Option #2 yet.
     
  6. 2009/02/10
    James1207

    James1207 Inactive Thread Starter

    Joined:
    2009/02/05
    Messages:
    7
    Likes Received:
    0
    I was able to install IE 8. It seems to be working, should I still do this?
     
  7. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Your computer is infected, so yes, please complete the recommendation.
     
  8. 2009/02/10
    James1207

    James1207 Inactive Thread Starter

    Joined:
    2009/02/05
    Messages:
    7
    Likes Received:
    0
    GooredFix v1.83 by jpshortstuff
    Log created at 07:28 on 10/02/2009 running Option #1 (James XXXXXX)
    Firefox version 3.0.5 (en-US)

    =====Suspect Goored Entries=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{4004FBC3-AF01-43A9-9B9F-DC8F72210BC8} "= "C:\Documents and Settings\James XXXXXX\Local Settings\Application Data\{4004FBC3-AF01-43A9-9B9F-DC8F72210BC8} "

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
    "Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
    "Components "= "C:\Program Files\Mozilla Firefox\components "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{20a82645-c095-46ed-80e3-08825760534b} "= "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{4004FBC3-AF01-43A9-9B9F-DC8F72210BC8} "= "C:\Documents and Settings\James XXXXXX\Local Settings\Application Data\{4004FBC3-AF01-43A9-9B9F-DC8F72210BC8} "
     
  9. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please double-click GooredFix.exe on your Desktop to run it.
    • Select "2. Fix Goored " by typing 2 and pressing Enter.
    • Make sure all instances of Firefox are closed at this point.
    • Type y at the prompt and press Enter again.
    • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
    Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.


    Next, please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


    Post the Kaspersky log here.
     
  10. 2009/02/11
    James1207

    James1207 Inactive Thread Starter

    Joined:
    2009/02/05
    Messages:
    7
    Likes Received:
    0
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, February 11, 2009
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Wednesday, February 11, 2009 23:44:40
    Records in database: 1784406
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - Critical Areas:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    C:\Documents and Settings\James Minkel\Start Menu\Programs\Startup
    C:\Program Files
    C:\WINDOWS

    Scan statistics:
    Files scanned: 84234
    Threat name: 0
    Infected objects: 0
    Suspicious objects: 0
    Duration of the scan: 01:52:04

    No malware has been detected. The scan area is clean.

    The selected area was scanned.
     
  11. 2009/02/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. Please post the contents of GooredLog.txt on your desktop.
     
  12. 2009/02/13
    James1207

    James1207 Inactive Thread Starter

    Joined:
    2009/02/05
    Messages:
    7
    Likes Received:
    0
    GooredFix v1.91 by jpshortstuff
    Log created at 06:34 on 13/02/2009 running Option #2 (James XXXXXX)
    Firefox version 3.0.6 (en-US)

    =====Goored Deletions=====

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
    "Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
    "Components "= "C:\Program Files\Mozilla Firefox\components "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{20a82645-c095-46ed-80e3-08825760534b} "= "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "
     
  13. 2009/02/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. Provided you're experiencing no other problems, we're done. You can delete the gooredfix files and log(s), dds.scr and the dds logs, and the Kaspersky log.

    A Java update is available, so if you're not using Version 6 Update 12, I recommend you uninstall all old versions then install JRE 6 Update 12 from here

    If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


    Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe! :)
     
  14. 2009/02/14
    James1207

    James1207 Inactive Thread Starter

    Joined:
    2009/02/05
    Messages:
    7
    Likes Received:
    0
    Thank you so much for all your help! I really appreciate it!
     
  15. 2009/02/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're most welcome. :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.