954,242 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
4 Years Ago
0

Internet explorer keeps crashing

everytime i open internet explorer the program crashes as it starts. The program shows as not responding and on task manager the program is running twice. i wonder if any1 could help me out. thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:03, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\?dobe\u?erinit.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AsmwSoft\Free Asmw PC-Optimizer\asmwclen.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\akssggf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [pvvurrl] c:\windows\system32\akssggf.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (Google Script Object) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c400.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7737 bytes

craiggale
Newbie Poster
13 posts since Feb 2008
Reputation Points: 10
Solved Threads: 0
 
4 Years Ago
Show Comments
0
everytime i open internet explorer the program crashes as it starts. The program shows as not responding and on task manager the program is running twice. i wonder if any1 could help me out. thanks in advance


Hi craiggale,

You have a boatload of malware showing there, much of which I have not seen on a regular basis for a few years.Let's go ahead and do this to get started:

FIRST -
Please Download this tool: http://www.cexx.org/lspfix.zip and extract the LSPFix folder to your Desktop.
--Please run LSPFix
- Check the Box labeled "I know what I'm doing" and then click on the msvrl.dll file (in the “Keep” section) to select it.
- Then, Select the >> button to move msvrl.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
I'd like to do this first to try to avoid the connectivity problems that occur when we rip malware from the LSP stack....
Note that ComboFix will also address this issue as well, but I'd prefer to use LSPFix for this step.

NEXT, let's go ahead and do the following:Download combofix.exe by sUBs to your computer's Desktop.
Alternate Download
(If you already have a previous version, delete it and download a new version).
Double click combofix.exe & follow the prompts.
Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought toProduce a log for you. ( C:\ComboFix\ComboFix.txt)
Restore your Internet connection.
IMPORTANT: Do not use your computer while Combofix is running.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
(If the above fails to restore your connection, you ought to be able to run LSPFix again and just click the "Finish" button.)
Please post that log for us along with a fresh HJT and we'll go from there. Let us know if you run into any difficulty.

Best Luck :)
PP

PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
 
4 Years Ago
0

thanks alot for the help, as you can probably tell i don't use this comp very much and the problems have just accumulated. The problem with internet explorer seems to be resolved, however i now have a message popping up before i log in saying that my version of windows is not genuine. ne help would gain be appretiated.

combofix log:

ComboFix 08-02-25.3 - Jenny 2008-02-27 12:35:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.257 [GMT 0:00]
Running from: C:\Documents and Settings\Jenny\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jenny\My Documents\ICROSO~1
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSTED.ANM
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSTED.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\DRUM.BNK
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\HPANEL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\HPANEL-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INST.BNK
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INTIT.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG2-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG3-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG4-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUCT-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWAR0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWAR1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MBLK-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MBLK-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MCUP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MCUP-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDEDIT-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDFRA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDSTA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MEDIT-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFONT-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFONT-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFRA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MGLOBE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MGLPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MHAND-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MHAND-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MIDLAND.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMAP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMENU-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMENU-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MNEG-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MNGPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPALETTE.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPANEL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPANEL-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPLAY-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPLAY-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPOINTER.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPOINTER.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRES-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSHARE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTAP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTAPAL-.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTATE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTOCK-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUS.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUS.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSELE.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSFRA.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSSTA.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.000
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.002
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.003
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.009
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.012
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.013
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.026
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKOVER.ANM
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKOVER.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\WINGAME.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DOS4GW.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIDET.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIDRV.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIMDRV.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\BLEEE.GD
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\BLEEE.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\DEMO.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\JAREK.GD
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\JAREK.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SETUP.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SNDSETUP.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\TP.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\spool32.exe
C:\Program Files\Common Files\{48EEE~1
C:\Program Files\Common Files\{48EEE~1\Update.exe
C:\Program Files\Common Files\inetget
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\RyDial.log
C:\Program Files\outlook\v.tmp
C:\Program Files\toolbar888
C:\Program Files\toolbar888\Activate.exe
C:\Program Files\toolbar888\mytoolbar.dll
C:\Program Files\toolbar888\Uninst.exe
C:\Program Files\video activex object
C:\Program Files\windows
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\u?erinit.exe
C:\WINDOWS\system32\msvrl.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\teller2.chk

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-26 17:46 . 2008-02-26 17:46 d-------- C:\Program Files\Common Files\xing shared
2008-02-25 16:42 . 2008-02-25 16:42 d-------- C:\Program Files\AsmwSoft
2008-02-25 16:42 . 1998-01-31 13:25 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2008-02-25 16:42 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-25 16:42 . 2004-05-27 01:32 102,400 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-02-25 16:42 . 1999-04-25 09:37 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2008-02-25 12:01 . 2002-08-29 12:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt
2008-02-14 22:51 . 2008-02-14 22:51 d-------- C:\Park
2008-02-14 21:03 . 2008-02-15 21:16 d-------- C:\Program Files\DOSBox-0.65
2008-02-14 20:21 . 2008-02-14 20:40 d-------- C:\Program Files\BitLord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:46 --------- d-----w C:\Program Files\Real
2008-02-26 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-26 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-26 17:45 --------- d-----w C:\Program Files\Common Files\Real
2008-02-26 16:58 --------- d-----w C:\Program Files\Google
2008-02-26 11:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 16:50 28,218 ----a-w C:\Documents and Settings\adam\Application Data\wklnhst.dat
2008-01-17 14:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-01-17 14:07 --------- d-----w C:\Program Files\Xerox One Touch
2008-01-15 00:09 38,656 ----a-w C:\Documents and Settings\Jenny\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-07-26 11:32 74,192 ----a-w C:\Documents and Settings\adam\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 11:43 74,192 ----a-w C:\Documents and Settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2003-07-15 15:33 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-29 12:00 520,192 ----a-w C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
2002-08-23 15:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 17:44 185896]
"ujstpa"="c:\windows\system32\sluixbb.exe" [2007-04-04 20:28 83456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45920:TCP"= 45920:TCP:TCP
"48623:UDP"= 48623:UDP:out
"4662:TCP"= 4662:TCP:a
"4672:UDP"= 4672:UDP:4672
"46403:TCP"= 46403:TCP:46403
"46403:UDP"= 46403:UDP:46403
"47058:TCP"= 47058:TCP:limewire in
"47058:UDP"= 47058:UDP:limewire out

R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2003-07-11 01:54]
S2 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys [2003-07-06 21:11]
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 03:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 00:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2005-03-14 20:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 20:11]

.
Contents of the 'Scheduled Tasks' folder
"2005-04-05 09:26:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jenny.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-07 20:34:40 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-25 16:45:00 C:\WINDOWS\Tasks\PcbugDoctorJenny.job"
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe
"2008-02-26 17:27:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:46:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\System32\Msvrl.dll
.
Completion time: 2008-02-27 12:50:05
ComboFix-quarantined-files.txt 2008-02-27 12:49:35
.
2008-02-13 16:58:02 --- E O F ---


HJK this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:47, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\hpmpup.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bncbaw] c:\windows\system32\hpmpup.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5333 bytes

craiggale
Newbie Poster
13 posts since Feb 2008
Reputation Points: 10
Solved Threads: 0
 
4 Years Ago
0
thanks alot for the help, as you can probably tell i don't use this comp very much and the problems have just accumulated. The problem with internet explorer seems to be resolved, however i now have a message popping up before i log in saying that my version of windows is not genuine. ne help would gain be appretiated.


Do you have a valid product key for Windows? There are ways to deal with the nag screens, but I doubt forum policy would let me post them....

There remains some malware to be removed, but I'd like to hear from you that your Copy of Windows is legit or that you bought your computer with that assumption before continuing.

Cheers :)
PP

PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
 
4 Years Ago
0

yeh it is a legit copy of windows. when i try to run the validation process an error message comes up saying script error. The article on the microsoft website has been removed which doesn't help much. I have my product i.d number. I can't seem to find the windows disk but i got the number from inside windows.

craiggale
Newbie Poster
13 posts since Feb 2008
Reputation Points: 10
Solved Threads: 0
 
4 Years Ago
0
yeh it is a legit copy of windows. when i try to run the validation process an error message comes up saying script error. The article on the microsoft website has been removed which doesn't help much.


I am not sure I can help much with validation issues - that process is still fairly new. I doubt I could tell you any more than what is in the Microsoft Knowledge Base. If I am not mistaken, I do think there is a fix if you can provide them the key.As far as cleaning the compy goes....

Let’s continue on by doing the following:
-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into/over ComboFix.exe

-- Let Combofix run as before and post me that log.

THEN:
Download ATF-Cleaner.exe by Atribune to your Desktop.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK > EXIT


NEXT:
Open Hijackthis.
Click the Open the Misc Tools section Button.
Click the Open Uninstall Manager Button.
Click the Save list... Button.
Save that list to your desktop and submit that for me.

LASTLY:
Run a fresh HJT scan and submit that log along with the others and we’ll go from there.

Cheers :)
PP

PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
 
4 Years Ago
0

combofix log:

ComboFix 08-02-25.3 - Jenny 2008-02-29 14:13:53.3 - NTFSx86
Running from: C:\Documents and Settings\Jenny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jenny\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys
C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\Msvrl.dll
c:\windows\system32\sluixbb.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-27 14:19 . 2008-02-27 14:19 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-27 14:19 . 2008-02-29 13:31 d-------- C:\Documents and Settings\Jenny\Application Data\AVG7
2008-02-27 14:18 . 2008-02-27 14:18 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-27 14:18 . 2008-02-28 11:28 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-26 17:46 . 2008-02-26 17:46 d-------- C:\Program Files\Common Files\xing shared
2008-02-25 16:42 . 2008-02-25 16:42 d-------- C:\Program Files\AsmwSoft
2008-02-25 16:42 . 1998-01-31 13:25 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2008-02-25 16:42 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-25 16:42 . 2004-05-27 01:32 102,400 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-02-25 16:42 . 1999-04-25 09:37 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2008-02-25 12:01 . 2002-08-29 12:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt
2008-02-14 22:51 . 2008-02-14 22:51 d-------- C:\Park
2008-02-14 21:03 . 2008-02-15 21:16 d-------- C:\Program Files\DOSBox-0.65
2008-02-14 20:21 . 2008-02-14 20:40 d-------- C:\Program Files\BitLord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:46 --------- d-----w C:\Program Files\Real
2008-02-26 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-26 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-26 17:45 --------- d-----w C:\Program Files\Common Files\Real
2008-02-26 16:58 --------- d-----w C:\Program Files\Google
2008-02-26 11:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 16:50 28,218 ----a-w C:\Documents and Settings\adam\Application Data\wklnhst.dat
2008-01-17 14:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-01-17 14:07 --------- d-----w C:\Program Files\Xerox One Touch
2008-01-15 00:09 38,656 ----a-w C:\Documents and Settings\Jenny\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-07-26 11:32 74,192 ----a-w C:\Documents and Settings\adam\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 11:43 74,192 ----a-w C:\Documents and Settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2003-07-15 15:33 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-23 15:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Park ----

2008-02-15 21:54 304668 --a------ C:\Park\SAVE\CRAIG.G0
2008-02-15 21:51 304668 --a------ C:\Park\SAVE\CRAIG.GY
2008-02-15 13:52 141 --a------ C:\Park\SAVE\CRAIG.GD
2006-07-25 21:05 304668 --a------ C:\Park\SAVE\JAREK.GY
2006-07-25 21:04 141 --a------ C:\Park\SAVE\JAREK.GD
2006-07-24 18:33 304668 --a------ C:\Park\SAVE\BLEEE.GY
2006-07-24 18:31 141 --a------ C:\Park\SAVE\BLEEE.GD
2004-08-14 04:04 50 --a------ C:\Park\SNDSETUP.INF
1994-06-17 14:34 30912 --a------ C:\Park\DATA\LANG0-0.DAT
1994-06-14 09:58 841223 --a------ C:\Park\TP.EXE
1994-06-14 08:02 90758 --a------ C:\Park\SETUP.EXE
1994-06-14 05:54 33895 --a------ C:\Park\DATA\LANG3-0.DAT
1994-06-13 12:08 35245 --a------ C:\Park\DATA\LANG4-0.DAT
1994-06-13 12:08 30531 --a------ C:\Park\DATA\LANG2-0.DAT
1994-06-13 12:07 36592 --a------ C:\Park\DATA\LANG1-0.DAT
1994-06-11 14:38 64000 --a------ C:\Park\DATA\MSTATE-0.DAT
1994-06-11 09:43 987204 --a------ C:\Park\DATA\RIDEANI.026
1994-06-11 09:16 6994068 --a------ C:\Park\DATA\RIDEANI.009
1994-06-10 15:47 5836494 --a------ C:\Park\DATA\RIDEANI.012
1994-06-10 15:21 7429352 --a------ C:\Park\DATA\RIDEANI.002
1994-06-10 14:47 2512644 --a------ C:\Park\DATA\RIDEANI.003
1994-06-10 14:33 6782968 --a------ C:\Park\DATA\RIDEANI.000
1994-06-10 13:23 2771272 --a------ C:\Park\DATA\RIDEANI.013
1994-06-10 11:31 736 --a------ C:\Park\DATA\MUSIC0-1.TAB
1994-06-10 11:31 736 --a------ C:\Park\DATA\MUSIC0-0.TAB
1994-06-10 11:31 107424 --a------ C:\Park\DATA\MUSIC0-0.DAT
1994-06-10 11:31 103888 --a------ C:\Park\DATA\MUSIC0-1.DAT
1994-06-10 10:49 736 --a------ C:\Park\DATA\MUSIC0-2.TAB
1994-06-10 10:49 108976 --a------ C:\Park\DATA\MUSIC0-2.DAT
1994-06-10 10:11 2225274 --a------ C:\Park\DATA\WINGAME.DAT
1994-06-06 14:29 304668 --a------ C:\Park\SAVE\DEMO.GY
1994-06-03 16:23 989499 --a------ C:\Park\DATA\MSPR-0.DAT
1994-06-03 16:23 19806 --a------ C:\Park\DATA\MSPR-0.TAB
1994-06-03 16:22 74120 --a------ C:\Park\DATA\MELE-0.ANI
1994-06-03 16:22 45640 --a------ C:\Park\DATA\MFRA-0.ANI
1994-06-03 16:22 246187 --a------ C:\Park\DATA\MEDIT-0.ANI
1994-06-03 16:22 1388 --a------ C:\Park\DATA\MSTA-0.ANI
1994-06-03 15:25 96988 --a------ C:\Park\DATA\HPANEL-0.DAT
1994-06-03 15:25 8 --a------ C:\Park\DATA\MREQ-0.INF
1994-06-03 15:25 768 --a------ C:\Park\DATA\MPALETTE.DAT
1994-06-03 15:25 504 --a------ C:\Park\DATA\MPANEL-0.TAB
1994-06-03 15:25 504 --a------ C:\Park\DATA\HPANEL-0.TAB
1994-06-03 15:25 3421 --a------ C:\Park\DATA\MPOINTER.DAT
1994-06-03 15:25 27149 --a------ C:\Park\DATA\MREQ-0.DAT
1994-06-03 15:25 26522 --a------ C:\Park\DATA\MPANEL-0.DAT
1994-06-03 15:25 1554 --a------ C:\Park\DATA\MREQ-0.TAB
1994-06-03 15:25 1464 --a------ C:\Park\DATA\MBLK-0.TAB
1994-06-03 15:25 126 --a------ C:\Park\DATA\MPOINTER.TAB
1994-06-03 15:25 112 --a------ C:\Park\DATA\MSPR-0.INF
1994-06-03 15:25 104623 --a------ C:\Park\DATA\MBLK-0.DAT
1994-06-03 15:24 8441 --a------ C:\Park\DATA\MRSSPR-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MSTPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MSTAP-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MRSPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MNGPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MGLPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MAWPAL-0.DAT
1994-06-03 15:24 7411 --a------ C:\Park\DATA\MSTSPR-0.DAT
1994-06-03 15:24 66 --a------ C:\Park\DATA\MPLAY-0.TAB
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MSTOCK-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MSHARE-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MRES-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MNEG-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMENU-1.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMENU-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMAP-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MGLOBE-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAWAR1-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAWAR0-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAUCT-0.DAT
1994-06-03 15:24 4999 --a------ C:\Park\DATA\MPLAY-0.DAT
1994-06-03 15:24 360 --a------ C:\Park\DATA\MHAND-0.TAB
1994-06-03 15:24 23781 --a------ C:\Park\DATA\MCUP-0.DAT
1994-06-03 15:24 21842 --a------ C:\Park\DATA\MAUSPR-0.DAT
1994-06-03 15:24 180 --a------ C:\Park\DATA\MSTSPR-0.TAB
1994-06-03 15:24 168 --a------ C:\Park\DATA\MCUP-0.TAB
1994-06-03 15:24 156 --a------ C:\Park\DATA\MRSSPR-0.TAB
1994-06-03 15:24 119573 --a------ C:\Park\DATA\MHAND-0.DAT
1994-06-03 15:24 102 --a------ C:\Park\DATA\MAUSPR-0.TAB
1994-06-03 10:57 131920 --a------ C:\Park\DATA\MSTAPAL-.DAT
1994-06-02 15:02 630 --a------ C:\Park\DATA\MFONT-0.TAB
1994-06-02 15:02 12472 --a------ C:\Park\DATA\MFONT-0.DAT
1994-06-02 09:21 2617 --a------ C:\Park\HMIMDRV.386
1994-06-02 05:48 74120 --a------ C:\Park\DATA\MSELE-0.ANI
1994-06-01 07:27 42061 --a------ C:\Park\HMIDET.386
1994-06-01 07:18 186165 --a------ C:\Park\HMIDRV.386
1994-05-31 17:00 265396 --a------ C:\Park\DOS4GW.EXE
1994-05-23 07:17 625472 --a------ C:\Park\DATA\SNDS0-0.DAT
1994-05-23 07:17 622624 --a------ C:\Park\DATA\SNDS1-0.DAT
1994-05-23 07:17 1568 --a------ C:\Park\DATA\SNDS0-0.TAB
1994-05-23 07:17 1312 --a------ C:\Park\DATA\SNDS1-1.TAB
1994-05-23 07:17 1312 --a------ C:\Park\DATA\SNDS1-0.TAB
1994-05-23 07:17 1276560 --a------ C:\Park\DATA\SNDS1-1.DAT
1994-05-23 07:16 5056960 --a------ C:\Park\DATA\SNDS0-2.DAT
1994-05-23 07:16 5031488 --a------ C:\Park\DATA\SNDS1-2.DAT
1994-05-23 07:16 1568 --a------ C:\Park\DATA\SNDS0-2.TAB
1994-05-23 07:16 1568 --a------ C:\Park\DATA\SNDS0-1.TAB
1994-05-23 07:16 1312 --a------ C:\Park\DATA\SNDS1-2.TAB
1994-05-23 07:16 1282560 --a------ C:\Park\DATA\SNDS0-1.DAT
1994-05-16 13:43 9584 --a------ C:\Park\DATA\INTIT.DAT
1994-05-14 14:03 768 --a------ C:\Park\DATA\TAKPAL.DAT
1994-05-14 14:03 768 --a------ C:\Park\DATA\BUSPAL.DAT
1994-05-14 14:03 64034 --a------ C:\Park\DATA\TAKOVER.DAT
1994-05-14 14:03 64033 --a------ C:\Park\DATA\BUSTED.DAT
1994-05-14 14:03 200996 --a------ C:\Park\DATA\TAKOVER.ANM
1994-05-14 14:03 112582 --a------ C:\Park\DATA\BUSTED.ANM
1994-04-20 07:12 5404 --a------ C:\Park\DATA\INST.BNK
1994-04-20 07:12 5404 --a------ C:\Park\DATA\DRUM.BNK
1994-04-18 09:05 25536 --a------ C:\Park\DATA\MUSIC1-2.DAT
1994-04-18 09:05 192 --a------ C:\Park\DATA\MUSIC1-2.TAB
1994-04-18 08:24 45640 --a------ C:\Park\DATA\MDFRA-0.ANI
1994-04-18 08:24 246187 --a------ C:\Park\DATA\MDEDIT-0.ANI
1994-04-18 08:24 19580 --a------ C:\Park\DATA\MDELE-0.ANI
1994-04-18 08:24 1372 --a------ C:\Park\DATA\MDSTA-0.ANI
1994-04-15 08:41 26128 --a------ C:\Park\DATA\MUSIC1-0.DAT
1994-04-15 08:41 192 --a------ C:\Park\DATA\MUSIC1-0.TAB
1994-04-11 07:57 25760 --a------ C:\Park\DATA\MUSIC1-1.DAT
1994-04-11 07:57 192 --a------ C:\Park\DATA\MUSIC1-1.TAB
1994-03-30 05:56 722 --a------ C:\Park\DATA\INPAL.DAT
1994-03-30 05:56 334 --a------ C:\Park\DATA\MUSFRA.ANI
1994-03-30 05:56 2800 --a------ C:\Park\DATA\MUS.DAT
1994-03-30 05:56 262 --a------ C:\Park\DATA\MUS.TAB
1994-03-30 05:56 169 --a------ C:\Park\DATA\MUSELE.ANI
1994-03-04 07:09 64000 --a------ C:\Park\DATA\MIDLAND.DAT
1994-01-20 11:19 10 --a------ C:\Park\DATA\MUSSTA.ANI


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 17:44 185896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-27 14:18 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-27 14:18 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45920:TCP"= 45920:TCP:TCP
"48623:UDP"= 48623:UDP:out
"4662:TCP"= 4662:TCP:a
"4672:UDP"= 4672:UDP:4672
"46403:TCP"= 46403:TCP:46403
"46403:UDP"= 46403:UDP:46403
"47058:TCP"= 47058:TCP:limewire in
"47058:UDP"= 47058:UDP:limewire out

R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2003-07-11 01:54]
S2 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys []
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 03:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 00:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2005-03-14 20:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 20:11]

.
Contents of the 'Scheduled Tasks' folder
"2005-04-05 09:26:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jenny.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-07 20:34:40 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-25 16:45:00 C:\WINDOWS\Tasks\PcbugDoctorJenny.job"
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe
"2008-02-26 17:27:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 14:21:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-29 14:24:23
ComboFix-quarantined-files.txt 2008-02-29 14:23:51
ComboFix2.txt 2008-02-27 12:50:06
.
2008-02-13 16:58:02 --- E O F ---


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:34, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6264 bytes

Attachments uninstall_list.txt (8.16KB)
craiggale
Newbie Poster
13 posts since Feb 2008
Reputation Points: 10
Solved Threads: 0
 
4 Years Ago
0

thanks alot for your help so far PhilliePhan. My computer now seems alot quicker. However a few more issues have surfaced which i hope you will be able to help with. Programs such as firefox and windows meesenger are no longer able to access the internet. I know this seems like a firewall problem but i have tried turning both my firewalls off and the problem has still persisted. Also on internet explorer i am unable to view secure sites. Niether of these were an issue before. thanks again for your help.

craiggale
Newbie Poster
13 posts since Feb 2008
Reputation Points: 10
Solved Threads: 0
 
4 Years Ago
0
thanks alot for your help so far PhilliePhan. My computer now seems alot quicker.

Happy to try to help :)Programs such as firefox and windows meesenger are no longer able to access the internet. I was worried about connectivity problems when removing msvrl.dll, hence the use of LSPFix. If you want, you can try running LSPFix again and just click the "Finish" button. But, I doubt this is the problem. -- I do not even see Firefox installed on this machine. You probably need to re-install it properly.



I know this seems like a firewall problem but i have tried turning both my firewalls off and the problem has still persisted.

How many firewalls are you running? You should run only ONE software firewall. Running a software firewall along with a hardware firewall is OK.-- I see that you have just installed AVG Anti-virus along with the existing Norton. This is a bad idea and could very well cause major conflict issues. You need to UNINSTALL one of them! It would be best to wait until we finish before adding any new software. Even Firefox as noted above.



Also on internet explorer i am unable to view secure sites. Niether of these were an issue before. thanks again for your help.

IE7 is a PITA with regard to its Security Settings. The problem may lie there, though it is more likely to be with the 2 anti-virus apps....

-- Also, you need to be careful with the torrent and P2P stuff - good way to get infested.
ANYHOO, lets continue on. We still have a bunch to do. Once we finish with the cleaning, you can reinstall Firefox and we'll try to work out any remaining problems.


FIRST-
Go into Add/Remove Programs and REMOVE the following:

Java 2 Runtime Environment, SE v1.4.2_07
LimeWire 4.12.10
Messenger Plus! 3 & Sponsor --> If you must reinstall this, do it later and WITHOUT the malware "Sponsor"
Need2Find Bar
PCBugDoctor version 1.0.0.4
Peer Points Manager
Search Relevancy
The Best Offers
WebRebates (by TopRebates.com)

THEN:
Run HijackThis and open the Misc Tools section and select Delete an NT service and follow the instructions to enter and remove System Startup Service (SvcProc)

ALSO-
Have HijackThis "FIX" the following entries:
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

NEXT:
Go here and update your Java --> http://www.java.com/en/

LASTLY:
Please run http://www.eset.com/onlinescan/
-- You will need to temporarily disable your current Anti-virus program.
-- Make sure that the option Remove found threats is Unchecked, and the option Scan unwanted applications is checked.
-- Remember to Re-enable your Resident Anti-virus program after the scan has finished.
-- A logfile ought to be found at C:\\Program Files\\EsetOnlineScanner\\log.txt.
Please post that for me.
I would also like to see a fresh HJT Log from after all of the above has been completed.

And, we'll go from there. Keep me updated on any problems that arise.

Cheers :)
PP

PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
 
4 Years Ago
0

The following threats were found by the online scan. There was no log so i'll just copy the rusults:

win32/adware.404search application
C:\programfiles\INSTARFINK\instrafink.dll

win32/adware.Toolbar.MyWebSearch application
C;\programfiles\uninstallneed2findbar.dll

win32/adware.altnet application
C:\docuentsandsettings\jenny\localsettings\temp\_unin_.exe

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:57, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6114 bytes

craiggale
Newbie Poster
13 posts since Feb 2008
Reputation Points: 10
Solved Threads: 0
 
4 Years Ago
0

You ought to be able to delete this folder manually: C:\programfiles\INSTARFINK
-- Then, run ATF Cleaner again.


I still see AVG7 and Norton present. You should select the one you want to keep and remove the other. Multiple AV apps often come into conflict with each other which can both slow performance and hinder their ability to protect you.
-- Also, please note that Norton can be extremely difficult to remove and if you choose to uninstall it you may need to visit the Norton site for special tools and instructions.


* I will be away from the computer over the weekend. Will check back on Monday!

Cheers :)
PP

PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
 
4 Years Ago
0

sorry, I've been busy the last few days and havn't had a chance to come onto this comp. i have uninstalled Norton as i found it wasn't allowing internet acsses to anything other than internet explorer and it also wasn't letting me view any secure sites. I was unable to change any settings as it was saying i wasn't the administrator for it and i read on the internet that a few other people have had the same problem so i decided to get rid. I still have the disk if i need to reinstall at a later date. I have turned on my windows xp firewall temporarily and there is also a firewall in my router which at the moment is unconfigured. Do you recommend i purchase a new firewall or will i be safe enough the with xp and router firewall?

craiggale
Newbie Poster
13 posts since Feb 2008
Reputation Points: 10
Solved Threads: 0
 
4 Years Ago
0
Do you recommend i purchase a new firewall or will i be safe enough the with xp and router firewall?

Actually neither :)

I would suggest one of the FREE software firewall options in my linky below: PROTECT YOURSELF FROM MALWARE: Tools & Tips

Generally, you are pretty safe behind your router's hardware firewall. However, in addition to other advantages and features, a good bi-directional software firewall (unlike Windows Firewall) will monitor both incoming and outgoing traffic and alert you when some malware tries to "phone home." PCTools, ZoneAlarm or Agnitum are all pretty decent choices for free options and are a definite step up from the Windows Firewall in XP.

Cheers :)
PP

PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed