0

Hello,

I have been unable to view any webpages for more than a week. The connection seems to be fine, I just get this error for every page I try to view. (Whether I'm using wireless or plugged directly into the router.) I had a friend take a look at my computer, and his opinion is that I have some kind of virus or trojan. I am desperately hoping one of the computer geniuses on this site can help me.

I would be eternally grateful if someone could take a look and tell me if there is something horrible hiding on my machine (and what to do to fix it). Thanks in advance!

- ERE

Here is the Hijack This log that I copied over from my computer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:03 PM, on 2/23/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\S3Tray2.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\AEIWLSTA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Rachel\My Documents\Save My Computer\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS_ZN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://harpo-notes1.harpo.com/iNotes6W.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\Rachel\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9750 bytes

5
Contributors
52
Replies
53
Views
9 Years
Discussion Span
Last Post by jholland1964
0

Hi ere8 and welcome to DaniWeb

From Control Panel > Add/Remove programs uninstall the following (if they still exist)

Viewpoint
Viewpoint Manager
Viewpoint Media Player


------------------------------------

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

If your not sure how to disable them then double-check against the list found >>>HERE<<< This list is not all inclusive, if your programs are not listed and you are unsure then please ask before continuing.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

0

Thank you so much for your help! I really appreciate it. I did the two things you recommended, and got the logs that you requested. (In case it matters for your analysis, I downloaded two new programs since you looked at the first HJT log - a free DVD writing software that I used to back up all my data, since I didn't know what would happen when I started running virus scans, and AVG Antispyware.)

I am still unable to connect to the internet from my laptop at home.

Here are the logs:

Combofix:

ComboFix 08-02-24.4 - Rachel 2008-02-24 15:20:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.630 [GMT -6:00]
Running from: C:\Documents and Settings\Rachel\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rachel\Start Menu\Programs\ucmore - the search accelerator
C:\mte3ndi6odoxng.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CheckersAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\ChessAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\NoSettingAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\ReversiAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\0006B8E9
C:\Program Files\MyWebSearch\bar\Cache\0007065D
C:\Program Files\MyWebSearch\bar\Cache\0007D883.bin
C:\Program Files\MyWebSearch\bar\Cache\0007DA45.bin
C:\Program Files\MyWebSearch\bar\Cache\0007DC62.bin
C:\Program Files\MyWebSearch\bar\Cache\0007DD3F.bin
C:\Program Files\MyWebSearch\bar\Cache\001768C1
C:\Program Files\MyWebSearch\bar\Cache\00191286
C:\Program Files\MyWebSearch\bar\Cache\010AF85E.bin
C:\Program Files\MyWebSearch\bar\Cache\010AF926.bin
C:\Program Files\MyWebSearch\bar\Cache\02A2510E.bin
C:\Program Files\MyWebSearch\bar\Cache\02A251FF.bin
C:\Program Files\MyWebSearch\bar\Cache\02A252BD.bin
C:\Program Files\MyWebSearch\bar\Cache\02A2535D.bin
C:\Program Files\MyWebSearch\bar\Cache\02AF4509.bin
C:\Program Files\MyWebSearch\bar\Cache\02AF463F.bin
C:\Program Files\MyWebSearch\bar\Cache\0F3D5BEB
C:\Program Files\MyWebSearch\bar\Cache\2ED637F7
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\Seekmo Programs
C:\rdfx4.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\icon_mediamotor.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-23 18:41 . 2008-02-23 18:41 <DIR> d-------- C:\WINDOWS\system32\temp
2008-02-23 18:36 . 2008-02-23 18:36 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2008-02-23 18:36 . 2008-02-24 10:29 <DIR> d-------- C:\Program Files\Burn4Free
2008-02-23 18:36 . 2008-02-23 18:36 232,046 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6249.exe
2008-02-23 16:42 . 2008-02-23 16:42 <DIR> d-------- C:\Documents and Settings\Rachel\Application Data\Grisoft
2008-02-23 16:41 . 2008-02-23 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-23 16:41 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\Program Files\alot
2008-02-09 22:08 . 2008-02-09 22:10 <DIR> d-------- C:\Documents and Settings\Rachel\Application Data\alot
2008-02-02 12:25 . 2008-02-02 12:25 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 21:12 --------- d-----w C:\Documents and Settings\Rachel\Application Data\OpenOffice.org2
2008-02-24 21:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 20:00 --------- d-----w C:\Program Files\Viewpoint
2008-02-24 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-22 01:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-17 19:06 --------- d-----w C:\Documents and Settings\Rachel\Application Data\MSN6
2008-01-24 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 02:38 --------- d-----w C:\Program Files\Lavasoft
2008-01-24 02:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 02:11 --------- d-----w C:\Program Files\Java
2008-01-24 02:09 --------- d-----w C:\Program Files\Common Files\Java
2007-12-29 05:21 --------- d-----w C:\Documents and Settings\Rachel\Application Data\U3
2007-12-25 16:48 --------- d-----w C:\Documents and Settings\Rachel\Application Data\OLYMPUS
2007-12-25 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 16:43 --------- d-----w C:\Program Files\OLYMPUS
2007-12-25 16:41 --------- d-----w C:\Program Files\PIXELA
2007-12-19 01:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

------- Sigcheck -------

6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\wininet.dll
-c----w 585,216 2004-01-08 23:23:38 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
-c----w 593,920 2001-08-18 13:00:00 C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
----a-w 656,384 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
----a-w 585,216 2004-01-08 23:23:38 C:\WINDOWS\system32\wininet.dll
----a-w 585,216 2004-01-08 23:23:38 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}]
2007-08-10 15:38 551208 --a------ C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-02-23 18:36 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C4069E3A-68F1-403E-B40E-20066696354B}
{8E718888-423F-11D2-876E-00A0C9082467}
{8260C2B8-E0D1-448A-B062-33D12D468BF0}
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}

[HKEY_CLASSES_ROOT\clsid\{8260c2b8-e0d1-448a-b062-33d12d468bf0}]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2008-02-23 18:36 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 09:14 1077277]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08 67160]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTSMMSG"="LTSMMSG.exe" [2001-08-02 17:28 45056 C:\WINDOWS\LTSMMSG.exe]
"S3TRAY2"="S3Tray2.exe" [2001-11-12 04:31 69632 C:\WINDOWS\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [2001-09-14 05:03 176128 C:\WINDOWS\system32\tp4serv.exe]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2001-09-03 03:22 46592]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2001-09-03 03:22 56320]
"TP4EX"="tp4ex.exe" [2001-07-05 03:02 40960 C:\WINDOWS\system32\TP4EX.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2001-07-09 18:19 69632]
"UC_SMB"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-11-08 17:58 323216]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [2007-12-19 15:18 4345856]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AEIWLSTA.EXE"="AEIWLSTA.EXE" [2001-09-28 10:47 213376 C:\WINDOWS\system32\AEIWLSTA.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 19:01:20 61440]

R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys [2007-05-16 11:42]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2001-07-30 03:05]
R1 TPPWR;TPPWR;C:\WINDOWS\System32\drivers\Tppwr.sys [2001-09-03 03:22]
R2 V7;V7;C:\WINDOWS\system32\Drivers\V7.SYS [2000-03-09 20:24]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;C:\WINDOWS\System32\DRIVERS\AEIWLNDS.sys [2001-09-28 10:36]
R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-08-02 17:28]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\System32\DRIVERS\tp4track.sys [2001-09-14 05:03]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys [2001-08-17 14:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 20:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 21:24:50 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\Bmmtask.exe
"2008-02-23 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Rachel.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 15:23:58
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 15:25:49
ComboFix-quarantined-files.txt 2008-02-24 21:25:33
.
2008-02-15 00:56:09 --- E O F ---

----------------------------------------------------------------

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:46 PM, on 2/24/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\S3Tray2.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\AEIWLSTA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Rachel\My Documents\Save My Computer\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS_ZN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://harpo-notes1.harpo.com/iNotes6W.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\Rachel\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9429 bytes

Thanks again!

ERE

0

Hi ere

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...uzeb004YYUS_ZN
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mkMSITStore:C:\DOCUME~1\Rachel\LOCALS~1\Temp\mma.chm::/joysavsht.cab

Remember to close all other windows and click Fix Checked

----------------------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:




Folder::
C:\Program Files\alot
C:\Documents and Settings\Rachel\Application Data\alot
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
Registry::
[-HKEY_CLASSES_ROOT\clsid\{8260c2b8-e0d1-448a-b062-33d12d468bf0}]


Save this asCFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at"C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

----------------------------------------

If ComboFix did not reboot the pc please do so manually now.

Go to Start > Run > type: cmd
A command prompt window will appear.
Type
netsh winsock reset

Press Enter.
Reboot your computer.

Now lets flush your DNS Cache:
Go to Start > Run > type cmd
Type
ipconfig /flushdns

Press Enter

----------------------------------------

If you can connect now please do the remaining steps. If not skip them and let me know

Upload this file C:\WINDOWS\system32\wininet.dll to http://virusscan.jotti.org/ and submit it. Wait for the analysis and post it here

----------------------------------------

please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.

**Note** If you're having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/download/5/4/f/54f8bcf8-bb4d-4613-8ee7-db69d01735ed/xpsp1a_en_x86.exe


Thank you for your cooperation.

----------------------------------------
Required Logs

c:\ComboFix.txt
Jotti results
a new HijackThis log << taken after updating to SP1a if possible

Attachments CFScript.gif 27.09 KB
0

Hello,

Thanks again for all the help. I followed your last set of directions, and it all went smoothly up until this part:

Go to Start > Run > type: cmd
A command prompt window will appear.
Type
netsh winsock reset


When I typed "netsh winsock reset" in the window, this was the response I got:

The following helper DLL cannot be loaded: FWCFG.DLL

The following command was not found: winsock reset

I then went ahead to the next step and flushed my DNS cache, but I still cannot connect to the internet.

Please advise - thank you!

- Rachel

0

When I typed "netsh winsock reset" in the window, this was the response I got:

The following helper DLL cannot be loaded: FWCFG.DLL

The following command was not found: winsock reset

This is because you do not have SP2 installed yet.

However, as MoralTerror mentioned, you MUST NOT install SP2 until you are given the "all clean..."

So, I would suggest that you Download and run the following:
http://www.spychecker.com/program/winsockxpfix.html

You can put it on Disc/Floppy/Flash Drive - whatever you have to get it to the ill computer....

-- Try that and then wait for further steps.

Best Luck :)
PP

0

-- Try that and then wait for further steps.

I probably should have added for you to let us know if that restored your Internet connectivity or if we need to try something else... Did that do the trick?

PP :)

0

Hello,

I downloaded the program you recommended, and unfortunately it did not restore my internet connection.

I greatly appreciate all the help I've been getting here at this website, but I'm starting to feel like I might just be wasting your time. If we keep trying different things and nothing works, I'll feel terrible about wasting all of your time and effort on this deadend project.

At what point should I just consider wiping my entire system and reinstalling windows? I still have my Windows XP (SP1) CD, and all of my data (including crucial programs) is backed up. My only concern is that I backed up my data AFTER all these problems started happening, so I'm worried that I may have transferred viruses or trojans or whatever nasties are causing these issues onto the DVDs along with my data - so would it just be an exercise in futility? Would I reinfect my machine all over again when I transfered the data back to the harddrive? Or is there a possibility that the data on the DVDs could be corrupted and I could lose it entirely if I wiped my system? (I've scanned the discs with the Norton virus scanner at the local internet cafe and they seem to be clean, but I'm not exactly altogether trusting of Norton, considering I'm diligent about running scans and my computer still got infected anyway.)

Thanks again for all of your help (both of you).

- ERE

0

Hi ere

Try booting to 'Safe mode with networking' (by repeatedly tapping the F8 key until the menu appears). See if you can connect from there. Don't hang around there to surf boot back to normal mode. Can you connect from safe mode?

0

EDIT PP: Looks like MoralTerror beat me to the punch. You guys can ignore this post if you like. I'll leave it up in the event you want to try my suggestion.

I downloaded the program you recommended, and unfortunately it did not restore my internet connection.
I greatly appreciate all the help I've been getting here at this website, but I'm starting to feel like I might just be wasting your time. If we keep trying different things and nothing works, I'll feel terrible about wasting all of your time and effort on this deadend project.

No worries there! I am happy to volunteer my free time to help you.
-- My main concern is that I don't step on MoralTerror's toes any more than I already have. Too many cooks spoil the broth, as they say....

I will say that your connectivity problems may not be due to malware and that there are a few more things we can try, if you are up to it. Obviously, it can be a hassle to work with no Internet available for the ill compy....
Here is a diagnostic step that might help isolate the problem:

-- Type the following bold text to notepad exactly as it is written and save it to the DeskTop as TEST.bat. Or, you could copy&paste to notepad, save as directed, and then transfer Test.bat to the ill compy.

if exist %systemdrive%\look.txt del %systemdrive%\look.txt
ping www.google.com >> %systemdrive%\look.txt
notepad %systemdrive%\look.txt
del /q %systemdrive%\look.txt

-- DoubleClick on Test.bat and a log will pop up in notepad. Save and submit that for us.

At what point should I just consider wiping my entire system and reinstalling windows?

I think that would be a bit drastic at this time. I do understand,though, that forum messaging is not the most expedient way to fix a problem...

My only concern is that I backed up my data AFTER all these problems started happening, so I'm worried that I may have transferred viruses or trojans or whatever nasties are causing these issues onto the DVDs along with my data - so would it just be an exercise in futility?.....
Thanks again for all of your help (both of you).

We're happy to try to help :)

-- It depends on the nature of the saved data. Obviously, there is the chance for reinfection and I cannot comment with any certainty. But, if the data is stuff you downloaded from the Internet, the chances for reinfection are higher than if it is material you created yourself and uploaded to the machine (family pictures, word documents, work product, etc...)

Go ahead and ping Google as I suggested above and let us know the result.
Outside of this,I do want to stay out of MoralTerror's way, though. We may not be thinking along the same lines and it could be confusing.

Best Luck :)
PP

0

Hi PhilliePhan,


Since the log is short I will type what it says and send from my handheld...

(in bold )

Pinging www.1.google.com [64.233.167.99] with 32 bytes of data:

Reply from 64.233.167.99: bytes=32 time=15ms TTL=245

0

I am having issues:

Here is the log in its entirety:

Pinging www.1.google.com [64.233.167.99] with 32 bytes of data:

Reply from 64.233.167.99: bytes=32 time=15ms TTL=245
Reply from 64.233.167.99: bytes=32 time=18ms TTL=245
Reply from 64.233.167.99: bytes=32 time=14ms TTL=245
Reply from 64.233.167.99: bytes=32 time=16ms TTL=245

Ping statistics for 64.233.167.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 18ms, Average = 15ms
There we go, finally.

Thanks again for all your help!

- Rachel

0

Hi Moral Terror,

I could not get a menu by pressing F8 - I did so continuously for several minutes with no result. I will reboot and try again, and see if it makes any difference. Thanks!

0

@ PhilliePhan I suspect my toes will be fine, I have small feet :icon_lol:

Good to know! :)

Here is the log in its entirety:

Pinging www.1.google.com [64.233.167.99] with 32 bytes of data:
Reply from 64.233.167.99: bytes=32 time=16ms TTL=245
Ping statistics for 64.233.167.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Hi Rachel,

That looks OK.
We are leaning toward this being an issue with IE security settings/firewall setting or Norton.
-- Can you remember making any changes to the compy around the time the problem started? Like, say . . . Updating Norton AV?

-- Have you tried an alternate browser such as Firefox? You might want to try that and see if you have the same problem.

-- And, of course, see if you can connect in Safe Mode as per MoralTerror's post.

PP :)

0

Thanks, guys!

I will try booting up in safe mode when I get home tonight and see what happens. I will also try Firefox (although I think I deleted Firefox from my computer - I will look for it.) As for changes to the computer, I don't recall making any major changes. I downloaded some software (emusic) one or two days prior, but that's about it. I run virus scans pretty often and update Norton whenever I get a message saying I need to do so, but I don't recall whether I did that around the time my internet connection stopped working.

Thanks so much!

- Rachel

0

Thanks, guys!

I will try booting up in safe mode when I get home tonight and see what happens. I will also try Firefox

You're welcome!

Let us know how the above shakes out - Firefox can be put on a flash drive/disk and installed that way.
This part of the diagnostic process involves a bit of trial and error - much easier if one of us were sitting in front of the computer.

PP :)

0

Hello again :)

I tried rebooting the computer in safe mode w/ networking, and I still wasn't able to connect. It turns out that I removed Firefox from my computer, unfortunately, so I couldn't try that out. I did try a few programs other than IE - the iTunes music store and AIM - and couldn't connect. That's good to know about Firefox - I will download it to my flash drive. I will be out of town from tonight until Sunday, but I will try it as soon as I get home.

Thanks again to you both, and I hope you have a great weekend.

ERE

0

Hi ere

Thank you I hope you have a great weekend too

Download the program HostsXpert

Extract HostsXpert.zip then double-click on HostsXpert.exe, click on the Restore MS Hosts File button and then exit HostsXpert.

Can you connect now?

0

Hi again,

I still cannot connect, unfortunately.

Thanks,
ERE

0

Hi again,
I still cannot connect, unfortunately.
Thanks,
ERE

No luck with Firefox? It would really help to know if it fails as well as IE...

Are you able to use System Restore to restore your compy to a date before you started having problems? Maybe we need to take a step back before we go forward again.

PP :)

0

My apologies - I got Moral Terror's last post when I got back to town, but in the meantime I forgot all about downloading Firefox. I will try to do that sometime today or tomorrow.

When I first called IBM tech support, they had me attempt a system restore. It did not work on my computer. I attempted to restore my computer to about 20 different check points, all the way back in to January - and none of them worked.

I'll let you know what happens with Firefox.

0

Please also tell us if you have a LAN, DSL, cable or dial-up connection

Do you have a router?

0

Cable, and yes I have a router. I've attempted to plug directly into the router, and have been unsuccessful connecting that way as well.

Thanks!

0

I am posting...from my own computer!!

Words cannot express how happy I am right now. I downloaded Firefox, and I'm able to connect that way.
h
Does that mean that the problem is only with internet explorer and not with my computer?

Once again, a million thank yous to both of you for all of your help...

(Off to install my Windows updates.)

-ERE

0

I just tried to install SP1a, per MoralTerror's instruction. I got the following error message:

"Setup has detected that the Service Pack version of the system installed is newer than the update you are applying to it.

You can only install this update on Service Pack 1."

I know you said I should only install SP2 on a completely clean machine...how should I proceed?

Thank you!

-ERE

0

Hi ere

Sorry for the late reply real life has been a bit hectic.

I'm at work just now but if you skip those updates for now and post the new ComboFix.txt, HijackThis log and the Jotti results. I will have to review the previous logs and the new logs to jog my old mind. I will review them when I get home (unless Phil can beforehand)

0

Hi again,

No worries! Your real life should always take priority over my computer - not that I don't deeply appreciate the help and all.

I haven't yet used Jotti during this process. Is this what you're talking about? I would appreciate further instruction on what to do with it. It looks like I'm supposed to upload and scan a file...but what file?

http://virusscan.jotti.org/


Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:47 PM, on 3/6/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\S3Tray2.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\AEIWLSTA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Rachel\My Documents\Save My Computer\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://harpo-notes1.harpo.com/iNotes6W.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8908 bytes


And here is the Combofix log:

ComboFix 08-03-06.2 - Rachel 2008-03-06 21:40:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT -6:00]
Running from: C:\Documents and Settings\Rachel\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\uninsticn.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-06 21:41 . 2008-03-06 21:41 616,448 --ah----- C:\CD Burning Stash File.bin
2008-03-06 18:52 . 2008-03-06 18:52 <DIR> d-------- C:\Documents and Settings\Rachel\Application Data\Talkback
2008-03-04 22:11 . 2008-03-04 22:11 <DIR> d-------- C:\HostsXpert
2008-02-23 18:41 . 2008-02-23 18:41 <DIR> d-------- C:\WINDOWS\system32\temp
2008-02-23 18:36 . 2008-02-23 18:36 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2008-02-23 18:36 . 2008-02-24 18:42 <DIR> d-------- C:\Program Files\Burn4Free
2008-02-23 18:36 . 2008-02-23 18:36 232,046 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_6249.exe
2008-02-23 16:42 . 2008-02-23 16:42 <DIR> d-------- C:\Documents and Settings\Rachel\Application Data\Grisoft
2008-02-23 16:41 . 2008-02-23 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-23 16:41 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\Program Files\eMusic Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 00:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-05 04:24 --------- d-----w C:\Documents and Settings\Rachel\Application Data\OpenOffice.org2
2008-03-05 04:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-17 19:06 --------- d-----w C:\Documents and Settings\Rachel\Application Data\MSN6
2008-01-24 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 02:38 --------- d-----w C:\Program Files\Lavasoft
2008-01-24 02:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 02:11 --------- d-----w C:\Program Files\Java
2008-01-24 02:09 --------- d-----w C:\Program Files\Common Files\Java
2007-12-19 01:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

------- Sigcheck -------

6626545292428ae1ed5b4237404b346a C:\WINDOWS\system32\wininet.dll
-c----w 585,216 2004-01-08 23:23:38 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
-c----w 593,920 2001-08-18 13:00:00 C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
----a-w 656,384 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
----a-w 585,216 2004-01-08 23:23:38 C:\WINDOWS\system32\wininet.dll
----a-w 585,216 2004-01-08 23:23:38 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-02-23 18:36 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-02-23 18:36 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2008-02-23 18:36 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 09:14 1077277]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08 67160]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTSMMSG"="LTSMMSG.exe" [2001-08-02 17:28 45056 C:\WINDOWS\LTSMMSG.exe]
"S3TRAY2"="S3Tray2.exe" [2001-11-12 04:31 69632 C:\WINDOWS\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [2001-09-14 05:03 176128 C:\WINDOWS\system32\tp4serv.exe]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2001-09-03 03:22 46592]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2001-09-03 03:22 56320]
"TP4EX"="tp4ex.exe" [2001-07-05 03:02 40960 C:\WINDOWS\system32\TP4EX.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2001-07-09 18:19 69632]
"UC_SMB"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-11-08 17:58 323216]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [2007-12-19 15:18 4345856]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AEIWLSTA.EXE"="AEIWLSTA.EXE" [2001-09-28 10:47 213376 C:\WINDOWS\system32\AEIWLSTA.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 19:01:20 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys [2007-05-16 11:42]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2001-07-30 03:05]
R1 TPPWR;TPPWR;C:\WINDOWS\System32\drivers\Tppwr.sys [2001-09-03 03:22]
R2 V7;V7;C:\WINDOWS\system32\Drivers\V7.SYS [2000-03-09 20:24]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;C:\WINDOWS\System32\DRIVERS\AEIWLNDS.sys [2001-09-28 10:36]
R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-08-02 17:28]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\System32\DRIVERS\tp4track.sys [2001-09-14 05:03]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys [2001-08-17 14:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 20:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 03:26:06 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\Bmmtask.exe
"2008-02-23 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Rachel.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 21:44:29
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-06 21:45:57
ComboFix-quarantined-files.txt 2008-03-07 03:45:39
ComboFix2.txt 2008-02-26 02:33:29
ComboFix3.txt 2008-02-24 21:25:50
.
2008-02-15 00:56:09 --- E O F ---

Thanks so much!!

- ERE

0

I am posting...from my own computer!!
Does that mean that the problem is only with internet explorer and not with my computer?
Once again, a million thank yous to both of you for all of your help...

Great! Now we're cookin' with gas . . .as they say :)

-- Definitely looks like a problem with IE. It is not playing well with the machine.
I imagine that, once we get you updated properly, we'll give IE7 a look and remove IE6.

I am tied up with work right now and can't look at the new logs - Just wanted to congratulate you on the progress!
Will check back and have a look tomorrow if MT doesn't beat me to it.

PP :)

EDIT: At really quick glance, the logs look OK. Nothing jumping out there. Still, better to wait until one of us has a chance to give a closer look.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.