-1

Hello everyone,

I've been having a major problem while using IE 7. I get redirected to about: blank with every click on hotmail. Even if i manage to longin sometimes, I get redirected once i click on a message to view. Additionally, with Windows Explorer, I get an error message that's trying to make me download some program (plz see the attached image).
I ran Spybot, AD Aware, my AV, and HiJackThis. The log file from the latter is also attached.
Would some please take a look at the attachments and see if s/he can offer any guidance as to how to get rid of these problems.
All help is greatly appreciated.

Attachments Clipboard01.jpg 36.92 KB
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:26 PM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\HACE\Mmm\Mmm.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\SuperCleaner\SuperCleaner.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Process Explorer-v 11.02-FreeWare\procexp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
C:\Program Files\Toggle\ToggleMOUSE\ToggleMouse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.iub.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iub.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=foxprose.exe,C:\WINDOWS\system32\userinit.exe,security.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ????? ???? Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: win32ie.a - {0848225A-8181-42FC-8C68-F0A543B12967} - C:\WINDOWS\system32\sdsheol.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E23136A1-1AC4-4D1B-926F-5D537CFFF359} - C:\WINDOWS\system32\opnnkiiF.dll (file missing)
O2 - BHO: TBSB05137 - {E632D7C7-20EC-4A06-8D6F-259838D16889} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\installed\{5D1BF3AF-E568-47DC-87FA-1D1F7DBBBD1E}\0\mrk's.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\bin\tbcore3U.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\Mmm.exe"
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BusyDude\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: StartupFaster
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Process Explorer.lnk = C:\Program Files\Process Explorer-v 11.02-FreeWare\procexp.exe
O4 - Global Startup: Taskbar Manager.lnk = C:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: ToggleMOUSE.lnk = C:\Program Files\Toggle\ToggleMOUSE\ToggleMouse.exe
O8 - Extra context menu item:  eReference  - C:\Program Files\eRef\Ahd41.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra b
3
Contributors
8
Replies
9
Views
8 Years
Discussion Span
Last Post by earthling dude
0

For heaven's sake ignore that warning. That's a nasty wanting you to install their trojan. First thing you need to do is disable Spybot TeaTimer as it will interfere with fixes.
To do this open Spybot. Choose Mode at the top and choose Advanced Mode. Then go to the bottom and click Tools. When Tools opens Click Resident. When Resident opens take the Check Mark OUT of TeaTimer.
Close the program and Reboot the computer.
Then do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Run a new HJT scan and save the log. Post back here with the MBA-M log and the new HJT log.
Judy

0

Thank you very much, Judy, for the detailed reply. I followed your instructions. Here are the files from mbam and hijackthis after mbam.

My system is stable now and IE seems to be working fine for now even on my hotmail account.

Your help is highly appreciated.
Have a great day :)

Attachments
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:10 PM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\HACE\Mmm\Mmm.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\SuperCleaner\SuperCleaner.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Documents and Settings\BusyDude\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Process Explorer-v 11.02-FreeWare\procexp.exe
C:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toggle\ToggleMOUSE\ToggleMouse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.iub.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iub.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=foxprose.exe,C:\WINDOWS\system32\userinit.exe,security.exe,
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ????? ???? Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TBSB05137 - {E632D7C7-20EC-4A06-8D6F-259838D16889} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\installed\{5D1BF3AF-E568-47DC-87FA-1D1F7DBBBD1E}\0\mrk's.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\bin\tbcore3U.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\Mmm.exe"
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BusyDude\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: StartupFaster
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Process Explorer.lnk = C:\Program Files\Process Explorer-v 11.02-FreeWare\procexp.exe
O4 - Global Startup: Taskbar Manager.lnk = C:\Program Files\Askarya\Taskbar Manager\TaskbarManager.exe
O4 - Global Startup: ToggleMOUSE.lnk = C:\Program Files\Toggle\ToggleMOUSE\ToggleMouse.exe
O8 - Extra context menu item:  eReference  - C:\Program Files\eRef\Ahd41.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Ja
Malwarebytes' Anti-Malware 1.30
Database version: 1428
Windows 5.1.2600 Service Pack 3

11/27/2008 4:22:03 PM
mbam-log-2008-11-27 (16-22-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 324561
Time elapsed: 1 hour(s), 39 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnkiif (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\huyaka (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sjkgcr.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ae8a9ce-80de-4951-ad58-be6fc7a0e231} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ebb289a-2d7b-465b-825f-1530b813e95a} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bde8a95b-a98d-4928-adcb-c3c3d0afa449} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd5c92ae-97b0-4bc3-ba65-ba0308d543bf} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0848225a-8181-42fc-8c68-f0a543b12967} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0848225a-8181-42fc-8c68-f0a543b12967} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0848225a-8181-42fc-8c68-f0a543b12967} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook (Adware.DosPopToolbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\opnnkiiF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\BusyDude\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\-0-KeyGen-Adobe Acrobat Pro-v 8.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\PilotEdit\-0-Patch-PilotEdit-v 1.3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\-0-Patch-WinRAR-v 3.62.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqrhyvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
0

Only question I have is did you add these?
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A10A494-05FB-48A1-950D-13B0B6BA75A5}: NameServer = 192.168.10.10
These entries indicate the DNS server on the computer and I can find no information about 192.168.10.10.

0

I did not add anything to either file. Is it possible that these numbers come from my router? The router IP addresses begin with 192.168.

Best regards

0

I did not add anything to either file. Is it possible that these numbers come from my router? The router IP addresses begin with 192.168.

Best regards

Probably is. Then the log looks ok to me.
Are things running all right?

0

do yo have like... 10 computers connected to your network? or you could access your router and find where the dhcp pooling addresses start. 192.168.x.x are internal networking addresses and are invisible to the internet anyway.

0

Hello again,

Things are working well now. THANK YOU for your time and efforts. About the network, I have 3 computers only. But, aside from that IP address line, all seems to be well.

yeeeeeeeeeeeeeeeeeeeey

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.