Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92142 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Internet Explorer won't run but Firefox will


  • This topic is locked This topic is locked
46 replies to this topic

#1 mackenzie

mackenzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 25 June 2010 - 04:25 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:13:17 PM, on 6/25/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\EARTHL~1\TaskPanl.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alesia\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\tbu15EF\COUPON~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\tbu15EF\CouponsBar.dll
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRA~1\EARTHL~1\TaskPanl.exe" -winstart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AE1C495-CF33-418E-99B1-4D9BF6FD8EC2}: NameServer = 12.229.66.3 12.229.66.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AE1C495-CF33-418E-99B1-4D9BF6FD8EC2}: NameServer = 12.229.66.3 12.229.66.4
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8589 bytes

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 27 June 2010 - 03:49 AM

Hi and Welcome,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT




Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
[/QUOTE]

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 mackenzie

mackenzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 28 June 2010 - 09:59 PM

Thank you for your response, I appreciate your help.

Below are the files that were saved per your instructions.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Alesia at 16:52:24.21 on Mon 06/28/2010
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1022.623 [GMT -3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\EARTHL~1\TaskPanl.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alesia\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: PnIEBrowserHelperObj Class: {4b5f2e08-6f39-479a-b547-b2026e4c7edf} - c:\program files\earthlink totalaccess\PnEL.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\tbu15ef\COUPON~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Pop-Up Blocker: {d7f30b62-8269-41af-9539-b2697fa7d77e} - c:\program files\earthlink totalaccess\PnEL.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\tbu15ef\CouponsBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [SpySweeper]
uRun: [RealPlayer] "c:\program files\real\realplayer\realplay.exe" /RunUPGToolCommandReBoot
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [E6TaskPanel] "c:\progra~1\earthl~1\TaskPanl.exe" -winstart
mRun: [Media Access] c:\program files\media access\MediaAccK.exe
mRun: [vptray] c:\progra~1\navnt\vptray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Propel Accelerator] c:\program files\earthlink totalaccess\accelerator\PropelAC.exe
mRun: [Internet Optimizer] "c:\program files\internet optimizer\optimize.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alesia\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Refresh Pa&ge with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-image.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38119.3245023148
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {1AE1C495-CF33-418E-99B1-4D9BF6FD8EC2} = 12.229.66.3 12.229.66.4
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alesia\applic~1\mozilla\firefox\profiles\4r33cxks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4

============= SERVICES / DRIVERS ===============

R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\navnt\rtvscan.exe [2003-5-21 610304]
R3 NAVAP;NAVAP;c:\progra~1\navnt\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080603.003\NAVENG.sys [2008-6-4 82256]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080603.003\NAVEX15.sys [2008-6-4 895408]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-06-25 14:17:12 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-06-25 14:17:08 0 d-----w- c:\program files\McAfee Security Scan
2010-06-03 13:44:08 0 d-----w- c:\program files\Lexia

==================== Find3M ====================


============= FINISH: 16:52:37.81 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2004 4:46:22 PM
System Uptime: 6/28/2010 4:42:57 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel® Pentium® 4 CPU 2.53GHz | Microprocessor | 2525/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 57.919 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP622: 4/3/2010 4:20:26 PM - System Checkpoint
RP623: 4/4/2010 5:58:47 PM - System Checkpoint
RP624: 4/5/2010 6:58:50 PM - System Checkpoint
RP625: 4/6/2010 7:03:04 PM - System Checkpoint
RP626: 4/7/2010 7:20:53 PM - System Checkpoint
RP627: 4/8/2010 8:20:53 PM - System Checkpoint
RP628: 4/9/2010 9:20:54 PM - System Checkpoint
RP629: 4/10/2010 10:39:31 PM - System Checkpoint
RP630: 4/12/2010 6:49:09 PM - System Checkpoint
RP631: 4/13/2010 7:59:54 PM - System Checkpoint
RP632: 4/14/2010 8:24:11 PM - System Checkpoint
RP633: 4/15/2010 9:47:48 PM - System Checkpoint
RP634: 4/16/2010 10:24:10 PM - System Checkpoint
RP635: 4/17/2010 11:24:08 PM - System Checkpoint
RP636: 4/18/2010 11:50:41 AM - Removed Adobe Reader 6.0.1
RP637: 4/18/2010 11:50:53 AM - Installed Adobe Reader 9.3.
RP638: 4/19/2010 12:27:07 PM - System Checkpoint
RP639: 4/20/2010 12:40:08 PM - System Checkpoint
RP640: 4/21/2010 1:05:05 PM - System Checkpoint
RP641: 4/22/2010 2:05:05 PM - System Checkpoint
RP642: 4/23/2010 3:05:07 PM - System Checkpoint
RP643: 4/24/2010 3:19:55 PM - System Checkpoint
RP644: 4/25/2010 4:16:13 PM - System Checkpoint
RP645: 4/26/2010 5:16:14 PM - System Checkpoint
RP646: 4/27/2010 5:27:26 PM - System Checkpoint
RP647: 4/28/2010 6:16:12 PM - System Checkpoint
RP648: 4/29/2010 8:19:55 PM - System Checkpoint
RP649: 4/30/2010 8:24:37 PM - System Checkpoint
RP650: 5/1/2010 8:56:59 PM - System Checkpoint
RP651: 5/2/2010 9:07:59 PM - System Checkpoint
RP652: 5/3/2010 9:28:29 PM - System Checkpoint
RP653: 5/4/2010 9:29:50 PM - System Checkpoint
RP654: 5/6/2010 12:29:56 PM - System Checkpoint
RP655: 5/7/2010 12:34:40 PM - System Checkpoint
RP656: 5/8/2010 12:36:18 PM - System Checkpoint
RP657: 5/9/2010 1:23:35 PM - System Checkpoint
RP658: 5/10/2010 1:38:41 PM - System Checkpoint
RP659: 5/11/2010 2:38:41 PM - System Checkpoint
RP660: 5/12/2010 3:38:41 PM - System Checkpoint
RP661: 5/13/2010 5:30:07 PM - System Checkpoint
RP662: 5/14/2010 5:38:40 PM - System Checkpoint
RP663: 5/15/2010 8:44:20 PM - System Checkpoint
RP664: 5/16/2010 9:39:45 PM - System Checkpoint
RP665: 5/18/2010 7:48:06 AM - System Checkpoint
RP666: 5/19/2010 8:30:34 AM - System Checkpoint
RP667: 5/20/2010 9:30:34 AM - System Checkpoint
RP668: 5/21/2010 10:30:34 AM - System Checkpoint
RP669: 5/22/2010 11:30:34 AM - System Checkpoint
RP670: 5/23/2010 12:30:45 PM - System Checkpoint
RP671: 5/24/2010 12:34:37 PM - System Checkpoint
RP672: 5/25/2010 1:05:45 PM - System Checkpoint
RP673: 5/26/2010 1:05:51 PM - System Checkpoint
RP674: 5/27/2010 2:05:51 PM - System Checkpoint
RP675: 5/30/2010 11:54:02 AM - System Checkpoint
RP676: 5/31/2010 12:39:28 PM - System Checkpoint
RP677: 6/1/2010 2:42:46 PM - System Checkpoint
RP678: 6/2/2010 3:39:27 PM - System Checkpoint
RP679: 6/3/2010 3:58:11 PM - System Checkpoint
RP680: 6/4/2010 4:58:12 PM - System Checkpoint
RP681: 6/5/2010 4:59:17 PM - System Checkpoint
RP682: 6/6/2010 5:58:12 PM - System Checkpoint
RP683: 6/7/2010 6:58:13 PM - System Checkpoint
RP684: 6/8/2010 8:01:09 PM - System Checkpoint
RP685: 6/9/2010 10:32:19 PM - System Checkpoint
RP686: 6/10/2010 10:44:01 PM - System Checkpoint
RP687: 6/11/2010 11:01:34 PM - System Checkpoint
RP688: 6/13/2010 7:22:36 PM - System Checkpoint
RP689: 6/14/2010 9:48:15 PM - System Checkpoint
RP690: 6/15/2010 10:37:35 PM - System Checkpoint
RP691: 6/16/2010 11:37:34 PM - System Checkpoint
RP692: 6/19/2010 7:51:18 AM - System Checkpoint
RP693: 6/20/2010 8:50:07 AM - System Checkpoint
RP694: 6/21/2010 9:39:35 AM - System Checkpoint
RP695: 6/22/2010 10:18:04 AM - System Checkpoint
RP696: 6/23/2010 11:05:34 AM - System Checkpoint
RP697: 6/24/2010 12:30:07 PM - System Checkpoint
RP698: 6/25/2010 1:05:37 PM - System Checkpoint
RP699: 6/26/2010 1:39:55 PM - System Checkpoint
RP700: 6/27/2010 2:39:55 PM - System Checkpoint
RP701: 6/28/2010 2:46:35 PM - System Checkpoint
RP702: 6/28/2010 4:34:02 PM - Installed Microsoft Fix it 50362

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3
ArcSoft PhotoImpression 3.0
Banctec Service Agreement
BCM V.92 56K Modem
Broadcom Management Programs
CK Becky Higgins' Creative Clips
Coupon Printer for Windows
CouponBar
Creative Lettering Combo
Cricut DesignStudio
Deal Info
Dell Networking Guide
DigitImg
DS21Patch
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EarthLink Accelerator
EarthLink Common
EarthLink FastLane
EarthLink IM
EarthLink MailBox
EarthLink MDAC
EarthLink Pop-Up Blocker
EarthLink Redistributed
EarthLink Setup
EarthLink TaskPanel
EarthLink TotalAccess 2004
EarthLink Update Manager
EarthLink Webspace
ELNBonus
exPressit S.E. 2.2
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.4
FUJIFILM USB Driver
Help and Support Customization
HP Memories Disc
HP Software Update
ImageMixer VCD for FinePix
Intel® Extreme Graphics Driver
InterActual Player
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Java™ 6 Update 6
Lernout & Hauspie TruVoice for Microsoft Agent
Lexia Reading
LiveUpdate 1.80 (Symantec Corporation)
McAfee Security Scan Plus
Media Access
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft ActiveSync 3.8
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft XML Parser
MicroStaff WINASPI NT
Modem Helper
Move Media Player
Mozilla Firefox (2.0.0.20)
MSN Toolbar
MSSoap
My Photo Adventure
My Photo Adventure 2
Nero Suite
Outlook Express Q823353
Photo2DVD Studio Build 4.9.8.0
Photodex Presenter
PhotoShow 2
Photosmart 140,240,7200,7600,7700,7900 Series
PowerDVD
ProShow Gold
PS240
PSShortcuts
PSUsage
QuickTime
RealOne Player
Ringling Bros. - Frankie Goes to the Circus
Shockwave
SolSuite
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SpywareBlaster 4.3
SpywareBlocker
SpywareGuard v2.2
Symantec AntiVirus Client
TotalAccess Smart Installer
TurboTax ItsDeductible 2005
TurboTax Premier 2005
Uniblue Registry Booster
Viewpoint Media Player
WebFldrs XP
WebSearch Tools
WexTech AnswerWorks
Win-Tools Easy Installer (by WebSearch)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Sasser Worm Removal Tool (KB841720)
Windows XP Hotfix - KB817611
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB828756
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

==== Event Viewer Messages From Past Week ========

6/25/2010 4:43:58 PM, error: DCOM [10000] - Unable to start a DCOM Server: {E0B8F398-BB08-4298-87F0-34502693902E}. The error: "%3" Happened while starting this command: "C:\Program Files\Messenger\msmsgs.exe" -Embedding

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-28 23:26:14
Windows 5.1.2600 Service Pack 1
Running: 871rs0z6.exe; Driver: C:\DOCUME~1\Alesia\LOCALS~1\Temp\pwtoapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \Fat EDC88143

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 28 June 2010 - 10:17 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 mackenzie

mackenzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 29 June 2010 - 08:57 PM

Below is the ComboFix log that was saved.



ComboFix 10-06-29.03 - Alesia 06/29/2010 22:38:26.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1022.486 [GMT -3:00]
Running from: c:\documents and settings\Alesia\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\B4.tmp
c:\documents and settings\Alesia\file.exe
c:\documents and settings\Alesia\Recent\Thumbs.db
c:\program files\Toolbar
c:\program files\Toolbar\zwipvbh.wzg
C:\Thumbs.db
c:\windows\Debug\dcpromo.log
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\tbu15EF\COUPon~1.dll
c:\windows\tbu15EF\CoUPonsbar.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-25 20:19 . 2010-06-25 20:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-25 20:19 . 2010-06-25 20:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Earthlink
2010-06-25 14:17 . 2010-06-25 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-06-25 14:17 . 2010-06-25 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-25 14:17 . 2010-06-25 20:19 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-03 13:44 . 2010-06-28 13:41 -------- d-----w- c:\program files\Lexia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 19:31 . 2004-10-29 23:03 -------- d-----w- c:\program files\FinePixViewer
2010-06-26 02:35 . 2008-05-21 23:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-26 02:30 . 2008-05-21 23:18 -------- d-----w- c:\program files\SpywareBlaster
2010-06-19 02:29 . 2008-05-21 23:21 -------- d-----w- c:\program files\SpywareGuard
2010-06-18 03:34 . 2004-02-05 02:20 -------- d-----w- c:\program files\EarthLink TotalAccess
2010-06-08 22:24 . 2009-09-12 18:03 -------- d-----w- c:\documents and settings\Alesia\Application Data\Move Networks
2010-06-28 13:39 . 2008-05-21 23:17 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2010-06-28 13:39 . 2008-05-21 23:17 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2010-06-28 13:39 . 2008-05-21 23:17 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-06-28 13:39 . 2008-05-21 23:17 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2010-06-28 13:39 . 2008-05-21 23:17 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\xmlprov.dll

[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\d3d9.dll
[-] 2004-07-09 09:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\SYSTEM32\d3d9.dll
[-] 2003-05-30 15:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\LastGood\System32\d3d9.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="c:\program files\Real\RealPlayer\realplay.exe" [2006-11-29 1003520]
"E6TaskPanel"="c:\progra~1\EARTHL~1\TaskPanl.exe" [2003-12-08 733184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Media Access"="c:\program files\Media Access\MediaAccK.exe" [2005-05-12 20992]
"vptray"="c:\progra~1\NavNT\vptray.exe" [2003-05-21 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-02-01 151597]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-02-01 77824]
"Propel Accelerator"="c:\program files\EarthLink TotalAccess\Accelerator\PropelAC.exe" [2003-12-08 750399]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-22 483328]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 122880]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\Alesia\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-7-17 303104]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 00:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 9:49 AM 227232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PWTOAPOB
*Deregistered* - pwtoapob
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Refresh Pa&ge with Full Quality - c:\program files\EarthLink TotalAccess\Accelerator\\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\EarthLink TotalAccess\Accelerator\\pac-image.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: {1AE1C495-CF33-418E-99B1-4D9BF6FD8EC2} = 12.229.66.3 12.229.66.4
FF - ProfilePath - c:\documents and settings\Alesia\Application Data\Mozilla\Firefox\Profiles\4r33cxks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpySweeper - (no file)
HKLM-Run-Internet Optimizer - c:\program files\Internet Optimizer\optimize.exe
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe
AddRemove-SmartInstaller - c:\program files\EarthLink\TotalAccess Smart Installer\UnSMI.exe
AddRemove-WinTools - c:\progra~1\COMMON~1\WinTools\WToolsA.exe
AddRemove-WinTools_ESIES - c:\progra~1\COMMON~1\WinTools\WToolsA.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 22:43
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(688)
c:\windows\System32\dssenh.dll
.
Completion time: 2010-06-29 22:45:00
ComboFix-quarantined-files.txt 2010-06-30 01:44
ComboFix2.txt 2008-05-20 11:50

Pre-Run: 62,105,018,368 bytes free
Post-Run: 62,217,199,616 bytes free

- - End Of File - - B373372B5364BB25CDF945D9F13E0748

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 29 June 2010 - 10:02 PM

Hi

Please do the following:


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 mackenzie

mackenzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 01 July 2010 - 08:33 AM

Having problems with Kapersky scan.... I have downloaded and updated with no problems but during scan of "My Computer" it stops after about an hour and 10 minutes - scanned approx. 36000 files with approx. 10000 infected (all seem to be in quarantine area) but then scan process stops and shows 0 files, 0 threats, 0 infections, etc.... the time counter still registers the process time elapsed but cannot access report, etc. I have tried to scan 3 different times and each time have same results. I was successful with the Malware log listed below: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4260 Windows 5.1.2600 Service Pack 1 Internet Explorer 6.0.2800.1106 6/30/2010 6:15:06 AM mbam-log-2010-06-30 (06-15-06).txt Scan type: Quick scan Objects scanned: 133436 Time elapsed: 6 minute(s), 40 second(s) Memory Processes Infected: 2 Memory Modules Infected: 1 Registry Keys Infected: 8 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: C:\Program Files\Media Access\MediaAccess.exe (Adware.Winad) -> Unloaded process successfully. C:\Program Files\Media Access\MediaAccK.exe (Adware.MediaAccess) -> Unloaded process successfully. Memory Modules Infected: C:\Program Files\Media Access\MediaAccC.dll (Adware.MediaAccess) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\mediaaccess.installer (Adware.MediaAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} (Adware.Winad) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} (Adware.Winad) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c} (Adware.MediaAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} (Adware.Winad) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\LoaderX.exe (Adware.Winad) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access (Adware.MediaAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media access (Adware.MediaAccess) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\media access (Adware.MediaAccess) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Media Access (Adware.MediaAccess) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Media Access\MediaAccC.dll (Adware.MediaAccess) -> Quarantined and deleted successfully. C:\Program Files\Media Access\MediaAccess.exe (Adware.Winad) -> Quarantined and deleted successfully. C:\Program Files\Media Access\Info.txt (Adware.MediaAccess) -> Quarantined and deleted successfully. C:\Program Files\Media Access\MediaAccK.exe (Adware.MediaAccess) -> Quarantined and deleted successfully.

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 July 2010 - 08:40 AM

Hi

Please try this scanner instead


Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 mackenzie

mackenzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 01 July 2010 - 12:40 PM

Below is a copy of the log from the ESET scan. I am able to use Internet Explorer now, although it does seem slower than Firefox when accessing from one site to another. I have not yet rebooted since beginning the downloads or scans from yesterdays post. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2800.1106 (xpsp1.020828-1920) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=7e24ae918dfe1e41b285b638e54841d2 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-07-01 05:24:41 # local_time=2010-07-01 02:24:41 (-0400, Atlantic Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=3586 16764926 40 17 45994828 357091005 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=128788 # found=12 # cleaned=0 # scan_time=2332 C:\Documents and Settings\Alesia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-3062c922-23850e05.class Java/TrojanDownloader.OpenStream.NAC trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Alesia\file.exe.vir a variant of Win32/Kryptik.BCA trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Process.exe.vir Win32/PrcView application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\tbu15EF\COUPON~1.DLL.vir probably a variant of Win32/Adware.Softomate.AD application 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP703\A0053349.exe a variant of Win32/Kryptik.BCA trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP703\A0053353.exe Win32/PrcView application 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP703\A0053359.dll probably a variant of Win32/Adware.Softomate.AD application 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP703\A0053417.dll a variant of Win32/Adware.WUpd application 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP703\A0053418.exe a variant of Win32/Adware.WUpd application 00000000000000000000000000000000 I C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP703\A0053419.exe a variant of Win32/Adware.WUpd application 00000000000000000000000000000000 I C:\WINDOWS\CouponBarIE.dll probably a variant of Win32/Adware.Softomate.AD application 00000000000000000000000000000000 I C:\WINDOWS\tbu15EF\tbupdate.cab probably a variant of Win32/Adware.Softomate.AD application 00000000000000000000000000000000 I

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 July 2010 - 01:05 PM

Hi

Reboot

then do the following:

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 20 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 20 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT



Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.


NEXT


Download and run Auslogics Disc Defragmenter

NEXT


Please post a fresh DDS log and advise how your computer is running now and if you have any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#11 mackenzie

mackenzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 01 July 2010 - 04:55 PM

I received these four alerts following the Java and Auslogics downloads, anything to be concerned about or needs attention?

--------------------------------------------------------------------------------
NEW BHO DETECTION ALERT
On 18:25:48 07/01/2010 a new BHO installation attempt was detected.
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
ProgramID: n/a
File Location: C:\Program Files\Java\jre6\bin\jp2ssv.dll
User Action Taken: KEEP BHO

--------------------------------------------------------------------------------
NEW BHO DETECTION ALERT
On 18:26:04 07/01/2010 a new BHO installation attempt was detected.
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
ProgramID: ieplugin.JQSIEStartDetectorImpl.1
File Location: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
User Action Taken: KEEP BHO

--------------------------------------------------------------------------------
BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
On 18:38:24 07/01/2010 a browser page change was detected.
Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
Value Name: Start Page
Old Value: http://www.microsoft...p...&ar=msnhome
New Value: http://www.ask.com?o=1689&l=dis
User Action Taken: KEEP NEW VALUE

--------------------------------------------------------------------------------
NEW BHO DETECTION ALERT
On 18:38:42 07/01/2010 a new BHO installation attempt was detected.
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440}
ProgramID: GenericAskToolbar.ToolbarWnd.1
File Location: C:\Program Files\Ask.com\GenericAskToolbar.dll
User Action Taken: KEEP BHO

Edited by mackenzie, 01 July 2010 - 04:58 PM.


#12 mackenzie

mackenzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 01 July 2010 - 05:24 PM

Below are the logs following the defrag run. IE will now open and run but I now have a new "home page" wish is Ask.com along with a toolbar for the same. My favorites are shown in the dropdown box but none of those will open when selected. I did check the dropdown window from the address bar and those in the "history" will access when chosen. Please note the previous reply from a few minutes ago regarding the BHO notices also. DDS (Ver_10-03-17.01) - NTFSx86 Run by Alesia at 18:59:05.73 on Thu 07/01/2010 Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1022.568 [GMT -3:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\NavNT\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\PROGRA~1\EARTHL~1\TaskPanl.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\NavNT\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\NavNT\rtvscan.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Alesia\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=1689&l=dis uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: PnIEBrowserHelperObj Class: {4b5f2e08-6f39-479a-b547-b2026e4c7edf} - c:\program files\earthlink totalaccess\PnEL.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll BHO: Auslogics Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Pop-Up Blocker: {d7f30b62-8269-41af-9539-b2697fa7d77e} - c:\program files\earthlink totalaccess\PnEL.dll TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll TB: Auslogics Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll uRun: [RealPlayer] "c:\program files\real\realplayer\realplay.exe" /RunUPGToolCommandReBoot uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE" uRun: [E6TaskPanel] "c:\progra~1\earthl~1\TaskPanl.exe" -winstart mRun: [vptray] c:\progra~1\navnt\vptray.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Propel Accelerator] c:\program files\earthlink totalaccess\accelerator\PropelAC.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe mRun: [HPHmon05] c:\windows\system32\hphmon05.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alesia\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: Refresh Pa&ge with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-page.html IE: Refresh Pi&cture with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-image.html IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38119.3245023148 DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {1AE1C495-CF33-418E-99B1-4D9BF6FD8EC2} = 12.229.66.3 12.229.66.4 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll Notify: igfxcui - igfxsrvc.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alesia\applic~1\mozilla\firefox\profiles\4r33cxks.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 4 FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2003-5-2 30208] R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\navnt\rtvscan.exe [2003-5-21 610304] R3 NAVAP;NAVAP;c:\progra~1\navnt\NAVAP.sys [2003-5-2 224256] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080603.003\NAVENG.sys [2008-6-4 82256] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080603.003\NAVEX15.sys [2008-6-4 895408] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] =============== Created Last 30 ================ 2010-07-01 21:37:56 0 d-----w- c:\program files\Ask.com 2010-07-01 21:37:54 0 d-----w- c:\docume~1\alesia\applic~1\Auslogics 2010-07-01 21:37:47 0 d-----w- c:\program files\Auslogics 2010-07-01 21:24:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-07-01 21:24:56 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-01 16:17:43 0 d-----w- c:\program files\ESET 2010-06-30 23:00:35 0 d-----w- c:\windows\system32\PreInstall 2010-06-30 23:00:30 22752 ----a-w- c:\windows\system32\spupdsvc.exe 2010-06-30 09:03:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-30 09:03:02 19288 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-30 09:03:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-30 09:03:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-30 01:36:21 98816 ----a-w- c:\windows\sed.exe 2010-06-30 01:36:21 77312 ----a-w- c:\windows\MBR.exe 2010-06-30 01:36:21 256512 ----a-w- c:\windows\PEV.exe 2010-06-30 01:36:21 161792 ----a-w- c:\windows\SWREG.exe 2010-06-25 14:17:12 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan 2010-06-25 14:17:08 0 d-----w- c:\program files\McAfee Security Scan 2010-06-03 13:44:08 0 d-----w- c:\program files\Lexia ==================== Find3M ==================== ============= FINISH: 18:59:31.10 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 2/4/2004 4:46:22 PM System Uptime: 7/1/2010 6:33:12 PM (0 hours ago) Motherboard: Dell Computer Corp. | | 0C2425 Processor: Intel® Pentium® 4 CPU 2.53GHz | Microprocessor | 2525/533mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 74 GiB total, 57.57 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP622: 4/3/2010 4:20:26 PM - System Checkpoint RP623: 4/4/2010 5:58:47 PM - System Checkpoint RP624: 4/5/2010 6:58:50 PM - System Checkpoint RP625: 4/6/2010 7:03:04 PM - System Checkpoint RP626: 4/7/2010 7:20:53 PM - System Checkpoint RP627: 4/8/2010 8:20:53 PM - System Checkpoint RP628: 4/9/2010 9:20:54 PM - System Checkpoint RP629: 4/10/2010 10:39:31 PM - System Checkpoint RP630: 4/12/2010 6:49:09 PM - System Checkpoint RP631: 4/13/2010 7:59:54 PM - System Checkpoint RP632: 4/14/2010 8:24:11 PM - System Checkpoint RP633: 4/15/2010 9:47:48 PM - System Checkpoint RP634: 4/16/2010 10:24:10 PM - System Checkpoint RP635: 4/17/2010 11:24:08 PM - System Checkpoint RP636: 4/18/2010 11:50:41 AM - Removed Adobe Reader 6.0.1 RP637: 4/18/2010 11:50:53 AM - Installed Adobe Reader 9.3. RP638: 4/19/2010 12:27:07 PM - System Checkpoint RP639: 4/20/2010 12:40:08 PM - System Checkpoint RP640: 4/21/2010 1:05:05 PM - System Checkpoint RP641: 4/22/2010 2:05:05 PM - System Checkpoint RP642: 4/23/2010 3:05:07 PM - System Checkpoint RP643: 4/24/2010 3:19:55 PM - System Checkpoint RP644: 4/25/2010 4:16:13 PM - System Checkpoint RP645: 4/26/2010 5:16:14 PM - System Checkpoint RP646: 4/27/2010 5:27:26 PM - System Checkpoint RP647: 4/28/2010 6:16:12 PM - System Checkpoint RP648: 4/29/2010 8:19:55 PM - System Checkpoint RP649: 4/30/2010 8:24:37 PM - System Checkpoint RP650: 5/1/2010 8:56:59 PM - System Checkpoint RP651: 5/2/2010 9:07:59 PM - System Checkpoint RP652: 5/3/2010 9:28:29 PM - System Checkpoint RP653: 5/4/2010 9:29:50 PM - System Checkpoint RP654: 5/6/2010 12:29:56 PM - System Checkpoint RP655: 5/7/2010 12:34:40 PM - System Checkpoint RP656: 5/8/2010 12:36:18 PM - System Checkpoint RP657: 5/9/2010 1:23:35 PM - System Checkpoint RP658: 5/10/2010 1:38:41 PM - System Checkpoint RP659: 5/11/2010 2:38:41 PM - System Checkpoint RP660: 5/12/2010 3:38:41 PM - System Checkpoint RP661: 5/13/2010 5:30:07 PM - System Checkpoint RP662: 5/14/2010 5:38:40 PM - System Checkpoint RP663: 5/15/2010 8:44:20 PM - System Checkpoint RP664: 5/16/2010 9:39:45 PM - System Checkpoint RP665: 5/18/2010 7:48:06 AM - System Checkpoint RP666: 5/19/2010 8:30:34 AM - System Checkpoint RP667: 5/20/2010 9:30:34 AM - System Checkpoint RP668: 5/21/2010 10:30:34 AM - System Checkpoint RP669: 5/22/2010 11:30:34 AM - System Checkpoint RP670: 5/23/2010 12:30:45 PM - System Checkpoint RP671: 5/24/2010 12:34:37 PM - System Checkpoint RP672: 5/25/2010 1:05:45 PM - System Checkpoint RP673: 5/26/2010 1:05:51 PM - System Checkpoint RP674: 5/27/2010 2:05:51 PM - System Checkpoint RP675: 5/30/2010 11:54:02 AM - System Checkpoint RP676: 5/31/2010 12:39:28 PM - System Checkpoint RP677: 6/1/2010 2:42:46 PM - System Checkpoint RP678: 6/2/2010 3:39:27 PM - System Checkpoint RP679: 6/3/2010 3:58:11 PM - System Checkpoint RP680: 6/4/2010 4:58:12 PM - System Checkpoint RP681: 6/5/2010 4:59:17 PM - System Checkpoint RP682: 6/6/2010 5:58:12 PM - System Checkpoint RP683: 6/7/2010 6:58:13 PM - System Checkpoint RP684: 6/8/2010 8:01:09 PM - System Checkpoint RP685: 6/9/2010 10:32:19 PM - System Checkpoint RP686: 6/10/2010 10:44:01 PM - System Checkpoint RP687: 6/11/2010 11:01:34 PM - System Checkpoint RP688: 6/13/2010 7:22:36 PM - System Checkpoint RP689: 6/14/2010 9:48:15 PM - System Checkpoint RP690: 6/15/2010 10:37:35 PM - System Checkpoint RP691: 6/16/2010 11:37:34 PM - System Checkpoint RP692: 6/19/2010 7:51:18 AM - System Checkpoint RP693: 6/20/2010 8:50:07 AM - System Checkpoint RP694: 6/21/2010 9:39:35 AM - System Checkpoint RP695: 6/22/2010 10:18:04 AM - System Checkpoint RP696: 6/23/2010 11:05:34 AM - System Checkpoint RP697: 6/24/2010 12:30:07 PM - System Checkpoint RP698: 6/25/2010 1:05:37 PM - System Checkpoint RP699: 6/26/2010 1:39:55 PM - System Checkpoint RP700: 6/27/2010 2:39:55 PM - System Checkpoint RP701: 6/28/2010 2:46:35 PM - System Checkpoint RP702: 6/28/2010 4:34:02 PM - Installed Microsoft Fix it 50362 RP703: 6/29/2010 4:46:56 PM - System Checkpoint RP704: 6/30/2010 5:21:07 PM - System Checkpoint RP705: 6/30/2010 8:00:20 PM - Software Distribution Service 3.0 RP706: 6/30/2010 8:00:33 PM - Installed Windows XP KB898461. RP707: 7/1/2010 6:06:04 PM - Removed Java™ 6 Update 6 RP708: 7/1/2010 6:24:31 PM - Installed Java™ 6 Update 20 ==== Installed Programs ====================== Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 9.3 ArcSoft PhotoImpression 3.0 Ask Toolbar Auslogics Disk Defrag Banctec Service Agreement BCM V.92 56K Modem Broadcom Management Programs CK Becky Higgins' Creative Clips Coupon Printer for Windows CouponBar Creative Lettering Combo Cricut DesignStudio Deal Info Dell Networking Guide DigitImg DS21Patch DVD Decrypter (Remove Only) DVD Shrink 3.2 EarthLink Accelerator EarthLink Common EarthLink FastLane EarthLink IM EarthLink MailBox EarthLink MDAC EarthLink Pop-Up Blocker EarthLink Redistributed EarthLink Setup EarthLink TaskPanel EarthLink TotalAccess 2004 EarthLink Update Manager EarthLink Webspace ELNBonus ESET Online Scanner v3 exPressit S.E. 2.2 FinePix Studio FinePixViewer Resource FinePixViewer Ver.5.4 FUJIFILM USB Driver Help and Support Customization HP Memories Disc HP Software Update ImageMixer VCD for FinePix Intel® Extreme Graphics Driver InterActual Player Internet Explorer Default Page Jasc Paint Shop Photo Album Java Auto Updater Java™ 6 Update 20 Lernout & Hauspie TruVoice for Microsoft Agent Lexia Reading LiveUpdate 1.80 (Symantec Corporation) Malwarebytes' Anti-Malware McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft ActiveSync 3.8 Microsoft Data Access Components KB870669 Microsoft Encarta Encyclopedia Standard 2004 Microsoft Office XP Media Content Microsoft Office XP Professional with FrontPage Microsoft Publisher 2002 Microsoft XML Parser MicroStaff WINASPI NT Modem Helper Move Media Player Mozilla Firefox (2.0.0.20) MSN Toolbar MSSoap My Photo Adventure My Photo Adventure 2 Nero Suite Outlook Express Q823353 Photo2DVD Studio Build 4.9.8.0 Photodex Presenter PhotoShow 2 Photosmart 140,240,7200,7600,7700,7900 Series PowerDVD ProShow Gold PS240 PSShortcuts PSUsage QuickTime RealOne Player Ringling Bros. - Frankie Goes to the Circus Shockwave SolSuite Sonic DLA Sonic RecordNow! Sonic Update Manager SpywareBlaster 4.3 SpywareBlocker SpywareGuard v2.2 Symantec AntiVirus Client TurboTax ItsDeductible 2005 TurboTax Premier 2005 Uniblue Registry Booster Update for Windows XP (KB898461) Viewpoint Media Player WebFldrs XP WexTech AnswerWorks Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04) Windows Installer 3.1 (KB893803) Windows Media Player Hotfix [See Q828026 for more information] Windows Sasser Worm Removal Tool (KB841720) Windows XP Hotfix - KB817611 Windows XP Hotfix - KB823182 Windows XP Hotfix - KB824105 Windows XP Hotfix - KB824141 Windows XP Hotfix - KB825119 Windows XP Hotfix - KB826939 Windows XP Hotfix - KB828035 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB828756 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB837001 Windows XP Hotfix - KB839645 Windows XP Hotfix - KB840315 Windows XP Hotfix - KB840374 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB841873 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB871250 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889293 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891711 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 ==== Event Viewer Messages From Past Week ======== 7/1/2010 3:31:36 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s). 7/1/2010 3:31:36 PM, error: Service Control Manager [7034] - The Symantec AntiVirus Client service terminated unexpectedly. It has done this 1 time(s). 7/1/2010 3:31:36 PM, error: Service Control Manager [7034] - The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s). 7/1/2010 3:31:36 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 7/1/2010 3:31:36 PM, error: Service Control Manager [7034] - The DefWatch service terminated unexpectedly. It has done this 1 time(s). 6/30/2010 3:19:08 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service. 6/30/2010 3:17:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 6/29/2010 7:40:06 PM, error: PlugPlayManager [12] - The device 'SAMSUNG CD-ROM SC-148A' (IDE\CdRomSAMSUNG_CD-ROM_SC-148A__________________B402____\5&2641f507&0&0.0.0) disappeared from the system without first being prepared for removal. 6/29/2010 7:40:06 PM, error: PlugPlayManager [12] - The device 'SAMSUNG CD-R/RW SW-252S' (IDE\CdRomSAMSUNG_CD-R/RW_SW-252S_________________R901____\5&2641f507&0&0.1.0) disappeared from the system without first being prepared for removal. 6/29/2010 7:37:44 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s). 6/25/2010 4:43:58 PM, error: DCOM [10000] - Unable to start a DCOM Server: {E0B8F398-BB08-4298-87F0-34502693902E}. The error: "%3" Happened while starting this command: "C:\Program Files\Messenger\msmsgs.exe" -Embedding ==== End Of File ===========================

#13 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 July 2010 - 07:03 PM

Hi You can remove the Ask tool Bar through Add/Remove programs (they sneak it in with Auslogics if your not paying attention and say no to it's installation - (sorry I should have warned you to watch for it, but they've just started doing that, I'll have to change my instructions) delete the leftover folder and see if it needs removing in the Browser add-ons Tha Java ones are fine to have. what do you know about these proxy ports? did you set them yourself for games or something? FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 4

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#14 mackenzie

mackenzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 39 posts

Posted 01 July 2010 - 09:22 PM

I haven't set up any proxy ports that I'm aware of.... nothing for games, etc. I recently changed internet service from dial up to satellite provider. They told me it was through a PPOE connection. Don't know if that would be in relation to what you are looking at or not.

#15 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 July 2010 - 09:27 PM

Hi Yes, that's probably it, If you are not experiencing any issues, then we'll leave that alone were you able to remove the Ask bar OK are there any outstanding issues or shall we clean up the tools now?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users