Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Has Generated Errors


  • This topic is locked This topic is locked
12 replies to this topic

#1 UncleMike

UncleMike

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 08 August 2008 - 03:46 PM

Hi ..... I've been using Mozilla Firefox as my web browser on my PC for some years now, and I love it. Recently however, whenever I'm on a web page, I keep getting this error message : "Firefox has generated errors and will be closed". I even uninstalled Firefox and reinstalled the latest version, and I'm still having the same problem. I am using Firefox on two other laptops, and it's working perfectly, so I don't think the problem's with the browser itself. I'm sending you a Highjack This log and a Belarc Advisor page to let you know what's going on in this computer. Hopefully they will help resolve this problem.

Here's the Highjack This log :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:07 PM, on 8/8/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\hphmon04.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\WINNT\system32\wuauclt.exe
F:\WINNT\System32\HPHipm11.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Microsoft Office\Office\OSA.EXE
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Documents and Settings\Administrator\Application Data\U3\0000174F886039E8\LaunchPad.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Administrator\Desktop\Virus Protection\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPHmon04] F:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "F:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [B'sCLiP] F:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Omnipage] F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = F:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = F:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .scm: F:\Program Files\Internet Explorer\PLUGINS\NPSC.DLL
O12 - Plugin for .xav: F:\Program Files\Internet Explorer\PLUGINS\NPAVIAN.DLL
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/30673c695a19b1...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124807237041
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: FHook.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPH11 - HP - F:\WINNT\System32\HPHipm11.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe

--
End of file - 8490 bytes



Now the Belarc Advisor page :



Belarc Advisor
The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.

About Belarc

System Management Products

Your Privacy



In page Links:

Installed Hotfixes

Software Licenses

Software Versions



System Security Status
CIS Benchmark Score
Score
1.25 of 10


Virus Protection
Unknown
Unknown


Microsoft Security Updates
Alert!
51 missing
(or more)†

† Advisor security definitions are out of date. Click here for the latest definitions.

Computer Profile Summary
Computer Name: Mike-ipp26jqtus (in WORKGROUP)
Profile Date: Friday, August 08, 2008 3:45:09 PM
Advisor Version: 7.2t
Windows Logon: Administrator

Click here for Belarc's System Management products, for large and small companies.

Operating System System Model
Windows 2000 Professional Service Pack 4 (build 2195) Gateway 2000, Inc. Gateway 2000 PC
System Serial Number: 0008603447
Chassis Serial Number: 0008603447
Processor a Main Circuit Board b
300 megahertz Intel Pentium II
32 kilobyte primary memory cache
512 kilobyte secondary memory cache Board: Intel Corporation AL440LX AA691172-305
Serial Number: ISAL74449276
Bus Clock: 66 megahertz
BIOS: Intel Corp. 4A4LL0X0.15A.0011.P08 11/03/97
Drives Memory Modules c,d
68.40 Gigabytes Usable Hard Drive Capacity
58.66 Gigabytes Hard Drive Free Space

MITSUMI CD-ROM FX240S !B
SanDisk U3 Cruzer Micro USB Device [CD-ROM drive]
SONY CD-RW CRX215E1 [CD-ROM drive]
3.5" format removeable media [Floppy drive]

IBM-DHEA-38451 [Hard drive] (8.46 GB) -- drive 0, s/n SH0SH072919, rev HP8OA20C, SMART Status: Healthy
photosmart printer card reader (HPH11) [Hard drive] -- drive 2
SanDisk U3 Cruzer Micro USB Device (1.02 GB) -- drive 3
WDC WD600BB-00CAA1 [Hard drive] (60.02 GB) -- drive 1, s/n WD-WMA8E5924092, rev 17.07W17, SMART Status: Healthy 384 Megabytes Installed Memory

Slot '0' has 64 MB
Slot '1' has 64 MB
Slot '2' has 256 MB
Local Drive Volumes


c: (FAT32 on drive 0) 8.39 GB 8.36 GB free
f: (NTFS on drive 1) 60.01 GB 50.29 GB free
Network Drives
None detected
Users (mouse over user name for details) Printers
local user accounts last logon
Administrator 8/8/2008 9:42:15 AM (admin)
local system accounts
admin 7/9/2003 4:50:12 AM (admin)
Guest never

DISABLED Marks a disabled account; LOCKED OUT Marks a locked account

Canon FP-L170/MF350/L380/L398 on USB001
HP 7586B on OLEtoADI
hp photosmart 7350 series on DOT4_001
Windows NT Fax Driver on MSFAX:
Windows NT Fax Driver on MSFAX:
Controllers Display
Standard floppy disk controller
Intel® 82371AB/EB PCI Bus Master IDE Controller
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] Velocity 128 [Display adapter]
GATEWAY EV900 [Monitor] (17.7"vis, September 1997)
Bus Adapters Multimedia
Win2000 Promise Ultra100 TX2 ™ IDE Controller
Intel 82371AB/EB PCI to USB Universal Host Controller Creative AudioPCI (ES1370), SB PCI 64/128 (WDM)
Game Port for Creative
Communications Other Devices
3Com Windows Modem TI


D-Link DFE-530TX+ PCI Adapter
primary Auto IP Address: 192.168.0.100 / 24
Gateway: 192.168.0.1
Dhcp Server: 192.168.0.1
Physical Address: 00:11:95:1E:33:23

Networking Dns Server: 192.168.0.1
CanoScan LiDE 50
PC/AT Enhanced PS/2 Keyboard (101/102-Key)
Microsoft PS/2 Mouse
NT Apm/Legacy Interface Node
Generic USB Hub
USB Mass Storage Device
USB Printing Support
USB Root Hub
Virus Protection [Back to Top]
No details available
Missing Microsoft Security Hotfixes [Back to Top]
These required security hotfixes (using the 10/09/2007 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed.
Q816093 - Critical (details...)
Q839643 - Moderate (details...)
Q893756 - Important (details...)
Q896358 - Important (details...)
Q896422 - Important (details...)
Q896423 - Critical (details...)
Q899587 - Moderate (details...)
Q899589 - Important (details...)
Q900725 - Important (details...)
Q901017 - Important (details...)
Q901214 - Critical (details...)
Q904706 - Critical (details...)
Q905414 - Moderate (details...)
Q905749 - Important (details...)
Q908519 - Critical (details...)
Q908531 - Critical (details...)
Q911280 - Critical (details...)
Q911564 - Important (details...)
Q913580 - Moderate (details...)
Q914388 - Critical (details...)
Q914389 - Important (details...)
Q917008 - Critical (details...)
Q917344 - Critical (details...)
Q917953 - Important (details...)
Q918118 - Important (details...)
Q920213 - Critical (details...)
Q920670 - Important (details...)
Q920683 - Critical (details...)
Q920685 - Moderate (details...)
Q921398 - Moderate (details...)
Q921503 - Critical (details...)
Q923414 - Important (details...)
Q923689 - Critical (details...)
Q923810 - Critical (details...)
Q923980 - Important (details...)
Q924270 - Critical (details...)
Q924667 - Important (details...)
Q925398 - Critical (details...)
Q925902 - Critical (details...)
Q926122 - Critical (details...)
Q926436 - Important (details...)
Q928843 - Critical (details...)
Q930178 - Critical (details...)
Q931784 - Important (details...)
Q933729 - Low (details...)
Q935839 - Critical (details...)
Q935840 - Moderate (details...)
Q936021 - Critical (details...)
Q936782 - Important (details...)
Q938827 - Critical (details...)
Q938829 - Critical (details...)
Installed Microsoft Hotfixes [Back to Top]
Windows 2000
SP4
no verification data Q327194[SP] on 4/29/2005 (details...)
SP5
passed verification UPDATE ROLLUP 1 on 6/10/2008 (Update Rollup 1 for Windows 2000 SP4)
passed verification KB842773 on 8/23/2005 (details...)
passed verification KB893803V2 on 8/23/2005 (details...)
passed verification KB899588 on 8/23/2005 (details...)
No details available

Click here to see all available Microsoft security hotfixes for this computer.

[installed security hotfix] Marks a security hotfix (using the 10/09/2007 Microsoft Security Bulletin Summary)
[failing installed security hotfix] Marks a security hotFix that fails verification (a security vulnerability)
verifies OK Marks a hotfix that verifies correctly
fails verification Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled)
Unmarked hotfixes lack the data to allow verification

Click here for Belarc's System Management products, for large and small companies.

Software Licenses [Back to Top]

Adobe Systems - Adobe Photoshop Elements 2.0 1057-4310-4298-9290-4216-7678
Autodesk - AutoCAD Mechanical 2004 340-90082649
Belarc - Advisor 3ad8f734
Microsoft - Excel 97 29497-OEM-0026132-25532
Microsoft - Expedia Streets 98 68805-OEM-0486424-87258
Microsoft - Internet Explorer 55736-320-0926353-04333 (Key: R2D43-3DHG9-DQ79W-W3DXQ-929DY)
Microsoft - MediaPlayer 69808-317-3249226-04947
Microsoft - WebFldrs 12345-111-1111111-77793
Microsoft - Windows 2000 Professional 51873-006-3133211-09229 (Key: FKDPM-DTJ8V-6WXBD-QY3JK-2BR8D)
ScanSoft - OmniPageSE 2809Z-H08-001001
Software Versions (mouse over * for details, click * for location) [Back to Top]
abc Ins32 Version 1, 0, 0, 1 *
Adobe Acrobat Version 7.1.0.2008042300 *
Adobe Photoshop Elements Version 2.0 *
Adobe Reader Version 7.0.8.2006051600 *
Adobe Systems, Inc. Adobe Gamma Loader Version 1, 0, 0, 1 *
Adobe Workgroup Helper Version 2.8.3.3 *
America Online, Inc. - AOL Connectivity Service Version 1,0,25,3 *
Apple Computer, Inc. - QuickTime QuickTime 6.3 *
ArcSoft Inc. - PhotoBase Version 3.0.0.106 *
ArcSoft PhotoStudio Version 5.0.0.53 *
Autodesk - AcSignApply Module Version 16.0.0.86 *
Autodesk - AcStdBatchLoader Module Version 16.0.0.86 *
Autodesk Express Viewer Version 3.1.0.76 *
Autodesk Hardcopy Subsystem Version 8.0.16.86 *
Autodesk, Inc. - AutoCAD Mechanical Version 2004 *
Autodesk, Inc. - AutoCAD R16.00.086 *
Autodesk, Inc. - AutoCAD Version 16.0.0.86 *
Autodesk, Inc. - Mechanical Desktop Version 2004 *
Autodesk, Inc. - ProjectPoint Version 6.2.1347.2 *
AVG Internet Security Version 8.0.0.134 *
B.H.A Co.,Ltd. - B's Recorder GOLD5 Version 5, 0, 9, 0 *
B.H.A Corporation - B's Erase Version 1.04 *
B.H.A Corporation. - B's Player Version 2, 1, 1, 0 *
Belarc, Inc. - Advisor Version 7.2t *
Bobcad19 Application Version 19, 0, 0, 1 *
Bobcad20 Application Version 20, 0, 0, 1 *
Bulldog Monitor *
CANON INC. - CanoScan Toolbox Application Version 4.1.2.2 *
Cinematronics - 3D Pinball Version 5.00.2134.1 *
Convert Application Version 1, 0, 0, 1 *
Copyright © B.H.A Corporation. - B's CLiP Version 5.09 *
D.P. Technology Corp. - ESPRIT Application Version 1, 1, 0, 0 *
Delta - UPSlim Version 3.1 *
Eastman Software, Inc., A Kodak Business - Imaging for Windows® Version 5.00.2138.1 *
Google Inc. - Picasa Version 2.7.0 *
Google Updater Version 2.0.711.37800.beta *
Hewlett-Packard - hp photosmart Version 4,1,14 *
Hewlett-Packard - WebReg Application Version 1, 0, 0, 1 *
Hewlett-Packard Company - HP Memories Disc Creator Software Version 1.0.2.0 *
Hewlett-Packard Company - S2WEx Version 2, 6, 0, 162 *
Hewlett-Packard hpgs2wnd Version 2,3,0,0\ 162 *
HP PML Version 4, 5, 0, 770 *
HPDirector Module Version 1, 0, 0, 1 *
Hpi_Prnt Application Version 1.1.0.121 *
Macrovision Corporation - InstallShield Update Service Version 4, 60 *
MazaCAM Editor * MazaCAM Utilities *
Microsoft ® Windows Script Host Version 5.6.0.6626 *
Microsoft Corporation - Clip Gallery 3.0 for Windows Version 3.0 *
Microsoft Corporation - Internet Explorer Version 6.00.2600.0000 *
Microsoft Corporation - Windows Installer - Unicode Version 3.1.4000.1823 *
Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
Microsoft Excel Version 8.0 *
Microsoft Expedia Streets 98 Version 06.00.00.0001 *
Microsoft Office 2003 Version 11.0.5703 *
Microsoft Office Version 8.0 *
Microsoft Open Database Connectivity Version 3.520.6526.0 *
Microsoft Publisher 97 Version 4.0 *
Microsoft Setup for Windows Version 3.0 *
Microsoft Windows Media Player Version 6.4.09.1125 *
Microsoft Windows Version 3.10.425 *
Microsoft® Windows Media Player Version 9.00.00.2980 *
Microsoft® Find Fast Version 8.0 *
Microsoft® Word for Windows® 97 Version 8.0 *
MindVision - Installer VISE 2.8.3 Version 2.8.3 *
Mozilla Corporation - Firefox Version 3.0.1 *
NewSoft Technology Corporation - PageManager Version 6.03.00 *
Picasa, Inc. - Hello! Version 1, 0, 0, 651 *
Piriform Ltd - CCleaner Version 2, 10, 0, 618 *
QARM aus32 Version 1, 0, 0, 1 *
Rainbow Technologies - Sentinel Medic Version 2, 3, 0, 0 *
Rainbow Technologies - Sentinel System Driver 5.41.1 (32-bit) Version 5.41.1 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 0.1.0.3292 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 6.0.12.1235 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 7.0.0.2639 *
Safer Networking Limited - Secure Shredder Version 1.9.0.0 *
Safer Networking Limited - Spybot - Search & Destroy Version 1, 5, 2, 0 *
Safer Networking Limited - SpyBot-S&D Version 1, 5, 2, 0 *
SCadCam Version 1, 0, 0, 1 *
ScanSoft Inc. - Scanner Wizard Version 3.0.244.0 *
ScanSoft, Inc - OmniPage SE Version 11.0 *
Schedule OCR *
SpywareBlaster Version 4.01 *
SpywareGuard LiveUpdate Version 2.02.0001 *
SpywareGuard Version 2.02.0001 *
Sun Microsystems, Inc. - Java™ 2 Platform Standard Edition 5.0 Update 6 Version 5.0.60.5 *
SuperAdBlocker.com - BootSafe Application Version 2, 0, 0, 1000 *
SUPERAntiSpyware Version 4, 15, 0, 1000 *
Sygate® Security Agent and Personal Firewall Version 5.5.00.2710 *
WinZip Version 8.1 (4319) *
WinZip Version 8.1 SR-1 (5266) *
* Click to see where software is installed.
a. Megahertz measurement may be inaccurate if other programs were busy during last analysis.
b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
e. This may be the manufacturer's factory installed product key rather than yours.
Copyright 2000-7, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.


I hope you can figure something out from these. This is my wife's computer, so you know how important it is to fix this !!

Thanks in advance for your help ..... Uncle Mike

BC AdBot (Login to Remove)

 


m

#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:25 AM

Posted 23 August 2008 - 09:44 PM

  • Hello and welcome to BC

    We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

    If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

    Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Thanks and again sorry for the delay.

    First
    Seeing its been a number of days since your original scanning with HJT could you please run HJT now and post a fresh HJT log back to this topic please.

    Next

  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,


    Next
    Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.[list]
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

    In recap please post back the requested info from above
  • Fresh HJT log
  • Uninstall List
  • Log from the Kaspersky scan


#3 UncleMike

UncleMike
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 26 August 2008 - 09:33 AM

I had been using IE instead of Firefox, since Firefox was giving me problems, but now I can't get IE to open up at all. I don't know if this is related to my other problem, but I just thought I'd mention it.

Here's the items you asked for : First the HighJack This log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\WINNT\System32\hphmon04.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\WINNT\system32\wuauclt.exe
F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Microsoft Office\Office\OSA.EXE
F:\Program Files\SpywareGuard\sgmain.exe
F:\WINNT\System32\HPHipm11.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\HighJackThis\HiJackThis.exe
F:\WINNT\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPHmon04] F:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "F:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [B'sCLiP] F:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Omnipage] F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = F:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = F:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .scm: F:\Program Files\Internet Explorer\PLUGINS\NPSC.DLL
O12 - Plugin for .xav: F:\Program Files\Internet Explorer\PLUGINS\NPAVIAN.DLL
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/30673c695a19b1...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124807237041
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: FHook.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPH11 - HP - F:\WINNT\System32\HPHipm11.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe

--
End of file - 8413 bytes



Now the Uninstall list :


Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 7.1.0
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
AutoCAD Mechanical 2004
Autodesk Express Viewer
Autodesk Streamline 6.2.1347.2
AVG Free 8.0
Belarc Advisor 7.2
Belkin Bulldog
BHA B's Recorder GOLD 5.09
BobCAD Software Installation
BobCAD-CAM V19
BobCAD-CAM V20
B's CLiP
Canon CanoScan Toolbox 4.1
CCleaner (remove only)
Hardlock Device Driver
Hardlock Device Drivers
HASP HL Device Driver
Hello (remove only)
HijackThis 2.0.2
hp instant support
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
Lotus Media Plugin Player
Manual CanoScan LiDE 50
Microsoft Excel 97
Microsoft Expedia Streets 98
Microsoft Office PowerPoint Viewer 2003
Microsoft Publisher 97
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 97
Mozilla Firefox (3.0.1)
OmniPage SE
One2000 Lathe
One2000 Mill Professional
OneCNC-XR2 Lathe Professional
OneCNC-XR2 Mill Expert
OneCNC-XR2 Profile Professional
Panda ActiveScan
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 2
Presto! PageManager 6.03
QuickTime
RealPlayer
SanDisk ImageMate CF-SM v1.00
Sentinel Medic
Sentinel System Driver
SolutionWare CAD/CAM
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
Sygate Personal Firewall
Update Rollup 1 for Windows 2000 SP4
Viewpoint Media Player
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB899588
Windows 2000 Service Pack 4
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player system update (9 Series)
WinZip


Here's the Kaspersky report :


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 25, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 24, 2008 19:46:26
Records in database: 1141144
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 39249
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 22:41:29

No malware has been detected. The scan area is clean.

The selected area was scanned.


If you noticed, it took almost 23 hours to run the Kaspersky scan. I must have a lot of unnecessary stuff on this computer, but I'm not sure what things I actually need, and what I can safely get rid of.

Anyway, hopefully, you'll be able to tell something from these scans. Thanks ... Mike

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:25 AM

Posted 28 August 2008 - 04:41 AM

I apologize someone will be with you shortly

#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 AM

Posted 28 August 2008 - 08:18 PM

Hello UncleMike :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you from here on out and will need some time to look over your log. I will get back to you just as soon as I can.




Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 AM

Posted 29 August 2008 - 02:00 PM

Hello again UncleMike,


Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/30673c695a19b1...ip/RdxIE601.cab



Then close all windows except HijackThis and click Fix Checked.

Restart your computer




Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
I see that you have SuperAntiSpyware installed on your machine. Check to make sure it is fully updated and then run it again. Please post the log it supplies in your next reply.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (< info.txt (<


Please let me know if there is any improvement in the computer. :thumbsup:

Edited by thewall, 29 August 2008 - 02:01 PM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 UncleMike

UncleMike
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 29 August 2008 - 09:48 PM

Here you go :

info.txt logfile of random's system information tool 2008-08-29 16:38:13

Uninstall list

-->F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->F:\WINNT\IsUninst.exe -fF:\WINNT\System32\UninstIPP.isu
Adobe Flash Player ActiveX-->F:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->F:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 2.0-->F:\WINNT\ISUNINST.EXE -f"F:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"F:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
ArcSoft PhotoBase 3-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
AutoCAD Mechanical 2004-->MsiExec.exe /I{5783F2D7-0205-0409-0000-0060B0CE6BBA}
Autodesk Express Viewer-->F:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Autodesk Streamline 6.2.1347.2-->F:\PROGRA~1\PROJEC~1\Setup.exe /remove
AVG Free 8.0-->F:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belarc Advisor 7.2-->F:\PROGRA~1\Belarc\Advisor\Uninstall.exe F:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Belkin Bulldog-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{32256A06-DE8F-11D5-B829-004033AA2C09}\Setup.exe" -l0x9
BHA B's Recorder GOLD 5.09-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{87CFE0AD-EAF0-40D1-B5CF-EDC527DAB7D2}\setup.exe" -l0x9
BobCAD Software Installation-->F:\WINNT\IsUninst.exe -fF:\WbobCAD\Uninst.isu
BobCAD-CAM V19-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{A500780C-75B6-44F6-A551-03C1A56FF243}\setup.exe" -l0x9
BobCAD-CAM V20-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7FE673B2-140E-4B46-ADBA-6FECFAC509A5}\setup.exe" -l0x9 -removeonly
B's CLiP-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\setup.exe" -l0x9
Canon CanoScan Toolbox 4.1-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9 anything
CCleaner (remove only)-->"F:\Program Files\CCleaner\uninst.exe"
Hardlock Device Driver-->F:\WINNT\System32\UNWISE.EXE F:\WINNT\System32\HLDRV.LOG
Hardlock Device Drivers-->F:\WINNT\system32\UNWISE.EXE F:\WINNT\system32\HLDRV.LOG
HASP HL Device Driver-->F:\WINNT\system32\UNWISE.EXE F:\WINNT\system32\hdd32.log
Hello (remove only)-->"F:\Program Files\Hello\Uninstall.exe"
HijackThis 2.0.2-->"F:\Documents and Settings\Administrator\Desktop\Virus Protection\HijackThis.exe" /uninstall
hp instant support-->F:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 1.0 - HP Photosmart Printer Series-->MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->F:\Program Files\Learn2.com\StRunner\stuninst.exe
Lotus Media Plugin Player-->F:\PROGRA~1\INTERN~1\PLUGINS\UNWISE.EXE F:\PROGRA~1\INTERN~1\PLUGINS\INSTALL.LOG
Manual CanoScan LiDE 50-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{A2C726E9-C3A0-4850-82C7-5D01FE0E4EB8}\setup.exe" -l0x9
Microsoft Excel 97-->F:\Program Files\Microsoft Office\Office\Setup\AcmeXl.exe /w Excel97.stf
Microsoft Expedia Streets 98-->F:\Program Files\Common Files\Microsoft Shared\Geography\Setup\acmsetup.exe /U /T SUS60409.stf
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Publisher 97-->F:\Program Files\Microsoft Publisher\Setup\Setup.exe /m
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 97-->F:\Program Files\Microsoft Office\Office\Setup\AcmeWord.exe /w Word97.stf
Mozilla Firefox (3.0.1)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
One2000 Lathe-->F:\One2000\Lathe\UNWISE.EXE F:\One2000\Lathe\INSTALL.LOG
One2000 Mill Professional-->F:\One2000\MILLPR~1\UNWISE.EXE F:\One2000\MILLPR~1\INSTALL.LOG
OneCNC-XR2 Lathe Professional -->F:\ONECNC~3\LATHEP~1\UNWISE.EXE F:\ONECNC~3\LATHEP~1\INSTALL.LOG
OneCNC-XR2 Mill Expert -->F:\ONECNC~3\MILLEX~1\UNWISE.EXE F:\ONECNC~3\MILLEX~1\INSTALL.LOG
OneCNC-XR2 Profile Professional -->F:\ONECNC~3\PROFIL~1\UNWISE.EXE F:\ONECNC~3\PROFIL~1\INSTALL.LOG
Panda ActiveScan-->F:\WINNT\system32\ASUninst.exe Panda ActiveScan
Photosmart 130,230,7150,7345,7350,7550 (Remove only)-->F:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
Picasa 2-->"F:\Program Files\Picasa2\Uninstall.exe"
Presto! PageManager 6.03-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}\setup.exe" -l0x9 anything
QuickTime-->F:\WINNT\unvise32qt.exe F:\WINNT\System32\QuickTime\Uninstall.log
RealPlayer-->F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SanDisk ImageMate CF-SM v1.00-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E98DB18A-B622-4C25-B157-0050BA1B9371}\setup.exe"
Sentinel Medic-->F:\WINNT\IsUninst.exe -f"F:\Program Files\Rainbow Technologies\Sentinel Medic\Uninst.isu"
Sentinel System Driver-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SolutionWare CAD/CAM-->F:\WINNT\IsUninst.exe -fC:\SLN\Uninst.isu
Spybot - Search & Destroy 1.5.2.20-->"F:\WINNT\unins000.exe"
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"F:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"F:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sygate Personal Firewall-->MsiExec.exe /X{DE187864-A381-4602-8823-1024D4CE4370}
Update Rollup 1 for Windows 2000 SP4-->"F:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
Viewpoint Media Player-->F:\Program Files\Viewpoint\Viewpoint Experience Technology\\mtsAxInstaller.exe /u
Windows 2000 Hotfix - KB842773-->F:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB899588-->"F:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
Windows 2000 Service Pack 4-->F:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"F:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Player system update (9 Series)-->F:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip-->"F:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Os2LibPath"=%SystemRoot%\system32\os2\dll;
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\Program Files\Common Files\Autodesk Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0304
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------


Next:

Logfile of random's system information tool (written by random/random)
Run by Administrator at 2008-08-29 16:36:17
Microsoft Windows 2000 Professional Service Pack 4
System drive F: has 48 GB (84%) free of 57 GB
Total RAM: 384 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:02 PM, on 8/29/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\hphmon04.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\system32\wuauclt.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Microsoft Office\Office\OSA.EXE
F:\WINNT\System32\HPHipm11.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\WINNT\system32\msiexec.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Documents and Settings\Administrator\Desktop\RSIT.exe
F:\HighJackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPHmon04] F:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "F:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [B'sCLiP] F:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Omnipage] F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = F:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = F:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .scm: F:\Program Files\Internet Explorer\PLUGINS\NPSC.DLL
O12 - Plugin for .xav: F:\Program Files\Internet Explorer\PLUGINS\NPAVIAN.DLL
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124807237041
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: FHook.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPH11 - HP - F:\WINNT\System32\HPHipm11.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe

--
End of file - 7880 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - F:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - F:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - F:\WINNT\System32\msdxm.ocx [2005-03-31 844560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=F:\WINNT\system32\mobsync.exe [2003-06-19 111376]
"HPHmon04"=F:\WINNT\System32\hphmon04.exe [2002-06-20 339968]
"HPHUPD04"=F:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-05-24 49152]
"Share-to-Web Namespace Daemon"=F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"B'sCLiP"=F:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe [2002-08-02 1077248]
"SmcService"=F:\PROGRA~1\Sygate\SPF\smc.exe [2004-08-13 2532576]
"Omnipage"=F:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]
"TkBellExe"=F:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-10-09 180269]
"AVG8_TRAY"=F:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-29 1235736]
"QuickTime Task"=F:\Program Files\QuickTime\qttask.exe [2004-06-29 77824]
"SunJavaUpdateSched"=F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-26 1576176]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE

F:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Microsoft Find Fast.lnk - F:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk - F:\Program Files\Microsoft Office\Office\OSA.EXE
SpywareGuard.lnk - F:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="FHook.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-26 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=F:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-07-19 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

File associations

.js - edit - F:\WINNT\System32\Notepad.exe %1
.js - open - F:\WINNT\System32\WScript.exe "%1" %*
.vbs - edit - F:\WINNT\System32\Notepad.exe %1
.vbs - open - F:\WINNT\System32\WScript.exe "%1" %*

List of files/folders created in the last three months

2008-08-29 16:36:17 ----D---- F:\rsit
2008-08-29 16:29:32 ----A---- F:\WINNT\system32\javaws.exe
2008-08-29 16:29:32 ----A---- F:\WINNT\system32\javaw.exe
2008-08-29 16:29:32 ----A---- F:\WINNT\system32\java.exe
2008-08-29 16:26:50 ----D---- F:\Program Files\Java
2008-08-29 16:26:42 ----D---- F:\Program Files\Common Files\Java
2008-08-08 15:41:43 ----D---- F:\Program Files\Belarc
2008-07-14 16:58:08 ----D---- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-14 16:57:37 ----D---- F:\Program Files\SUPERAntiSpyware
2008-07-14 16:57:37 ----D---- F:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-14 16:39:24 ----A---- F:\WINNT\system32\avgrsstx.dll
2008-06-11 03:11:42 ----HD---- F:\$AVG8.VAULT$
2008-06-10 09:07:39 ----D---- F:\Program Files\AVG
2008-06-10 09:07:39 ----AD---- F:\Documents and Settings\All Users\Application Data\avg8
2008-06-10 08:56:35 ----D---- F:\WINNT\system32\Windows Media
2008-06-10 08:54:46 ----HDC---- F:\WINNT\$NtUpdateRollupPackUninstall$
2008-06-10 08:54:41 ----D---- F:\WINNT\msiinst.tmp

List of drivers

R1 AFS2K;AFS2k; F:\WINNT\system32\drivers\AFS2K.sys [2003-02-13 82380]
R1 AvgLdx86;AVG AVI Loader Driver x86; F:\WINNT\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; F:\WINNT\system32\System32\Drivers\avgmfx86.sys []
R1 BANTExt;Belarc SMBios Access; F:\WINNT\system32\System32\Drivers\BANTExt.sys []
R1 Cdr4_2K;Cdr4_2K; F:\WINNT\system32\drivers\Cdr4_2K.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; F:\WINNT\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 cdrbsvsd;cdrbsvsd; F:\WINNT\system32\drivers\cdrbsvsd.sys [2001-10-18 9278]
R1 SASDIFSV;SASDIFSV; \??\F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 wpsdrvnt;wpsdrvnt; \??\F:\WINNT\System32\drivers\wpsdrvnt.sys []
R2 AvgTdiX;AVG8 Network Redirector; F:\WINNT\system32\System32\Drivers\avgtdix.sys []
R2 hardlock;hardlock; \??\F:\WINNT\System32\drivers\hardlock.sys []
R2 Sentinel;Sentinel; F:\WINNT\system32\System32\Drivers\SENTINEL.SYS []
R2 wg3n;SyGate for NT, wg3n; F:\WINNT\system32\SYSTEM32\Drivers\wg3n.sys []
R2 wg4n;SyGate for NT, wg4n; F:\WINNT\system32\SYSTEM32\Drivers\wg4n.sys []
R2 wg5n;SyGate for NT, wg5n; F:\WINNT\system32\SYSTEM32\Drivers\wg5n.sys []
R2 wg6n;SyGate for NT, wg6n; F:\WINNT\system32\SYSTEM32\Drivers\wg6n.sys []
R3 3cisati;3Com Windows Modem Driver TI; F:\WINNT\System32\DRIVERS\3cisati.sys [1999-09-24 774928]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter; F:\WINNT\System32\DRIVERS\DLKRTS.SYS [2001-10-17 25434]
R3 Dot4 HPH11;Dot4 HPH11; F:\WINNT\System32\DRIVERS\hphid411.sys [2002-05-24 50896]
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; F:\WINNT\System32\DRIVERS\hphipr11.sys [2002-05-24 16112]
R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); F:\WINNT\System32\Drivers\hphs2k11.sys [2002-05-24 50276]
R3 Dot4Usb HPH11;Dot4Usb HPH11; F:\WINNT\System32\drivers\hphius11.sys [2002-05-24 18928]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); F:\WINNT\system32\drivers\ES1370MP.sys [1999-11-12 41328]
R3 NtApm;NT Apm/Legacy Interface Driver; F:\WINNT\System32\DRIVERS\NtApm.sys [1999-09-25 9104]
R3 nv3;nv3; F:\WINNT\System32\DRIVERS\nv3.sys [1999-10-27 201328]
R3 SASENUM;SASENUM; \??\F:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 uhcd;Microsoft USB Universal Host Controller Driver; F:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; F:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbprint;Microsoft USB PRINTER Class; F:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
R3 wanatw;WAN Miniport (ATW); F:\WINNT\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 A4S2600;A4S2600; F:\WINNT\System32\drivers\A4S2600.sys []
S3 akshasp;Aladdin HASP Key; F:\WINNT\System32\DRIVERS\akshasp.sys [2004-04-28 328448]
S3 aksusb;Aladdin USB Key; F:\WINNT\System32\DRIVERS\aksusb.sys [2004-05-11 99968]
S3 CCDECODE;Closed Caption Decoder; F:\WINNT\System32\DRIVERS\CCDECODE.sys [2001-10-08 15264]
S3 MPE;BDA MPE Filter; F:\WINNT\System32\DRIVERS\MPE.sys [2001-10-16 13952]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINNT\system32\drivers\MSTEE.sys [2001-10-30 4896]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINNT\System32\DRIVERS\NABTSFEC.sys [2001-10-08 86016]
S3 Pfc;Padus ASPI Shell; \??\F:\WINNT\System32\drivers\pfc.sys []
S3 SLIP;BDA Slip De-Framer; F:\WINNT\System32\DRIVERS\SLIP.sys [2001-10-16 10368]
S3 streamip;BDA IPSink; F:\WINNT\System32\DRIVERS\StreamIP.sys [2001-10-16 14400]
S3 USBATA;ImageMate USB to CF-SM; F:\WINNT\System32\DRIVERS\USBATA.SYS [2001-12-17 79335]
S3 usbscan;USB Scanner Driver; F:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;USB Mass Storage Driver; F:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2001-10-08 18208]
S4 ACPI;ACPI; F:\WINNT\system32\drivers\ACPI.sys []
S4 BsUDF;BsUDF; F:\WINNT\system32\drivers\BsUDF.sys [2002-08-02 372339]
S4 vsdatant;vsdatant; F:\WINNT\system32\drivers\vsdatant.sys []

List of services

R2 AOL ACS;AOL Connectivity Service; F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2004-04-21 1434848]
R2 avg8emc;AVG8 E-mail Scanner; F:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog; F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 SmcService;Sygate Personal Firewall; F:\Program Files\Sygate\SPF\smc.exe [2004-08-13 2532576]
R2 StiSvc;Still Image Service; F:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R2 UPSlim;UPS - UPSlim Service; F:\Program Files\Belkin Bulldog\upsd.exe [2001-11-30 147456]
R3 Pml Driver HPH11;Pml Driver HPH11; F:\WINNT\System32\HPHipm11.exe [2002-05-24 77824]
S3 gusvc;Google Updater Service; F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 WmdmPmSN;Portable Media Serial Number Service; F:\WINNT\System32\svchost.exe [1999-12-07 7952]

-----------------EOF-----------------


And last :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/29/2008 at 06:39 PM

Application Version : 4.20.1046

Core Rules Database Version : 3551
Trace Rules Database Version: 1539

Scan type : Complete Scan
Total Scan Time : 01:54:14

Memory items scanned : 324
Memory threats detected : 0
Registry items scanned : 3992
Registry threats detected : 0
File items scanned : 11984
File threats detected : 6

Adware.Tracking Cookie
F:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
F:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
F:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
F:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
F:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt
F:\Documents and Settings\Administrator\Cookies\administrator@adserver[1].txt


See what you think .... Mike

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 AM

Posted 31 August 2008 - 08:52 AM

Now let's do the following:


Download Deckard's Association File Tool DAFT and save it to your desktop.
  • Double click on it and clickRun.
  • Click on the Scan button.
  • If it finds faulty file associations, they will appear in red beside a checkbox
  • Click Save Log and save daft.txt
  • Then place a checkmark (tick) in the boxes in question.
  • Click the Fix button.
  • Copy and paste the content of daft.txt to your reply.


It appears you are using Sygate for your personal firewall. I also see some remnants of ZoneAlarm on your system which we can clear off but I want to make sure Sygate is the firewall of your choice before doing so.


Please perform the above and post a new RSIT log along with the one from DAFT
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 UncleMike

UncleMike
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 31 August 2008 - 12:13 PM

OK Here we go .... The first thing I'd like to let you know is that I received a message from someone who read my post. He said he was having the same problem with Firefox as me. He was also using AVG. He recommended that I disable the "AVG Search Shield" in the "Link Scanner" component of AVG. I did that, and since then, I haven't had any problems with Firefox, not even when I went to AARP.org. It ALWAYS kicked me right off. For some reason though, I still can't open an IE window at all. I only use IE when I have to, but it's nice to have that option.

By the way, I AM using Sygate as my firewall, and yes, let's get rid of ZoneAlarm completely. In fact, if you see anything else that I can get rid of that might speed this box up, let's do that too !! I downloaded a program called "autoruns.exe" some time ago that actually shows me all the programs that are running when I turn on the computer, and gives me the option of turning them off. Unfortunately, I'm not certain of which ones I need, and which ones I don't, so I haven't changed anything.

Anyway, here are the scans that you asked for.

First, the DAFT log :

DAFT Log saved on 2008-08-31 12:38:39
-----------------------------------------------------------------------
.js - JSFile - shell\open\command - F:\WINNT\System32\WScript.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "F:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "%1"
.vbs - VBSFile - shell\open\command - F:\WINNT\System32\WScript.exe "%1" %*
.vbs - VBSFile - shell\edit\command - F:\WINNT\System32\Notepad.exe %1



Next, the RSIT log :

Logfile of random's system information tool (written by random/random)
Run by Administrator at 2008-08-31 12:41:43
Microsoft Windows 2000 Professional Service Pack 4
System drive F: has 48 GB (84%) free of 57 GB
Total RAM: 384 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:14 PM, on 8/31/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\hphmon04.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\WINNT\system32\wuauclt.exe
F:\WINNT\System32\HPHipm11.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Microsoft Office\Office\OSA.EXE
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\Windows NT\Accessories\WORDPAD.EXE
F:\Documents and Settings\Administrator\Desktop\RSIT.exe
F:\HighJackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPHmon04] F:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "F:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [B'sCLiP] F:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Omnipage] F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] F:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = F:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = F:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .scm: F:\Program Files\Internet Explorer\PLUGINS\NPSC.DLL
O12 - Plugin for .xav: F:\Program Files\Internet Explorer\PLUGINS\NPAVIAN.DLL
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124807237041
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: FHook.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPH11 - HP - F:\WINNT\System32\HPHipm11.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe

--
End of file - 7967 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - F:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - F:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - F:\WINNT\System32\msdxm.ocx [2005-03-31 844560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=F:\WINNT\system32\mobsync.exe [2003-06-19 111376]
"HPHmon04"=F:\WINNT\System32\hphmon04.exe [2002-06-20 339968]
"HPHUPD04"=F:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-05-24 49152]
"Share-to-Web Namespace Daemon"=F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"B'sCLiP"=F:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe [2002-08-02 1077248]
"SmcService"=F:\PROGRA~1\Sygate\SPF\smc.exe [2004-08-13 2532576]
"Omnipage"=F:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]
"TkBellExe"=F:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-10-09 180269]
"AVG8_TRAY"=F:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-29 1235736]
"QuickTime Task"=F:\Program Files\QuickTime\qttask.exe [2004-06-29 77824]
"SunJavaUpdateSched"=F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-26 1576176]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE

F:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Microsoft Find Fast.lnk - F:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk - F:\Program Files\Microsoft Office\Office\OSA.EXE
SpywareGuard.lnk - F:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="FHook.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-26 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=F:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-07-19 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

File associations

.js - edit - F:\WINNT\System32\Notepad.exe %1

List of files/folders created in the last three months

2008-08-29 16:36:17 ----D---- F:\rsit
2008-08-29 16:29:32 ----A---- F:\WINNT\system32\javaws.exe
2008-08-29 16:29:32 ----A---- F:\WINNT\system32\javaw.exe
2008-08-29 16:29:32 ----A---- F:\WINNT\system32\java.exe
2008-08-29 16:26:50 ----D---- F:\Program Files\Java
2008-08-29 16:26:42 ----D---- F:\Program Files\Common Files\Java
2008-08-08 15:41:43 ----D---- F:\Program Files\Belarc
2008-07-14 16:58:08 ----D---- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-14 16:57:37 ----D---- F:\Program Files\SUPERAntiSpyware
2008-07-14 16:57:37 ----D---- F:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-14 16:39:24 ----A---- F:\WINNT\system32\avgrsstx.dll
2008-06-11 03:11:42 ----HD---- F:\$AVG8.VAULT$
2008-06-10 09:07:39 ----D---- F:\Program Files\AVG
2008-06-10 09:07:39 ----AD---- F:\Documents and Settings\All Users\Application Data\avg8
2008-06-10 08:56:35 ----D---- F:\WINNT\system32\Windows Media
2008-06-10 08:54:46 ----HDC---- F:\WINNT\$NtUpdateRollupPackUninstall$
2008-06-10 08:54:41 ----D---- F:\WINNT\msiinst.tmp

List of drivers

R1 AFS2K;AFS2k; F:\WINNT\system32\drivers\AFS2K.sys [2003-02-13 82380]
R1 AvgLdx86;AVG AVI Loader Driver x86; F:\WINNT\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; F:\WINNT\system32\System32\Drivers\avgmfx86.sys []
R1 BANTExt;Belarc SMBios Access; F:\WINNT\system32\System32\Drivers\BANTExt.sys []
R1 Cdr4_2K;Cdr4_2K; F:\WINNT\system32\drivers\Cdr4_2K.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; F:\WINNT\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 cdrbsvsd;cdrbsvsd; F:\WINNT\system32\drivers\cdrbsvsd.sys [2001-10-18 9278]
R1 SASDIFSV;SASDIFSV; \??\F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 wpsdrvnt;wpsdrvnt; \??\F:\WINNT\System32\drivers\wpsdrvnt.sys []
R2 AvgTdiX;AVG8 Network Redirector; F:\WINNT\system32\System32\Drivers\avgtdix.sys []
R2 hardlock;hardlock; \??\F:\WINNT\System32\drivers\hardlock.sys []
R2 Sentinel;Sentinel; F:\WINNT\system32\System32\Drivers\SENTINEL.SYS []
R2 wg3n;SyGate for NT, wg3n; F:\WINNT\system32\SYSTEM32\Drivers\wg3n.sys []
R2 wg4n;SyGate for NT, wg4n; F:\WINNT\system32\SYSTEM32\Drivers\wg4n.sys []
R2 wg5n;SyGate for NT, wg5n; F:\WINNT\system32\SYSTEM32\Drivers\wg5n.sys []
R2 wg6n;SyGate for NT, wg6n; F:\WINNT\system32\SYSTEM32\Drivers\wg6n.sys []
R3 3cisati;3Com Windows Modem Driver TI; F:\WINNT\System32\DRIVERS\3cisati.sys [1999-09-24 774928]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter; F:\WINNT\System32\DRIVERS\DLKRTS.SYS [2001-10-17 25434]
R3 Dot4 HPH11;Dot4 HPH11; F:\WINNT\System32\DRIVERS\hphid411.sys [2002-05-24 50896]
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; F:\WINNT\System32\DRIVERS\hphipr11.sys [2002-05-24 16112]
R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); F:\WINNT\System32\Drivers\hphs2k11.sys [2002-05-24 50276]
R3 Dot4Usb HPH11;Dot4Usb HPH11; F:\WINNT\System32\drivers\hphius11.sys [2002-05-24 18928]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); F:\WINNT\system32\drivers\ES1370MP.sys [1999-11-12 41328]
R3 NtApm;NT Apm/Legacy Interface Driver; F:\WINNT\System32\DRIVERS\NtApm.sys [1999-09-25 9104]
R3 nv3;nv3; F:\WINNT\System32\DRIVERS\nv3.sys [1999-10-27 201328]
R3 SASENUM;SASENUM; \??\F:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 uhcd;Microsoft USB Universal Host Controller Driver; F:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; F:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbprint;Microsoft USB PRINTER Class; F:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
R3 wanatw;WAN Miniport (ATW); F:\WINNT\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 A4S2600;A4S2600; F:\WINNT\System32\drivers\A4S2600.sys []
S3 akshasp;Aladdin HASP Key; F:\WINNT\System32\DRIVERS\akshasp.sys [2004-04-28 328448]
S3 aksusb;Aladdin USB Key; F:\WINNT\System32\DRIVERS\aksusb.sys [2004-05-11 99968]
S3 CCDECODE;Closed Caption Decoder; F:\WINNT\System32\DRIVERS\CCDECODE.sys [2001-10-08 15264]
S3 MPE;BDA MPE Filter; F:\WINNT\System32\DRIVERS\MPE.sys [2001-10-16 13952]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINNT\system32\drivers\MSTEE.sys [2001-10-30 4896]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINNT\System32\DRIVERS\NABTSFEC.sys [2001-10-08 86016]
S3 Pfc;Padus ASPI Shell; \??\F:\WINNT\System32\drivers\pfc.sys []
S3 SLIP;BDA Slip De-Framer; F:\WINNT\System32\DRIVERS\SLIP.sys [2001-10-16 10368]
S3 streamip;BDA IPSink; F:\WINNT\System32\DRIVERS\StreamIP.sys [2001-10-16 14400]
S3 USBATA;ImageMate USB to CF-SM; F:\WINNT\System32\DRIVERS\USBATA.SYS [2001-12-17 79335]
S3 usbscan;USB Scanner Driver; F:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 USBSTOR;USB Mass Storage Driver; F:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2001-10-08 18208]
S4 ACPI;ACPI; F:\WINNT\system32\drivers\ACPI.sys []
S4 BsUDF;BsUDF; F:\WINNT\system32\drivers\BsUDF.sys [2002-08-02 372339]
S4 vsdatant;vsdatant; F:\WINNT\system32\drivers\vsdatant.sys []

List of services

R2 AOL ACS;AOL Connectivity Service; F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2004-04-21 1434848]
R2 avg8wd;AVG8 WatchDog; F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 SmcService;Sygate Personal Firewall; F:\Program Files\Sygate\SPF\smc.exe [2004-08-13 2532576]
R2 StiSvc;Still Image Service; F:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R2 UPSlim;UPS - UPSlim Service; F:\Program Files\Belkin Bulldog\upsd.exe [2001-11-30 147456]
R3 Pml Driver HPH11;Pml Driver HPH11; F:\WINNT\System32\HPHipm11.exe [2002-05-24 77824]
S2 avg8emc;AVG8 E-mail Scanner; F:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
S3 gusvc;Google Updater Service; F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 WmdmPmSN;Portable Media Serial Number Service; F:\WINNT\System32\svchost.exe [1999-12-07 7952]

-----------------EOF-----------------


I hope these tell you something, and thanks again for all your help ..... Mike

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 AM

Posted 01 September 2008 - 07:52 AM

Your IE needs to be updated, currently it is not patched. Please go to IE updates which can be accessed through the Start program and install all available upgrades.

After doing that let' see if it helps the connection problem.


Also do the following to get rid of what is left of ZoneAlarm.



Open HijackThis click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens you should then enter the service name below and press OK.

vsdatant



Reboot your computer





Let's try to get these things cleared up and I will give you some information on how to determine if a program is needed or not.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 UncleMike

UncleMike
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 01 September 2008 - 02:57 PM

Hello again ... I removed the remains of Zone Alarm, and that seemed to work fine, and then I installed Internet Explorer SP1 to see if that would fix my connection problem. Unfortunately, it didn't work. I still can't open an IE window.

In addition to that, somehow I'm back to the same old problem with Firefox shutting down on me. I got to thinking that maybe the latest version of AVG somehow might be causing this, so I uninstalled it completely. After that Firefox seemed to work, but only for a while. So that I had an anti-virus program in effect, I downloaded and installed Avast Version 4.8. I ran a scan, and it did find a file called pskavs.dll and then quarantined it.

As I sit here typing this reply on my laptop, Firefox is up and running on my PC, but who knows for how long ? I think I'll let my wife play with it. She seems to ALWAYS be able to make it break down. She likes to browse a lot of real estate, and vacation websites. Who knows, maybe it will be OK with AVG out of the picture. We'll just have to wait and see.

I'm still having the problem with IE though, so where do we go from here ?

Mike

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 AM

Posted 02 September 2008 - 10:26 AM

Hi UncleMike, :)

Well the good news is I don't see any sign of infection on your computer and I am going to post some things which you can do to help prevent further infections. I am also going to provide you with a link that tells you how to go about finding what programs you can disable and which ones need to be running.

With respect to the problems you are having with Internet connections there is several things it could be such as issues with your firewall or the like. Since we deal mainly with Malware here on this forum I would like for you to go over to our forum which handles these type problems and open up a topic there. You can tell them we have cleaned up anything we could find and let them know what type things you are still encountering.

Of course if any other Malware problems show up you can PM me or one of our coaches to have this topic reopened.


I hope you get your connection problems straightened out and good luck! :thumbsup:


This link is for the startup programs.



This link is for the Internet forum.






Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.
The infections you had were

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Two good paid for antivirus programs are NOD32 and Bitdefender
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Install and use a firewall with outbound protection
    While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
    I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall or Zonealarm
    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
    Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:25 PM

Posted 06 September 2008 - 10:00 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users