Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE7 launches on bootup


  • This topic is locked This topic is locked
8 replies to this topic

#1 Brucerb

Brucerb

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 04 November 2009 - 08:21 PM

I recently had a problem of IE8 repeatedly launching itself while the computer was idle. I uninstalled IE8, leaving only IE7. Now IE7 launches itself only during bootup although it works fine as does the rest of the computer. I'm sure it is some malware.
DDS (Ver_09-10-26.01) - NTFSx86
Run by Bruce at 19:45:10.87 on Wed 11/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.581 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\winnt\system32\svchost -k DcomLaunch
svchost.exe
C:\winnt\System32\svchost.exe -k netsvcs
C:\winnt\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\winnt\system32\spoolsv.exe
svchost.exe
C:\winnt\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\winnt\system32\RUNDLL32.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\winnt\System32\GEARSec.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Program Files\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\EncryptorControl.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\winnt\system32\nvsvc32.exe
C:\winnt\system32\HPZipm12.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\GhostSurf Platinum\ProtectorSvc.exe
C:\Program Files\LTCM Client\ltcmScheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINNT\system32\slpservice.exe
C:\winnt\System32\svchost.exe -k imgsvc
C:\winnt\system32\slpmonx.exe
C:\WINNT\system32\Tablet.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\winnt\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bruce.DR-RR4TVVFCU7U8\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mdeyedocs.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = <local>
uWindows: load=slpmonx.exe
BHO: SpywareBlock Class: {0a87e45f-537a-40b4-b812-e2544c21a09f} - c:\program files\ghostsurf platinum\SCActiveBlock.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {930E4DE1-973D-42D6-BF6E-6788E06BD003} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
uRun: [MSMSGS] c:\program files\messenger\msmsgs.exe /background
uRun: [ltcmScheduler] c:\program files\ltcm client\ltcmScheduler.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [Evidence Eliminator] c:\program files\evidence eliminator\ee.exe /m
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\winnt\system32\NeroCheck.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [iTunesHelper] "d:\program files\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [GhostSurf Reminder] "c:\program files\ghostsurf platinum\Privacy Control Center.exe" reminder
mRun: [EncryptorControl] c:\winnt\EncryptorControl.exe
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\spycat~1.lnk - c:\program files\ghostsurf platinum\SpyCatcher.exe
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://extraweb-americas.ey.com/home/extraweb/iNotes.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://extraweb-americas.ey.com/MAIL002/iNotes6.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136562719888
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136939636921
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: secuload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
IFEO: ctfmon.exe - c:\winnt\system32\ctfmon_eo.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruce~1.dr-\applic~1\mozilla\firefox\profiles\2sbdv671.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mdeyedocs.com/
FF - component: c:\documents and settings\all users.winnt\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: d:\program files\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\winnt\system32\drivers\snman380.sys [2009-3-1 134272]
R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-8-31 310320]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\winnt\system32\drivers\tdrpm140.sys [2009-3-1 971168]
R1 BHDrvx86;Symantec Heuristics Driver;c:\winnt\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-8-31 259632]
R1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-8-31 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users.winnt\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091102.002\IDSXpx86.sys [2009-10-28 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\winnt\system32\drivers\LMIRfsDriver.sys [2008-11-21 47640]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-8-31 117640]
R2 Protector;Protector;c:\program files\ghostsurf platinum\ProtectorSvc.exe [2008-7-11 3020608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-29 102448]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\winnt\system32\drivers\hpusbfd.sys [2006-1-9 7552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S0 PQV2i;PQV2i; [x]
S1 PQIMount;PQIMount; [x]
S2 DVR2INS;ADS Instant DVD 2.0;c:\winnt\system32\drivers\dvr2ins.sys [2006-1-9 34792]
S3 LapUsb;Logitech io Pen USB driver;c:\winnt\system32\drivers\LapUsb.sys [2006-2-7 68571]
S3 MotDev;Motorola Inc. USB Device;c:\winnt\system32\drivers\motodrv.sys [2009-1-7 42112]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-11-02 23:29:17 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-11-02 23:28:41 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-02 23:28:41 0 d-----w- c:\docume~1\bruce~1.dr-\applic~1\SUPERAntiSpyware.com
2009-11-02 23:27:38 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-29 23:51:23 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-10-28 23:55:19 0 d-sh--w- c:\documents and settings\bruce.dr-rr4tvvfcu7u8\PrivacIE
2009-10-28 23:55:16 0 d-sh--w- c:\documents and settings\bruce.dr-rr4tvvfcu7u8\IECompatCache
2009-10-28 23:39:30 0 d-sh--w- c:\documents and settings\bruce.dr-rr4tvvfcu7u8\IETldCache
2009-10-13 12:40:01 0 d-----w- C:\Ulead VideoStudio
2009-10-10 14:36:40 0 d-----w- c:\docume~1\bruce~1.dr-\applic~1\Blitware

==================== Find3M ====================

2009-11-04 02:26:25 0 ----a-w- c:\winnt\system32\drivers\lvuvc.hs
2009-11-04 02:26:21 0 ----a-w- c:\winnt\system32\drivers\logiflt.iad
2009-10-02 01:15:45 83288 ----a-w- c:\winnt\system32\LMIRfsClientNP.dll
2009-10-02 01:15:44 87352 ----a-w- c:\winnt\system32\LMIinit.dll
2009-10-02 01:15:44 28984 ----a-w- c:\winnt\system32\LMIport.dll
2009-09-11 14:18:39 136192 ----a-w- c:\winnt\system32\msv1_0.dll
2009-09-08 01:16:15 25248 ----a-w- c:\winnt\system32\lmimirr.dll
2009-09-08 01:16:15 11552 ----a-w- c:\winnt\system32\lmimirr2.dll
2009-09-04 21:03:36 58880 ----a-w- c:\winnt\system32\msasn1.dll
2009-08-31 23:13:27 60808 ----a-w- c:\winnt\system32\S32EVNT1.DLL
2009-08-29 07:36:27 832512 ----a-w- c:\winnt\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\winnt\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\winnt\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\winnt\system32\strmdll.dll
2009-08-18 03:33:52 1193832 ----a-w- c:\winnt\system32\FM20.DLL
2004-05-20 02:38:57 696541 ----a-w- c:\program files\vuepro80.exe
2008-04-14 00:36:16 32768 --sha-w- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008041320080414\index.dat

============= FINISH: 19:46:42.60 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:38 PM

Posted 09 November 2009 - 07:51 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 Brucerb

Brucerb
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 10 November 2009 - 08:21 AM

Thank you m0le. I am ready to receive your instructions.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:38 PM

Posted 10 November 2009 - 09:07 AM

Hi brucerb,

This sounds more like a registry issue than malware so can you also please run this program for me to take a look at your registry.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run
    HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run
    KEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please include the following:
  • SystemLook.txt


Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 Brucerb

Brucerb
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 11 November 2009 - 06:15 PM

Here's the System Look file:
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:00 on 10/11/2009 by Bruce (Administrator - Elevation successful)

========== reg ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"=""
"ctfmon.exe"="C:\winnt\system32\ctfmon.exe"
"DellSupport"=""C:\Program Files\DellSupport\DSAgnt.exe" /startup"
"Evidence Eliminator"="C:\Program Files\Evidence Eliminator\ee.exe /m"
"IE New Window Maximizer"="C:\Program Files\IE New Window Maximizer\iemaximizer.exe"
"ISUSPM"=""C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler"
"ltcmScheduler"="C:\Program Files\LTCM Client\ltcmScheduler.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"swg"=""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows|CurrentVersion\RunServices]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe""
"Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe""
"AdobeCS4ServiceManager"=""C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin"
"BlackBerryAutoUpdate"="C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background"
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
"EncryptorControl"="C:\WINNT\EncryptorControl.exe"
"GhostSurf Reminder"=""C:\Program Files\GhostSurf Platinum\Privacy Control Center.exe" reminder"
"HP Component Manager"=""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe""
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"iTunesHelper"=""D:\Program Files\iTunesHelper.exe""
"LogitechCommunicationsManager"=""C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe""
"LogitechQuickCamRibbon"=""C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide"
"LogMeIn GUI"=""C:\Program Files\LogMeIn\x86\LogMeInSystray.exe""
"LTCM Client"="C:\Program Files\LTCM Client\ltcmClient.exe /startup"
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"
"QuickTime Task"=""C:\Program Files\QuickTime\qttask.exe" -atboottime"
"SunJavaUpdateSched"=""C:\Program Files\Java\jre6\bin\jusched.exe""
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
(No values found)


[HKEY_USERS\DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(Unable to open key - key not found)

[HKEY_USERS\DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
(Unable to open key - key not found)

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
(No values found)


[HKEY_USERS\DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
(Unable to open key - key not found)

-=End Of File=-

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:38 PM

Posted 11 November 2009 - 08:51 PM

"IE New Window Maximizer"="C:\Program Files\IE New Window Maximizer\iemaximizer.exe"

This entry is legitimate. Do you know if you downloaded it voluntarily? If so, does the time you installed it coincide with your IE problems?

I would suggest you uninstall it if you did not download it intentionally.

If you did mean to install it I would suggest you stop it running at start up and see if that fixes the problem. Run the program below to do this (and to stop any others that you wish)

Please download StartupLite. to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.

Let me know if this solves the problem. If it does then ignore the rest of this post.


If it's still happening....

Let's take a quick look round the PC for anything suspicious

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Thanks :(
Posted Image
m0le is a proud member of UNITE

#7 Brucerb

Brucerb
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 12 November 2009 - 07:07 PM

Thank you, m0le. Removing the IEMaximizer did the trick. I did install it intentionally over a year ago and never had a problem. I now use Firefox so I don't need that program any more. Incidentally, I ran the Malwarebytes Anti-Malware program anyway. It deleted one entire program I have had for years (Evidence Eliminator) but nothing else. I can reinstall it. ASnyway, I'm back in business. I appreciate all your help. Thanks again. Brucerb

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:38 PM

Posted 12 November 2009 - 07:18 PM

I wonder why MBAM removed Evidence Eliminator?

Anyway, glad that's sorted out for you, brucerb.

Cheers,

:(
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:38 PM

Posted 18 November 2009 - 09:09 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users