Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer keeps crashing


  • This topic is locked This topic is locked
2 replies to this topic

#1 koolcat

koolcat

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 06 December 2010 - 09:43 PM

Immediately after my machine reboots and comes up, I get a popup saying Internet Explorer has crashed, then I get a Dr. Watson window showing the error. If I close the popup, I get another one about 20-30 seconds later. This will continue like this.

I do not use IE as my main browser, I switched to Firefox a few years ago. Now when I startup Firefox, I get the same popup that Firefox has had an error. After I start it a few times, it will eventually come up. This all started happening yesterday and not sure how I got the error.

I have run AVG, SDFix and MBAM all with latest files.

Here is my Hijack log:

thank you in advance

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:30 PM, on 12/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avaya\IC61\bin\vmm_service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\cvsnt\cvsservice.exe
C:\cvsnt\cvslock.exe
C:\SQLLIB\BIN\db2licd.exe
C:\SQLLIB\BIN\db2sec.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avaya\IC61\fulcrum\bin\ssjs-srv.exe
C:\Program Files\Avaya\IC61\fulcrum\bin\ssjs.exe
C:\Program Files\IBM\WebSphere\Express51\RAC\bin\RAService.exe
C:\WINDOWS\system32\QosServM.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\tardisnt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\SQLLIB\BIN\db2jds.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avaya\ATA\ATALauncher.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\VIRUSCLEANING\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.n4g.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\NEILG\Application Data\Mozilla\Profiles\default\8gxewucc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\NEILG\Application Data\Mozilla\Profiles\default\8gxewucc.slt\prefs.js)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: AvayaIEHlprObj Class - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATA] C:\Program Files\Avaya\ATA\ATALauncher.exe
O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233266856140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.avaya.com
O17 - HKLM\Software\..\Telephony: DomainName = global.avaya.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = global.avaya.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = global.avaya.com
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O21 - SSODL: kihuvupig - {cea83bb7-80ee-4970-9619-4d9c48ce4e16} - c:\windows\system32\wufinutu.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: gahurihor - {cea83bb7-80ee-4970-9619-4d9c48ce4e16} - c:\windows\system32\wufinutu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avaya Voice Media Manager - Unknown owner - C:\Program Files\Avaya\IC61\bin\vmm_service.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CVSNT (CVS) - GNU - C:\cvsnt\cvsservice.exe
O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\cvsnt\cvslock.exe
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird Connector - Unknown owner - C:\Program Files\Avaya\IC61\fulcrum\bin\ftservce.exe
O23 - Service: Hummingbird Connector Manager - Unknown owner - C:\Program Files\Avaya\IC61\fulcrum\bin\ftservce.exe
O23 - Service: Hummingbird Search Services for Java - Hummingbird Communications Ltd. - C:\Program Files\Avaya\IC61\fulcrum\bin\ssjs-srv.exe
O23 - Service: Hummingbird STR Service - Unknown owner - C:\Program Files\Avaya\IC61\fulcrum\bin\STRsvc.exe
O23 - Service: IBM Agent Controller - ECLIPSE - C:\Program Files\IBM\WebSphere\Express51\RAC\bin\RAService.exe
O23 - Service: IBM WebSphere Application Server V5 - Express51 (IBMWAS5Service - Express51) - Unknown owner - C:\Program Files\ibm\WebSphere\Express51\AppServer\bin\..\bin\wasservice.exe
O23 - Service: IBM WebSphere Application Server V6.1 - neilgNode02 (IBMWAS61Service - neilgNode02) - Unknown owner - C:\WebSphere6.1\AppServer\bin\wasservice.exe
O23 - Service: IBM WebSphere Application Server V6 - neilgNode01 (IBMWAS6Service - neilgNode01) - Unknown owner - C:\WebSphere6\AppServer\bin\wasservice.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\QosServM.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rational ClearQuest Mail Service (MailService) - IBM Corporation - C:\Program Files\Rational\ClearQuest\mailservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: OracleCSService - Unknown owner - C:\oracle\product\10.1.0\db_2\bin\ocssd.exe
O23 - Service: OracleDBConsoleorcl2 - Oracle Corporation - C:\oracle\product\10.1.0\db_2\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home2iSQL*Plus - Oracle - C:\oracle\product\10.1.0\db_2\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home2SNMPPeerEncapsulator - Unknown owner - C:\oracle\product\10.1.0\db_2\BIN\ENCSVC.EXE
O23 - Service: OracleOraDb10g_home2SNMPPeerMasterAgent - Unknown owner - C:\oracle\product\10.1.0\db_2\BIN\AGNTSVC.EXE
O23 - Service: OracleOraDb10g_home2TNSListener - Unknown owner - C:\oracle\product\10.1.0\db_2\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL2 - Oracle Corporation - c:\oracle\product\10.1.0\db_2\bin\ORACLE.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Tardis time service (Tardis) - Unknown owner - C:\WINDOWS\System32\tardisnt.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\temp\Tomcat 5.0\bin\tomcat5.exe (file missing)
O23 - Service: WebSphere Embedded Messaging Publish And SubscribeWAS_neilg_server1 (WebSphereEmbeddedMessagingPublishAndSubscribeWAS_neilg_server1) - Unknown owner - C:/Program Files/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe (file missing)
O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe

--
End of file - 16509 bytes

I figured out the problem, but don't know how to fix it.

About every 20-30 seconds, I get a dr watson (dwwin.exe) window that tells me IE has crashed.

I went into my IE directory and noticed iexplore.exe had a funny size. I renamed the file and 20 seconds later, a new iexplore.exe was created and the popup came back.
I ran combofix as that has worked for me in the past, but didn't resolve the issue. I also ran AVG and mbam and neither resolved the issue.

I wound up changing the properties of iexplore.exe to not allow execution and that has stopped the popups, but the virus is still present.

this is the file it creates:
C:\Program Files\Internet Explorer\iexplore.exe

Here is the log after running ComboFix:


ComboFix 10-12-07.04 - neilg 12/08/2010 10:01:55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.582 [GMT -5:00]
Running from: c:\viruscleaning\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\neilg\Application Data\MSA
C:\IE8-WI~1.EXE
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
C:\Thumbs.db
c:\windows\command
c:\windows\command\EXTRACT.PIF
c:\windows\My.ini
c:\windows\system32\Cache
c:\windows\system32\drivers\npf.sys
c:\windows\system32\inf
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\spool\prtprocs\w32x86\2655AF0.tmp
c:\windows\system32\spool\prtprocs\w32x86\2655AFF.tmp
c:\windows\system32\srcr.dat
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-06 06:37 . 2010-03-05 18:45 456704 -c----w- c:\windows\system32\dllcache\smtpsvc.dll
2010-12-06 06:35 . 2001-08-17 19:56 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2010-12-06 06:34 . 2001-08-17 17:48 281600 -c--a-w- c:\windows\system32\dllcache\atimtai.sys
2010-12-06 06:33 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-12-06 06:31 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-12-06 06:30 . 2009-08-04 15:13 2145280 -c--a-w- c:\windows\system32\dllcache\OLD59.tmp
2010-12-06 06:23 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-12-06 04:59 . 2010-12-06 04:59 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-12-05 05:55 . 2010-12-05 05:55 0 ----a-w- c:\windows\system32\drivers\sst5B00.tmp
2010-12-05 05:48 . 2010-12-05 05:48 53248 ----a-w- c:\windows\system32\drivers\sst5AF1.sys
2010-12-05 05:48 . 2010-12-05 05:48 0 ----a-w- c:\windows\system32\drivers\sst5AF1.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-08-06 20:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-08-06 20:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 17:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2000-04-13 17:09 . 2003-07-02 19:08 582144 ----a-w- c:\program files\Common Files\Dao350.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2003-01-21 106574]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-24 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-04 339968]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"ATA"="c:\program files\Avaya\ATA\ATALauncher.exe" [2006-09-18 53248]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-27 99840]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Desktop Firewall Tray.lnk - c:\program files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe [2005-11-14 655420]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"tmzlvzknjxhhsttbuljlTaskMgr"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 18:51 24638 ----a-w- c:\windows\system32\PCANotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^xccstart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\xccstart.lnk
backup=c:\windows\pss\xccstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^neilg^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\documents and settings\neilg\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConfigMM]
2004-07-27 14:21 4449 ----a-w- c:\program files\Avaya Modular Messaging\Client\configMM.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRESET]
2001-10-24 13:36 45056 ----a-w- c:\program files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2004-09-23 00:00 94208 ----a-w- c:\program files\Network Associates\VirusScan\shstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-06-10 13:18 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
2007-09-25 15:34 384000 ----a-w- c:\program files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
2007-09-25 15:35 1495040 ----a-w- c:\program files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
2007-09-25 15:33 1195008 ----a-w- c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TivoBeacon2"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"AvService"=2 (0x2)
"Avaya IC ORB Service 6.1"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\aceftp3free.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\trlrm\\RMHSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 avipsec;Avaya IPSEC Driver;c:\windows\system32\drivers\avipsec.sys [12/14/2005 1:58 PM 85504]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [7/29/2005 11:16 AM 58464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 4:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 55024]
R1 VProtocol;AVAYA VPNet VProtocol;c:\windows\system32\drivers\vproto2k.sys [12/14/2005 1:58 PM 14336]
R2 afpa;afpa;c:\windows\system32\drivers\afpa.sys [5/31/2005 2:11 PM 106224]
R2 Avaya Voice Media Manager;Avaya Voice Media Manager;c:\program files\Avaya\IC61\bin\vmm_service.exe [11/10/2003 4:54 PM 1888256]
R2 CVS;CVSNT;c:\cvsnt\cvsservice.exe [12/10/2003 5:22 PM 45056]
R2 Hummingbird Search Services for Java;Hummingbird Search Services for Java;c:\program files\Avaya\IC61\fulcrum\bin\ssjs-srv.exe [11/10/2003 4:55 PM 36864]
R2 IBM Agent Controller;IBM Agent Controller;c:\program files\ibm\WebSphere\Express51\RAC\bin\RAService.exe [4/16/2004 12:40 PM 69632]
R2 Tardis;Tardis time service;c:\windows\system32\tardisnt.exe [3/31/2003 8:16 PM 192512]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 DB2-0;DB2 - DB2-0;c:\sqllib\BIN\db2syscs.exe [10/24/2002 6:31 AM 140968]
S3 Hummingbird Connector Manager;Hummingbird Connector Manager;c:\program files\Avaya\IC61\fulcrum\bin\ftservce.exe [11/10/2003 4:55 PM 32768]
S3 Hummingbird Connector;Hummingbird Connector;c:\program files\Avaya\IC61\fulcrum\bin\ftservce.exe [11/10/2003 4:55 PM 32768]
S3 Hummingbird STR Service;Hummingbird STR Service;c:\program files\Avaya\IC61\fulcrum\bin\STRsvc.exe [11/10/2003 4:55 PM 131072]
S3 IBMWAS5Service - Express51;IBM WebSphere Application Server V5 - Express51;c:\program files\ibm\WebSphere\Express51\AppServer\bin\WASService.exe [8/24/2005 12:43 PM 49152]
S3 IBMWAS61Service - neilgNode02;IBM WebSphere Application Server V6.1 - neilgNode02;c:\websphere6.1\AppServer\bin\WASService.exe [7/20/2006 8:11 AM 69632]
S3 IBMWAS6Service - neilgNode01;IBM WebSphere Application Server V6 - neilgNode01;c:\websphere6\AppServer\bin\WASService.exe [1/26/2006 11:33 AM 69632]
S3 iClarity;iClarity;c:\windows\system32\drivers\iclarity.sys --> c:\windows\system32\drivers\iclarity.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 ndisva;Avaya VPNet Virtual Adapter Driver;c:\windows\system32\drivers\vadapter.sys [12/14/2005 1:58 PM 12288]
S3 OracleCSService;OracleCSService;c:\oracle\product\10.1.0\db_2\bin\ocssd.exe service --> c:\oracle\product\10.1.0\db_2\bin\ocssd.exe service [?]
S3 OracleDBConsoleorcl2;OracleDBConsoleorcl2;c:\oracle\product\10.1.0\db_2\BIN\nmesrvc.exe [8/9/2005 11:25 PM 34579]
S3 OracleOraDb10g_home2iSQL*Plus;OracleOraDb10g_home2iSQL*Plus;c:\oracle\product\10.1.0\db_2\BIN\isqlplussvc.exe [8/9/2005 11:17 PM 45056]
S3 OracleOraDb10g_home2SNMPPeerEncapsulator;OracleOraDb10g_home2SNMPPeerEncapsulator;c:\oracle\product\10.1.0\db_2\BIN\encsvc.exe [8/9/2005 11:19 PM 187392]
S3 OracleOraDb10g_home2SNMPPeerMasterAgent;OracleOraDb10g_home2SNMPPeerMasterAgent;c:\oracle\product\10.1.0\db_2\BIN\agntsvc.exe [8/9/2005 11:19 PM 254464]
S3 OracleOraDb10g_home2TNSListener;OracleOraDb10g_home2TNSListener;c:\oracle\product\10.1.0\db_2\BIN\TNSLSNR --> c:\oracle\product\10.1.0\db_2\BIN\TNSLSNR [?]
S3 OracleServiceORCL2;OracleServiceORCL2;c:\oracle\product\10.1.0\db_2\bin\ORACLE.EXE ORCL2 --> c:\oracle\product\10.1.0\db_2\bin\ORACLE.EXE ORCL2 [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 7408]
S3 Tomcat5;Apache Tomcat;"c:\temp\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 --> c:\temp\Tomcat 5.0\bin\tomcat5.exe [?]
S3 WebSphereEmbeddedMessagingPublishAndSubscribeWAS_neilg_server1;WebSphere Embedded Messaging Publish And SubscribeWAS_neilg_server1;C:/Program Files/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe --> C:/Program Files/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe [?]
S4 Avaya IC ORB Service 6.1;Avaya IC ORB Service 6.1;c:\program files\Avaya\IC61\bin\qntorbsvr.exe [11/10/2003 4:54 PM 24576]
S4 AvService;Avaya VPN Service;c:\program files\VPNremote for Windows XP\AvVpnService.exe [12/14/2005 1:58 PM 53248]
S4 OracleJobSchedulerORCL2;OracleJobSchedulerORCL2;c:\oracle\product\10.1.0\db_2\Bin\extjob.exe ORCL2 --> c:\oracle\product\10.1.0\db_2\Bin\extjob.exe ORCL2 [?]
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR --> c:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR [?]
S4 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [9/25/2007 10:33 AM 867328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.n4g.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\neilg\Application Data\Mozilla\Firefox\Profiles\oanog4o0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b3918cd&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.ftp - co.proxy.avaya.com
FF - prefs.js: network.proxy.ftp_port - 8000
FF - prefs.js: network.proxy.gopher - co.proxy.avaya.com
FF - prefs.js: network.proxy.gopher_port - 8000
FF - prefs.js: network.proxy.http - co.proxy.avaya.com
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks - co.proxy.avaya.com
FF - prefs.js: network.proxy.socks_port - 8000
FF - prefs.js: network.proxy.ssl - co.proxy.avaya.com
FF - prefs.js: network.proxy.ssl_port - 8000
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\neilg\Application Data\Mozilla\Firefox\Profiles\oanog4o0.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\neilg\Application Data\Mozilla\Firefox\Profiles\oanog4o0.default\extensions\moveplayer@movenetworks.com
FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\documents and settings\neilg\Application Data\Mozilla\Firefox\Profiles\oanog4o0.default\extensions\anttoolbar@ant.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
MSConfigStartUp-2655107500 - c:\docume~1\neilg\LOCALS~1\Temp\2655107500.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-XCiJPtLinj - c:\docume~1\neilg\LOCALS~1\Temp\XCiJPtLinj.exe
AddRemove-Apache Tomcat 5.0 - c:\tomcatdd3.0.18\Tomcat 5.0\Uninstall.exe
AddRemove-Apache Tomcat 5.5 - c:\newctitomcat\Tomcat 5.5\Uninstall.exe
AddRemove-BEA Products - c:\bea\weblogic90\uninstall\uninstall.cmd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 10:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebSphereEmbeddedMessagingPublishAndSubscribeWAS_neilg_server1]
"ImagePath"="C:/Program Files/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10g_home2TNSListener]
"ImagePath"="c:\oracle\product\10.1.0\db_2\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebSphereEmbeddedMessagingPublishAndSubscribeWAS_neilg_server1]
"ImagePath"="C:/Program Files/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\AvayaGina.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(180)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\progra~1\WINZIP\WZSHLSTB.DLL
c:\program files\Network Associates\VirusScan\shext.dll
c:\program files\Network Associates\VirusScan\RES09\ShExtRes.dll
c:\progra~1\PEGASU~1\AGILEP~1\CONTEX~2.DLL
c:\progra~1\PEGASU~1\AGILEP~1\CONTEX~1.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\TextPad 4\System\shellext.dll
c:\program files\GlobalSCAPE\CuteFTP\Cuteshell.dll
c:\windows\System32\igfxpph.dll
c:\windows\System32\hccutils.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\pcAnywhere\awhost32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\cvsnt\cvslock.exe
c:\sqllib\BIN\db2licd.exe
c:\sqllib\BIN\db2sec.exe
c:\windows\system32\drivers\dcfssvc.exe
c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
c:\program files\Avaya\IC61\fulcrum\bin\ssjs.exe
c:\windows\system32\QosServM.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\ORL\VNC\WinVNC.exe
c:\sqllib\BIN\db2jds.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2010-12-08 11:25:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-08 16:25
ComboFix2.txt 2009-03-15 14:28

Pre-Run: 9,092,308,992 bytes free
Post-Run: 9,625,006,080 bytes free

- - End Of File - - 670DE4F993E3744C637BE696B30A6C8E

EDIT: Topics and posts merged ~BP

Edited by Budapest, 08 December 2010 - 04:33 PM.
Moved from XP ~BP


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:53 AM

Posted 14 December 2010 - 09:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:53 AM

Posted 19 December 2010 - 07:26 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users