Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Ieplugin


  • This topic is locked This topic is locked
66 replies to this topic

#1 topdrawer

topdrawer

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 18 April 2007 - 03:48 PM

Hi,

My problem is apparently with malware ieplugin. I have run a virus scan by housecall, and my AVG antivirus. Also ran Spybot Search and Destroy, and Ad-aware personal by LavaSoft. Also ran Spyhunter and McAffe Stinger. Most of the bad files have been removed. The files have been cleaned up.

I'm using Windows XP Home Edition and the sp2 has been installed for quite awhile. It is updated automatically.

The problem still persists since many of the configurations have been changed. It was first noted when trying to go to wedsites from the favorites in Internet Explorer. It would not go and I got a page, and still do, saying that it had encounter a problem and needs to close, which it does immediately. The only place I can get to is the home page which is set to fastmail.fm. Fortunately, I have Mozilla Firefox browser installed.

Sygate firewall, that I just recently installed, says that Internet Explorer (iexplore.exe) is trying to connect to www.fm (66.111.4.56) using remote port 443 (HTTPS-HTTP protocall over TLS/SSL)

Also, the System Configuration Utility has been altered. In the command line for Boot.INI, there is an apparent addition which I don't know how to change. The part in the command line is as follows after "Microsoft Windows XP Home Edition"/fastedit/Not Execute=Optin
This is perhaps keeping the safe mode from being available and a black page comes up that says the keyboard is not correct or unavailable, or something of that nature.

The system restore will not work and I get a page stating that the System Restore application has encountered a problem and needs to close.

Most of the help features are not available to use and the page comes up stating that a problem has been encountered.

I would appreciate any help I can get with this. A Hijack This log is enclosed.

My regards,


Logfile of HijackThis v1.99.1
Scan saved at 2:43:03 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\FSCBoss\FSCBoss.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\McAfee.com\McAffee Compt Kit\MemoKit\memokit2.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fastmail.fm/mail/?MLS=LN-*;Uid=...N-Authenticate*
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\Embarq TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Type Pilot] "C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MemoKit.lnk = C:\Program Files\McAfee.com\McAffee Compt Kit\MemoKit\mk.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download File - C:\Program Files\Secure IE\Scripts\AddToTransferQueue.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Highlight - C:\Program Files\Secure IE\Scripts\highlight.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add Link to QuikView - http://www.quikonnex.com/start/ctxmenu.php?add=link
O8 - Extra context menu item: Add Page to QuikView - http://www.quikonnex.com/start/ctxmenu.php?add=page
O8 - Extra context menu item: Add to Notes Pilot - C:\Program Files\Invention Pilot\Notes Pilot\nnotes.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zoom &In - C:\Program Files\Secure IE\Scripts\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\Program Files\Secure IE\Scripts\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: QuikView | Quikonnex - {23F5C49C-74DF-42BA-A194-FF92A3B59FED} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: QuikView Panel - {23F5C49C-74DF-42BA-A194-FF92A3B59FED} - Shdocvw.dll (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Notes Pilot - {D88F1992-1490-470E-8D16-3A80D50C80FA} - C:\PROGRA~1\INVENT~1\NOTESP~1\nnotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3414A1F-608D-4BB1-B756-1DCC48E5FCDE}: NameServer = 170.215.184.3,170.215.126.3
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:52 AM

Posted 27 April 2007 - 05:56 PM

Hello topdrawer,

Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please post a fresh HijackThis log and we can begin the cleaning process.


Thank you !
SNOWHITE
Posted Image

#3 topdrawer

topdrawer
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 28 April 2007 - 06:02 PM

Thank you for looking. The log file is below.

Logfile of HijackThis v1.99.1
Scan saved at 6:55:24 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\FSCBoss\FSCBoss.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\McAfee.com\McAffee Compt Kit\MemoKit\memokit2.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fastmail.fm/mail/?MLS=LN-*;Uid=...N-Authenticate*
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\Embarq TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Type Pilot] "C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: MemoKit.lnk = C:\Program Files\McAfee.com\McAffee Compt Kit\MemoKit\mk.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download File - C:\Program Files\Secure IE\Scripts\AddToTransferQueue.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Highlight - C:\Program Files\Secure IE\Scripts\highlight.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add Link to QuikView - http://www.quikonnex.com/start/ctxmenu.php?add=link
O8 - Extra context menu item: Add Page to QuikView - http://www.quikonnex.com/start/ctxmenu.php?add=page
O8 - Extra context menu item: Add to Notes Pilot - C:\Program Files\Invention Pilot\Notes Pilot\nnotes.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zoom &In - C:\Program Files\Secure IE\Scripts\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\Program Files\Secure IE\Scripts\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: QuikView | Quikonnex - {23F5C49C-74DF-42BA-A194-FF92A3B59FED} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: QuikView Panel - {23F5C49C-74DF-42BA-A194-FF92A3B59FED} - Shdocvw.dll (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Notes Pilot - {D88F1992-1490-470E-8D16-3A80D50C80FA} - C:\PROGRA~1\INVENT~1\NOTESP~1\nnotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3414A1F-608D-4BB1-B756-1DCC48E5FCDE}: NameServer = 170.215.184.3,170.215.126.3
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:52 AM

Posted 30 April 2007 - 05:04 AM

Hello topdrawer :thumbsup:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Step 1

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Step 2

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



* Optional

Please read this NOTE about SpyHunter program that you are using. I advice that you uninstall this program

If you decide to uninstall SpyHunter follow this steps:

Go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

SpyHunter

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Enigma Software Group << Delete this folder if you uninstalled SpyHunter

Close Windows Explorer.

Step 3

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Download AVG Anti-Spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browserClick Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browserClick Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step 4Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Post back with AVG Anti-Spyware report scan, run new scan with HijackThis and post the report back here and uninstall_list.txt.
SNOWHITE
Posted Image

#5 topdrawer

topdrawer
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 30 April 2007 - 01:44 PM

Hi,

Thanks for the help. I've done as suggested and downloaded AVG Anti-Spyware, which I have attempted to update several times in the last 3 hours or so, but keep getting the message that the server isn't ready to serve, try again later. Is there perhaps something I can do? I thought it may be related to the configuration ieplugin has done with Internet Explorer. I don't know, what do you suggest?

My regards,
Billy

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:12:52 AM

Posted 30 April 2007 - 03:19 PM

Hi topdrawer

There is some problem with the server :thumbsup:
Go here http://www.ewido.net/en/download/updates/ scroll down to Full database Click the download button, install the update then follow the steps for running scan in Safe Mode, post the report.
SNOWHITE
Posted Image

#7 topdrawer

topdrawer
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 May 2007 - 03:21 AM

Thank you. I tried the url several times and could not get it to work either. I'll try them again later.

My regards,
Billy

#8 topdrawer

topdrawer
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 May 2007 - 02:14 PM

Hello,

Sorry for being so much trouble. I got the update for AVG. However, I tried to restart the computer in safe mode, but I am unable to do so. I get a screen that says there is a keyboard error, or one is not present. Remember though, I mentioned that in the Configuration Utility there had been an amendment to a command line for Boot INI. It seems it may have an effect on the safe mode.

These are the words present after "Microsoft Windows XP Home Edition"/fastedit/Not Execute=Optin

Perhaps you have a suggestion as to what I can do about changing that command line.

My best regards,
Billy

#9 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:05:52 PM

Posted 03 May 2007 - 10:54 AM

Hi Topdrawer,

Sorry you got no response for a couple of days. Snowhite has become ill and is unable to work logs at the moment, so I will be taking over for her.

If you are still unable to boot into safe mode, please run AVG-Antispyware in normal mode and save the log as per Snowhite's instructions. Then run a fresh HijackThis scan. Post both logs to a reply here.

edit: forgot to mention, Snowhite also asked for a HJT uninstall log. Please post that as well.

Dave

Edited by DaveM59, 03 May 2007 - 11:04 AM.


#10 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:05:52 PM

Posted 03 May 2007 - 12:18 PM

Hi again,

More instructions. I would like to see your boot.ini file.

First, Unhide files and folders:

1. Close all programs so that you are at your desktop.
2. Click Start, My Computer.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
6. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
8. Press the Apply button and then the OK button and close out My Computer.
9. Now your computer is configured to show all hidden files.
Next, Click Start, My Computer and double click your C:\.

Scroll down below the folders and you should be able to see your Boot.ini file. Right click and select Open with...

On the Programs list that opens, find Notepad, select it, then click OK.

The file will open in Notepad. On the menu bar, click Edit, then Select All. Press <Ctrl>-<C> to copy the contents to your Clipboard. Close Notepad. If you are asked whether to Save Changes (you shouldn't be, because you have not altered the contents of the file), say No.

Now, in this topic, click Add Reply. When the reply box opens, paste the contents of your boot.ini file by pressing <Ctrl>-<V>.

Looking forward to seeing that file.

Dave

#11 topdrawer

topdrawer
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 03 May 2007 - 02:44 PM

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn


=================
Thank you, I'll do a spyware scan and send the other details later. I appreciate it. Billy

#12 topdrawer

topdrawer
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 03 May 2007 - 04:42 PM

Hello,

Enclosed is the SpyWare scan report and below it is the Hijackthis uninstall list. Thanks for taking the time to look at them.

My regards,
Billy

========================
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:18:32 PM 5/3/2007

+ Scan result:



HKU\S-1-5-21-1893721453-514194663-1163684310-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455} -> Adware.CouponBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1893721453-514194663-1163684310-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} -> Adware.Generic : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Ad-logics : Cleaned.
:mozilla.9:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Ad-logics : Cleaned.
:mozilla.235:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.236:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.237:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.117:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.92:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.93:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.94:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.95:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.11:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.19:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.15:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.94:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.20:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.66:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.67:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.68:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.120:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.121:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.23:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.149:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.31:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Euniverseads : Cleaned.
:mozilla.111:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.112:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.113:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.114:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.115:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.101:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.14:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mh6izdds.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.41:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.42:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.43:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.44:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.45:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.46:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.106:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.107:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.108:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.50:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.51:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.29:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.30:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.31:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.62:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.63:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.64:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.65:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.66:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.67:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.68:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.69:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.70:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.71:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.72:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.73:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.104:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.69:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.127:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.44:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.63:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CA0RTB6Q.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CA228RDW.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CA3Z5DAA.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CA52CCU0.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CA8C6MW1.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAB0NYCR.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAB4UUCE.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CACENF2S.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAHLPJIR.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAIDD9CN.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAILM8DK.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAIT77CK.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAKDOR94.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAKK0QIQ.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy l. jones@CAWPTEMK.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[10].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[11].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[3].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[4].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[5].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[6].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[7].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[8].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@www.paypal[9].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.130:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.131:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.114:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.116:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.30:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.146:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.147:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.79:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.179:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.180:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.183:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.184:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.188:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.189:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.190:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.191:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.192:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.193:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.195:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.198:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.200:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.205:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.207:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.82:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.84:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Profiles\default\h9jaxqqk.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Billy L. Jones\Cookies\billy_l._jones@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.84:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.85:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.86:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.126:C:\Documents and Settings\Billy L. Jones\Application Data\Mozilla\Firefox\Profiles\default.m01\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

================================

1st Page 2000 2.00 Free
ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0 Sprint
ACDSee
Ad-Aware SE Personal
Adobe Acrobat Reader 3.01
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Reader Korean Fonts
Adobe Stock Photos 1.0
Adobe Type Manager 4.0
AI RoboForm (All Users)
Article Content Spinner 1.0
Articles Now!
AVG Anti-Spyware 7.5
AVG Anti-Virus 7.0
Backup995
BCM V.92 56K Modem
blogBuddy (remove only)
Broadcom Advanced Control Suite
CamStudio
Classic PhoneTools
Coupon Printer for Windows
CuteFTP 7 Home
CutePDF Writer 2.6
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
deskPDF 2.5 Standard Edition
Digital Line Detect
Docudesk GPL Ghostscript 8.15
Domain Name Analyzer v3.2.022303
EarthLink Software
Easy CD Creator 5 Platinum
Expired Domain Name Suite Full
Good Keywords v2.0.072205
GTK+ 2.10.6-1 runtime environment
HammerSnipe PowerTool
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HyperVRE 1.6
Intel® Extreme Graphics Driver
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jahn's Squeeze Page Form Generator
Java 2 Runtime Environment, SE v1.4.2_06
Java™ SE Runtime Environment 6 Update 1
Keyword Station
Lexmark 2300 Series
Lexmark Fax Solutions
Lexmark X125
Link Creator 1.0
List Manager 2.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 7.0
Microsoft Script Debugger
Microsoft Streets and Trips 2002
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox (2.0.0.3)
Mozilla Thunderbird (1.5.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MyODBC
MySoftware Fonts
MySQL Server 5.0
Notes Pilot
NoteTab Std (Remove only)
Nvu 1.0
OLYMPUS CAMEDIA Master 4.2
PCLinq2 High-Speed USB Bridge Cable
PDF Power Brand
Pdf995
Picasa 2
PLR Dashboard 1.0
QuickInvoice
QuickTime
Random House Webster's Unabridged Dictionary
RealPlayer
Registry Mechanic 5.0
Scott's Box Shot Maker
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sonic Opt-In v1.1.1
Sp5TTIntXP
SpeedConnect 5.0
SpywareBlaster v3.5.1
Sygate Personal Firewall
TextPad 4.7
The GIMP 2.2.13
ToolbarSetup
Trend Micro Anti-Spyware
Turbo Lister 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
ViewAhead Photo Center
Visual Probooks Lite
Watchtower Library 2006 - English Edition
Web Audio Plus
Webshots Desktop
Webshots Toolbar
WillMaker 8 Deluxe
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPatrol
WinZip
WorldMerge 4.2
Your Article Submitter Pro 1.0

#13 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:05:52 PM

Posted 03 May 2007 - 09:19 PM

Hi again,

Your boot.ini file is OK. It is not the cause of your safe mode boot problem.

Your AVG Antispyware scan looks clean except for a couple of adware remnants in the registry, which it quarantined.

You have several old versions of Java installed. They need to be removed because they have security vulnerabilities.

Click Start, My Computer, then double click Add or Remove Programs. When the list is populated, scroll down and remove the following, one by one:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_06


Also, I would like you to try once more to boot into safe mode. On some computers, if you start clicking F8 too soon, you may get the error message you reported. Try waiting until you see the BIOS screen that lists the devices on your system before you tap F8. Let me know whether you manage to do this.

Then reboot, and in normal mode, run a fresh HijackThis scan, and post the log to a reply here. Also let me know how the computer is running now.

Dave

#14 topdrawer

topdrawer
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 04 May 2007 - 09:26 AM

Hi, Again, thanks for the help. I was able to do a safe mode reboot by using the F8 button after the admin login.
I added that admin login thing just a short time ago.

I tried the restore process, not that I was going to do one, but I remembered trying it when I first had the problem with Ieplugin and the restore feature would not work and yet it doesn't. A page shows that a problem has been encountered and it closes.

The Internet Explorer will go to the home page and the ip address is shown in the task bar, which it didn't normally do, but the name was showing. Also, I can't go to any of the favorites and the page shows that IE has encountered a problem and needs to close and it does right away.

The Internet Options doesn't work from IE and a page comes up stating the operation has been canceled due to restrictions in effect on the computer.

The new log from Highjack this is below. Thanks

=========
Logfile of HijackThis v1.99.1
Scan saved at 9:04:21 AM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\FSCBoss\FSCBoss.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\McAfee.com\McAffee Compt Kit\MemoKit\memokit2.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fastmail.fm/mail/?MLS=LN-*;Uid=...N-Authenticate*
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\Embarq TotalAccess\ElnIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Type Pilot] "C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: MemoKit.lnk = C:\Program Files\McAfee.com\McAffee Compt Kit\MemoKit\mk.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download File - C:\Program Files\Secure IE\Scripts\AddToTransferQueue.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Highlight - C:\Program Files\Secure IE\Scripts\highlight.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add Link to QuikView - http://www.quikonnex.com/start/ctxmenu.php?add=link
O8 - Extra context menu item: Add Page to QuikView - http://www.quikonnex.com/start/ctxmenu.php?add=page
O8 - Extra context menu item: Add to Notes Pilot - C:\Program Files\Invention Pilot\Notes Pilot\nnotes.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zoom &In - C:\Program Files\Secure IE\Scripts\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\Program Files\Secure IE\Scripts\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: QuikView | Quikonnex - {23F5C49C-74DF-42BA-A194-FF92A3B59FED} - Shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: QuikView Panel - {23F5C49C-74DF-42BA-A194-FF92A3B59FED} - Shdocvw.dll (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Notes Pilot - {D88F1992-1490-470E-8D16-3A80D50C80FA} - C:\PROGRA~1\INVENT~1\NOTESP~1\nnotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3414A1F-608D-4BB1-B756-1DCC48E5FCDE}: NameServer = 170.215.184.3,170.215.126.3
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#15 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:05:52 PM

Posted 04 May 2007 - 07:58 PM

Hi again,

I see you still have Enigma's SpyHunter installed.

I hope you read the note Snowhite referred you to. This is entirely your decision, but I would add my voice to hers in advising you to remove this program.

I'm not sure I understand how you got into safe mode. Did you use TweakUI to add the administrator account to your logon screen? Are you using Windows Home or Professional? Also, is your keyboard USB (flat connector) or PS2 (round connector)?

The reason this is worth pursuing is that many specialized malware tools must be run in safe mode. However, to take out the infection, you must log onto your normal user account in safe mode. So please let me know. Also tell me whether you actually have tried the F8 method again but are still unable to make it work.

Another important question is about these lines in your log:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.1;<local>


My guess is that these proxy settings are required by your ISP, but I would like you to confirm it.

Now, let's take a shot at solving some of your problems with internet settings.

Please go to this web page to download Dial-a-fix. You will have to scroll about halfway down the page before you come to a green box with the download links. Pick one, and download the zip file to your desktop. Now close your browser and all other open windows on your desktop.

Right click the file icon and select extract all. Click Next, Next, then Finish. You will see a window open on your desktop with the Dial-a-Fix folder in it. Double click the folder, then double click the Dial-a-Fix icon to open the program. On the main page, check all boxes and click Go.

After all the fixes have been applied, you will see the word "Ready" at the bottom of the program window. Now click the Policies... button and a new window will open. The program will scan your registry for restrictive policies. When it is finished it will display a list of restrictive policies found. Click the green check mark button to select all listed restrictions, then click Remove. When the fix is finished click Close.

Back on the main screen, click the Log icon (looks like a sheet of paper with a corner folded). The log screen will open, click Save. In the Save As window, your Desktop should be selected, name the file dialafix or something equally clever and click Save. Then click Close, then Exit.

Now try your Internet settings and see whether the fix worked. In your next reply, let me know. Also, answer my earlier questions, and copy and paste the dial-a-fix log. Finally, run yet another HJT scan and paste that log into the reply as well.

Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users