IE not opening at all, process opens and closes

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

FatalExceptionX

Thread Starter
Joined
Aug 19, 2009
Messages
39
IE has not been opening for a while, but I use firefox anyways, but now I do need IE. I had version 7, and that wasnt opening, now i uninstalled it, and installed version 8, and that does not open either. the process opens and then shuts off immedietely.

not sure if you need this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:59 PM, on 8/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EVGA Precision\Bundle\OSDServer\RTSS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0C5C4DB4-6C62-49ED-8343-62B9AE7ADF6A} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {68BB5B65-C335-4523-921D-67F933A11CA8} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {78055668-5486-452E-83ED-CE6BDB4AFFF0} - (no file)
O2 - BHO: (no name) - {78C8E7B6-8AAB-4A92-B84C-20D2A13775C8} - (no file)
O2 - BHO: (no name) - {CEB04289-CF06-4F18-9C63-A0EFB95B83A1} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA System Monitor] "C:\Program Files\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: byXOfeda - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9473 bytes
 

Phantom010

Trusted Advisor
Joined
Mar 9, 2009
Messages
34,796
Your computer seems to be infected with the Trojan.Vundo, among other things... You should start a new thread in the Malware Removal forum or click on the Report button and ask to be moved there.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

FatalExceptionX

Thread Starter
Joined
Aug 19, 2009
Messages
39
Alright, I did both tasks. Heres the log.



Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 3

8/20/2009 9:50:36 PM
mbam-log-2009-08-20 (21-50-36).txt

Scan type: Quick Scan
Objects scanned: 99725
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Ardamax Keylogger (Keylogger.Ardamax) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Ardamax Keylogger\Ardamax Keylogger.lnk (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Ardamax Keylogger\Help.lnk (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Ardamax Keylogger\Log Viewer.lnk (Keylogger.Ardamax) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
I don't see any anti-virus software running.



Please run ESET Online Scanner

Note: You can use IE or FireFox for this scan. You need to disable your current installed Anti-Virus. If you need help with that look here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go ESET Online Scanner and click on the ESET Online Scanner button
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

FatalExceptionX

Thread Starter
Joined
Aug 19, 2009
Messages
39
I have Kaspersky Internet Security 2009, running all the time. My settings are all on high.

C:\Documents and Settings\Owner\Desktop\Flatout\pdtrain.exe probably a variant of Win32/Agent trojan
C:\Program Files\HTV\HTV.004 Win32/KeyLogger.Ardamax.NAR application
C:\Program Files\Pure Networks\Network Magic\Patch.exe a variant of Win32/HackTool.Patcher.A application
C:\WINDOWS\system32\avnsmoes.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\bgojscja.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\btutrhjv.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ctelogwl.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\dklyvabu.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\dtwcoeql.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ffgkhrnb.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\fgjteyyr.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\fhvflfyh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\fpeauyex.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\fpnbkvxh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\hgokrlyt.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\hsmjtsps.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\hyhwjtgl.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\jfyyryou.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\jibnbbcg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\jxdvxyoo.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\kepcffkd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ktfgegia.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\llqlfotd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\lxfyvgxe.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\mdqjocxf.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\mvxpnkch.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\myvpdekb.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\nxlgavuh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\opxfqygt.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\ouolfjsk.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\pbalbuwk.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\psrcyhyl.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\qqYFffii.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\qqYFffii.ini2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\rvtjlvsf.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\svtkssyc.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\uldlhqkw.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\uoaebvsk.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\vFeNUvut.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\vFeNUvut.ini2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\vkyswyad.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\xkucagkx.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\xlgvublg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\system32\xxsqggew.ini Win32/Adware.Virtumonde.NEO application
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named.


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.




  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.




  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
 

FatalExceptionX

Thread Starter
Joined
Aug 19, 2009
Messages
39
Here we are

ComboFix 09-08-22.06 - Owner 08/23/2009 12:51.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2523 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\avnsmoes.ini
c:\windows\system32\bgojscja.ini
c:\windows\system32\btutrhjv.ini
c:\windows\system32\ctelogwl.ini
c:\windows\system32\dklyvabu.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dtwcoeql.ini
c:\windows\system32\ffgkhrnb.ini
c:\windows\system32\fgjteyyr.ini
c:\windows\system32\fhvflfyh.ini
c:\windows\system32\fpeauyex.ini
c:\windows\system32\fpnbkvxh.ini
c:\windows\system32\hgokrlyt.ini
c:\windows\system32\hsmjtsps.ini
c:\windows\system32\hyhwjtgl.ini
c:\windows\system32\jfyyryou.ini
c:\windows\system32\jibnbbcg.ini
c:\windows\system32\jxdvxyoo.ini
c:\windows\system32\kepcffkd.ini
c:\windows\system32\ktfgegia.ini
c:\windows\system32\llqlfotd.ini
c:\windows\system32\lxfyvgxe.ini
c:\windows\system32\mdqjocxf.ini
c:\windows\system32\mfc45.dll
c:\windows\system32\mvxpnkch.ini
c:\windows\system32\myvpdekb.ini
c:\windows\system32\nxlgavuh.ini
c:\windows\system32\opxfqygt.ini
c:\windows\system32\ouolfjsk.ini
c:\windows\system32\Packet.dll
c:\windows\system32\pbalbuwk.ini
c:\windows\system32\psrcyhyl.ini
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qqYFffii.ini
c:\windows\system32\qqYFffii.ini2
c:\windows\system32\rvtjlvsf.ini
c:\windows\system32\svtkssyc.ini
c:\windows\system32\uldlhqkw.ini
c:\windows\system32\uoaebvsk.ini
c:\windows\system32\vFeNUvut.ini
c:\windows\system32\vFeNUvut.ini2
c:\windows\system32\vkyswyad.ini
c:\windows\system32\wpcap.dll
c:\windows\system32\xkucagkx.ini
c:\windows\system32\xlgvublg.ini
c:\windows\system32\xxsqggew.ini

----- BITS: Possible infected sites -----

hxxp://download.linksys.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-22 03:56 . 2009-08-22 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-22 03:54 . 2009-08-22 03:55 -------- d-----w- c:\documents and settings\Owner\.SunDownloadManager
2009-08-22 00:37 . 2009-08-22 00:37 -------- d-----w- c:\program files\ESET
2009-08-21 01:45 . 2009-08-21 01:45 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Malwarebytes
2009-08-21 01:45 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 01:45 . 2009-08-21 01:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 01:45 . 2009-08-21 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-21 01:45 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 17:29 . 2008-12-12 22:05 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-08-20 17:29 . 2008-12-12 22:05 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-08-20 17:29 . 2009-08-20 17:29 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-08-20 16:30 . 2009-08-20 16:30 -------- d-----w- c:\program files\Pure Networks
2009-08-20 16:30 . 2009-08-20 16:30 -------- d-----w- c:\program files\WebEx
2009-08-20 16:30 . 2009-08-20 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-08-20 16:23 . 2009-08-20 16:23 36 ----a-w- c:\documents and settings\test.vbs
2009-08-19 23:05 . 2009-08-19 23:05 -------- d-----w- c:\program files\Trend Micro
2009-08-19 22:36 . 2009-08-19 22:36 -------- dc-h--w- c:\windows\ie8
2009-08-19 02:15 . 2009-07-24 19:05 676704 ----a-w- c:\windows\system32\LCCoin30.dll
2009-08-19 02:15 . 2009-08-19 02:15 -------- d-----w- c:\program files\Microsoft LifeCam
2009-08-19 02:08 . 2009-08-21 05:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FLVService
2009-08-19 02:08 . 2009-08-19 02:08 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-08-19 02:08 . 2009-08-19 02:08 -------- d-----w- c:\windows\Ask & Record Toolbar
2009-08-18 04:01 . 2009-08-18 04:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mohammad_Ahmadi_Bidakhvid
2009-08-16 15:36 . 2009-08-16 15:36 -------- d-----w- c:\windows\Performance
2009-08-16 15:35 . 2009-08-16 15:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Corporation
2009-08-16 15:35 . 2009-08-16 15:35 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-08-05 21:32 . 2009-08-05 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-08-05 21:31 . 2009-08-05 21:32 -------- d-----w- C:\Garmin
2009-08-05 20:53 . 2009-08-16 16:49 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Download Manager
2009-08-05 20:41 . 2009-08-05 21:31 -------- d-----w- c:\docume~1\Owner\APPLIC~1\GARMIN
2009-08-05 20:41 . 2009-08-05 20:41 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-08-05 20:40 . 2009-08-05 20:40 -------- d-----w- c:\program files\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 17:19 . 2009-07-07 23:59 -------- d-----w- c:\program files\Steam
2009-08-23 17:19 . 2009-04-05 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-23 16:56 . 2009-04-05 18:47 811040 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-23 16:56 . 2009-04-05 18:47 4900 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-23 16:56 . 2009-04-05 18:47 3967520 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-23 16:56 . 2009-04-05 18:47 33124 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-22 04:52 . 2008-08-04 23:19 -------- d-----w- c:\program files\EVGA Precision
2009-08-22 03:56 . 2008-12-09 15:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-21 02:16 . 2008-08-01 16:23 96896 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 17:30 . 2009-08-20 16:30 8673792 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-08-20 16:21 . 2008-08-02 02:07 -------- d-----w- c:\docume~1\Owner\APPLIC~1\uTorrent
2009-08-20 06:33 . 2009-05-01 23:30 -------- d-----w- c:\program files\HTV
2009-08-19 02:08 . 2008-08-08 18:02 -------- d-----w- c:\docume~1\Owner\APPLIC~1\LimeWire
2009-08-18 03:59 . 2009-01-19 07:48 -------- d-----w- c:\program files\Net Tools
2009-08-16 05:38 . 2009-05-02 03:17 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Thinstall
2009-08-16 05:30 . 2008-08-04 23:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-09 02:35 . 2009-03-17 15:55 -------- d-----w- c:\program files\PokerStars
2009-08-09 01:20 . 2008-09-22 15:58 256 ----a-w- c:\windows\system32\pool.bin
2009-08-05 20:40 . 2008-10-06 13:07 -------- d-----w- c:\program files\DIFX
2009-08-05 09:01 . 2002-12-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-24 23:43 . 2009-07-14 13:54 -------- d-----w- c:\program files\Common Files\BioWare
2009-07-24 19:05 . 2009-02-14 02:24 30560 ----a-w- c:\windows\system32\drivers\nx6000.sys
2009-07-21 02:14 . 2008-08-08 00:03 -------- d-----w- c:\program files\VstPlugins
2009-07-21 02:14 . 2008-08-08 00:02 -------- d-----w- c:\program files\Image-Line
2009-07-21 02:13 . 2009-07-21 02:13 -------- d-----w- c:\program files\Outsim
2009-07-18 05:08 . 2008-09-22 15:49 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-17 19:01 . 2002-12-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 05:51 . 2009-07-16 05:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-16 05:51 . 2009-07-16 05:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-14 14:25 . 2008-08-02 20:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 03:43 . 2002-12-31 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 03:59 . 2008-12-06 01:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-08 21:50 . 2009-07-08 17:20 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Mount&Blade
2009-07-08 17:23 . 2009-07-08 17:17 -------- d-----w- c:\program files\Mount&Blade
2009-07-08 00:00 . 2009-07-08 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AA3DeployClient
2009-07-07 23:44 . 2009-07-07 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AA2DeployClient
2009-07-03 17:09 . 2002-12-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 18:24 . 2009-06-25 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-26 23:00 . 2008-08-01 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 22:59 . 2009-06-26 22:59 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-26 22:59 . 2009-06-26 22:59 -------- d-----w- c:\program files\Linksys
2009-06-25 08:25 . 2002-12-31 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-12-31 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-12-31 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-12-31 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-12-31 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-12-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 02:16 . 2009-06-25 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-25 02:15 . 2009-06-25 02:14 -------- d-----w- c:\program files\Yahoo!
2009-06-25 02:15 . 2009-06-25 02:15 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Yahoo!
2009-06-24 11:18 . 2002-12-31 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 12:46 . 2008-08-01 16:19 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 14:36 . 2002-12-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-12-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-12-31 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-12-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2008-08-01 16:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-05-01 02:02 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2009-05-01 02:02 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-05-01 02:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2008-08-04 23:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2008-05-22 20:34 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2008-05-22 20:34 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2008-05-22 20:34 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 10:03 . 2008-05-22 20:34 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2008-05-22 20:34 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2008-05-22 20:34 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2008-05-22 20:34 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 06:14 . 2002-12-31 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 15:42 . 2009-03-16 16:11 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-10-15 17:17 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2002-12-31 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-03-09 03:28 . 2009-03-09 03:22 87552 ----a-w- c:\program files\MMO.exe
.

------- Sigcheck -------

[-] 2008-08-01 16:35 507904 679A7259741F6A09994F02CE261B5F2E c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA System Monitor"="c:\program files\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2008-10-24 846368]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Steam"="c:\program files\Steam\Steam.exe" [2009-07-07 1217784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2009-04-28 298000]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Media Player.lnk]
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e8e08a44
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supertintin_skype

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"SymSnapService"=3 (0x3)
"rpcapd"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"RichVideo"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Norton Ghost"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MSCamSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Capture Device Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"Symantec SymSnap VSS Provider"=2 (0x2)
"SENS"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LanmanServer"=2 (0x2)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"xmlprov"=3 (0x3)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"SysmonLog"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"seclogon"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"Nla"=3 (0x3)
"Netlogon"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"Browser"=2 (0x2)
"YahooAUService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/5/2009 9:03 PM 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [4/5/2009 9:03 PM 712048]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/13/2009 10:24 PM 30560]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 6:04 PM 551680]
R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 2:39 PM 4608]
S0 pydvr;pydvr;c:\windows\system32\drivers\hbhbvw.sys --> c:\windows\system32\drivers\hbhbvw.sys [?]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/6/2008 9:06 AM 11520]
S4 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [12/31/2002 8:00 AM 5120]
S4 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 6:13 PM 1558000]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/16/2009 11:07 AM 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1078081533-682003330-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 02:23]

2009-08-19 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2009-07-24 19:05]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WD Button Manager - WDBtnMgr.exe
Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\profiles\6i14c64c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 13:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1078081533-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,d4,30,79,c1,d6,b7,fa,84,23,57,e3,84,e5,a3,3e,e4,10,2f,95,b7,
7d,6f,ff,d0,f6,9c,36,0d,6b,88,33,b9,d7,d1,8d,2e,0b,b2,10,60,8a,f0,ac,3b,92,\
"rkeysecu"=hex:30,c1,91,c2,be,d2,6e,41,47,66,62,94,fc,7d,be,df
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WININET.dll
c:\program files\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
c:\documents and settings\Owner\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\iolo\System Mechanic Professional\SMTrayNotify.exe
c:\windows\system32\rundll32.exe
c:\program files\EVGA Precision\Bundle\OSDServer\RTSS.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-08-23 13:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 17:26

Pre-Run: 152,055,721,984 bytes free
Post-Run: 151,740,362,752 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

441 --- E O F --- 2009-08-17 17:22
 

FatalExceptionX

Thread Starter
Joined
Aug 19, 2009
Messages
39
Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 3

8/23/2009 4:30:47 PM
mbam-log-2009-08-23 (16-30-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 210595
Time elapsed: 32 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please post your hijackthis log again and let me know if you are still having problems.
 

FatalExceptionX

Thread Starter
Joined
Aug 19, 2009
Messages
39
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:50 PM, on 8/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EVGA Precision\Bundle\OSDServer\RTSS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [NVIDIA System Monitor] "C:\Program Files\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{8687C030-29A6-4855-871C-32901D17F414}: NameServer = 167.206.251.130,167.206.251.129
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 8610 bytes


Internet explorer still opens and closes immedietely
 

FatalExceptionX

Thread Starter
Joined
Aug 19, 2009
Messages
39
EVGA is my graphics card manufacturer, NVidia Geforce X260

Ask and record toolbar was a toolbar by askjeeves.com, i actually dont remember why i needed it.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top