1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Explorer - Cannot Display the web page - HIJACKTHIS log

Discussion in 'Virus & Other Malware Removal' started by chrisjoel99, Oct 26, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    Over the last two days I have been unable to access the internet through Internet Explorer. Whenever I open up the browser (and I've tried several times) it comes up with the statement "Internet Explorer cannot display the web page" with a button to click to "Diagnose Network Problem". After clicking it, no problem is found with my network. Additionally, other programs such as MS Money, TrendMicro Antivirus, BSafe Internet filter and Carbonite back-up have been unable to update or even gain access to basic information from the proper servers. I am, however, able to access the internet with Firefox and Apple Safari with no problems. I followed the 7 or 8 steps that are recommended on Microsoft's website (running IE without add-ons, disabling firewalls, etc.), but to no avail. To my knowledge no changes were made within the last 2-3 days that would have caused the issue. I tried a system restore, but no restore points were available before the problem started. I'm posting a HJT log below, as well as a startup log. My computer is an HP Pavilion dv9335nr notebook with Vista Home Premium, TrendMicro antivirus and Spy Sweeper adware/malware watch. I really could use any help available because I'm at my wits end.

    Below are the logs mentioned previously

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:41:29 PM, on 10/25/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\InetCntrl\InetCntrl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Christopher\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
    O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O4 - HKLM\..\Run: [InetCntrl] "C:\Windows\system32\InetCntrl\StartInet.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Global Startup: MRI_DISABLED
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9402 bytes


    STARTUP LIST
    StartupList report, 10/25/2008, 10:44:25 PM
    StartupList version: 1.52.2
    Started from : C:\Users\Christopher\Desktop\HijackThis.EXE
    Detected: Windows Vista SP1 (WinNT 6.00.1905)
    Detected: Internet Explorer v8.00 (8.00.6001.18241)
    * Using default options
    ==================================================

    Running processes:

    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\InetCntrl\InetCntrl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Christopher\Desktop\HijackThis.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\Windows\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    InetCntrl = "C:\Windows\system32\InetCntrl\StartInet.exe"

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    =

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    [MRI_DISABLED]
    HPAdvisor = C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

    --------------------------------------------------

    Shell & screensaver key from C:\Windows\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=explorer.exe
    SCRNSAVE.EXE=C:\Windows\system32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL - {00A6FAF1-072E-44cf-8957-5838F569A31D}
    (no name) - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
    (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL - {07B18EA1-A523-4961-B6BB-170DE4475CCA}
    (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    (no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    (no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    Bsecure Popup Blocker - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll - {E0019445-4C1F-414D-A70E-AD80F231C584}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    HPCeeScheduleForChristopher.job
    User_Feed_Synchronization-{C9B20CC4-9CDD-4CD4-A19E-29DE132A20EB}.job
    wrSpySweeper_L0BF6609CB4D647D7B6C58916D3EAD243.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
    CODEBASE = http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab

    [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\Windows\system32\NLAapi.dll
    NameSpace #2: C:\Windows\system32\napinsp.dll
    NameSpace #3: C:\Windows\system32\pnrpnsp.dll
    NameSpace #4: C:\Windows\system32\pnrpnsp.dll
    NameSpace #5: C:\Windows\system32\wshbth.dll
    NameSpace #8: C:\Program Files\Bonjour\mdnsNSP.dll
    Protocol #1: InetCntrl0011.dll (file MISSING)
    Protocol #2: InetCntrl0011.dll (file MISSING)
    Protocol #3: InetCntrl0011.dll (file MISSING)
    Protocol #4: InetCntrl0011.dll (file MISSING)
    Protocol #5: InetCntrl0011.dll (file MISSING)
    Protocol #6: InetCntrl0011.dll (file MISSING)
    Protocol #7: InetCntrl0011.dll (file MISSING)
    Protocol #8: InetCntrl0011.dll (file MISSING)
    Protocol #9: InetCntrl0011.dll (file MISSING)
    Protocol #10: InetCntrl0011.dll (file MISSING)
    Protocol #11: InetCntrl0011.dll (file MISSING)
    Protocol #12: C:\Windows\system32\wpclsp.dll
    Protocol #13: C:\Windows\system32\wpclsp.dll
    Protocol #14: C:\Windows\system32\wpclsp.dll
    Protocol #15: C:\Windows\system32\wpclsp.dll
    Protocol #16: C:\Windows\system32\wpclsp.dll
    Protocol #17: C:\Windows\system32\wpclsp.dll
    Protocol #18: C:\Windows\system32\wpclsp.dll
    Protocol #19: C:\Windows\system32\wpclsp.dll
    Protocol #31: C:\Windows\system32\wpclsp.dll
    Protocol #32: InetCntrl0011.dll (file MISSING)

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\Windows\System32\webcheck.dll

    --------------------------------------------------
    End of report, 6,118 bytes
    Report generated in 0.125 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,872
    I see you are using IE8 beta & we can't help with that

    my advice is uninstall IE8 & revert to IE7 & see if that cures the problem

    it is very possible one of the recent updates has caused a conflict in IE8

    That is why running a beta software is NEVER recommended unless you are 100% sure of what you are doing and prepared to format & reinstall the computer, when it all goes wrong as betas frequently do
     
  3. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    This problem occurred prior to installing IE8. I will reinstall IE7 and resubmit the HJT log.
     
  4. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    Below is the repost of my HJT log, after removing IE8, which left IE7. Please see my previous posts for a complete description of my problem.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:42:31 PM, on 11/2/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Steam\steam.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFA.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\InetCntrl\InetCntrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Christopher\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
    O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"
    O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
    O4 - HKLM\..\Run: [WPCUMI] "C:\Windows\system32\WpcUmi.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [InetCntrl] "C:\Windows\system32\InetCntrl\StartInet.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [EPSON Stylus CX9400Fax Series] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" /FU "C:\Users\CHRIST~1\AppData\Local\Temp\E_SC730.tmp" /EF "HKCU"
    O4 - HKCU\..\RunOnce: [Application Restart #1] "C:\Program Files\Windows Media Player\wmpnscfg.exe"
    O4 - HKCU\..\RunOnce: [Application Restart #0] "C:\Windows\ehome\ehtray.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: MRI_DISABLED
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565MOUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13937 bytes
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,872
    check you haven't blocked ie in trend internet security firewall & in the bsafe program
     
  6. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    IE is not blocked in BSafe. Can't access anything in Antivirus because it's tied to IE. Everytime I try to open it, I get an IE "cannot display this webpage". Uninstalled TrendMicro, still can't access internet via IE.
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,872
    lets see what this does

    Download ComboFix from Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results"
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns
     
  8. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    ComboFix Log

    ComboFix 08-11-04.02 - Christopher 2008-11-04 18:02:14.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1248 [GMT -5:00]
    Running from: c:\users\Christopher\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\FunWebProducts
    c:\program files\Internet Explorer\msimg32.dll
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files\MyWebSearch\bar\icons\CM.ICO
    c:\program files\MyWebSearch\bar\icons\MFC.ICO
    c:\program files\MyWebSearch\bar\icons\PSS.ICO
    c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
    c:\program files\MyWebSearch\bar\icons\WB.ICO
    c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
    c:\program files\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\f3PSSavr.scr

    ----- BITS: Possible infected sites -----

    hxxp://au.download.windowsupdate.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_MyWebSearchService


    ((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
    .

    2008-11-03 14:02 . 2008-11-03 18:06 <DIR> d-------- c:\users\Christopher\YMCA Basketball Winter 08
    2008-10-29 11:12 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll
    2008-10-29 11:12 . 2008-09-17 23:56 147,456 --a------ c:\windows\System32\Faultrep.dll
    2008-10-29 11:12 . 2008-09-17 23:56 125,952 --a------ c:\windows\System32\wersvc.dll
    2008-10-26 16:34 . 2008-10-26 16:34 <DIR> d-------- c:\users\Christopher\AppData\Roaming\RegFixPro
    2008-10-25 14:49 . 2008-10-25 21:03 <DIR> d-------- c:\users\Christopher\.housecall6.6
    2008-10-25 11:47 . 2008-10-25 11:50 <DIR> d-------- c:\program files\NetWaiting
    2008-10-25 11:45 . 2006-06-09 08:38 6,909 --a------ c:\windows\System32\drivers\UIUSYS.SYS
    2008-10-25 10:13 . 2008-10-25 10:13 <DIR> d-------- c:\program files\Trend Micro(TM) AntiVirus
    2008-10-25 08:25 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll
    2008-10-25 08:25 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll
    2008-10-25 08:25 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax
    2008-10-25 08:25 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2008-10-25 08:25 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax
    2008-10-14 23:15 . 2008-10-01 20:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
    2008-10-14 23:15 . 2008-10-01 22:49 827,392 --a------ c:\windows\System32\wininet.dll
    2008-10-14 22:56 . 2008-09-17 21:16 2,032,640 --a------ c:\windows\System32\win32k.sys
    2008-10-14 22:48 . 2008-09-18 00:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
    2008-10-14 22:48 . 2008-09-18 00:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
    2008-10-14 22:19 . 2008-08-26 20:06 288,768 --a------ c:\windows\System32\drivers\srv.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-05 01:13 --------- d-----w c:\program files\Steam
    2008-11-04 22:12 13,307 ----a-w c:\users\Christopher\AppData\Roaming\nvModes.dat
    2008-11-04 05:37 --------- d-----w c:\programdata\Yahoo! Companion
    2008-11-04 05:37 --------- d-----w c:\programdata\pdf995
    2008-11-04 05:37 --------- d-----w c:\program files\Trend Micro
    2008-10-27 06:07 --------- d-----w c:\programdata\Microsoft Help
    2008-10-25 16:50 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-25 16:47 --------- d-----w c:\program files\CONEXANT
    2008-10-25 13:40 --------- d-----w c:\program files\Common Files\Steam
    2008-10-25 03:48 --------- d-----w c:\program files\Microsoft Silverlight
    2008-10-16 07:05 --------- d-----w c:\program files\Windows Mail
    2008-10-05 03:06 --------- d-----w c:\program files\iTunes
    2008-10-05 03:05 --------- d-----w c:\program files\iPod
    2008-09-22 01:49 --------- d-----w c:\users\Christopher\AppData\Roaming\Move Networks
    2008-09-21 19:31 --------- d-----w c:\program files\QuickTime
    2008-09-21 19:29 --------- d-----w c:\program files\Common Files\Apple
    2008-09-21 19:22 --------- d-----w c:\program files\Bonjour
    2008-09-13 02:06 --------- d-----w c:\programdata\WindowsSearch
    2008-09-11 07:05 --------- d-----w c:\program files\Microsoft Works
    2008-09-03 01:39 164 ----a-w C:\install.dat
    2008-08-29 14:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
    2008-08-29 13:53 61,440 ----a-w c:\windows\System32\dnssd.dll
    2008-08-22 03:38 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-08-22 03:38 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-08-22 03:38 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-08-22 03:38 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-08-09 20:04 1,538,928 ----a-w c:\windows\WRSetup.dll
    2008-06-18 03:26 174 --sha-w c:\program files\desktop.ini
    2007-10-24 13:44 44,392 ----a-w c:\program files\uninstal.log
    2007-09-17 17:10 336 ----a-w c:\users\Christopher\AppData\Roaming\wklnhst.dat
    2007-07-03 18:06 22 --sha-w c:\windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2008-06-13 22:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2008-06-13 22:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2008-06-13 22:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Steam"="c:\program files\Steam\Steam.exe" [2008-10-13 1410296]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
    "EPSON Stylus CX9400Fax Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" [2007-03-23 182272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-09-19 66816]
    "MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "InetCntrl"="c:\windows\system32\InetCntrl\StartInet.exe" [2008-01-29 54576]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-11 185896]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-27 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-27 7770112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-27 81920]
    "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-30 970808]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]

    c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 39792]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 738968]
    HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-29 34520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer HDD Camera Monitor.lnk
    backup=c:\windows\pss\ImageMixer HDD Camera Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    --a------ 2006-10-18 12:32 472800 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    --a------ 2007-12-18 20:47 8720384 c:\program files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-02-27 10:26 7770112 c:\windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-02-27 10:26 81920 c:\windows\System32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    --a------ 2007-02-27 10:26 90191 c:\windows\System32\nvsvc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    --a------ 2008-08-09 15:04 5418864 c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-12-29 08:35 77824 c:\program files\Java\jre1.6.0\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
    --a------ 2006-10-18 12:56 317152 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "CLTNetCnService"=2 (0x2)
    "XAudioService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F7D2D91B-2F93-4D98-89DA-EAA8221D97E4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{8553FFE4-2978-492C-B2EF-BDFD62B4FAEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{8487480D-1C86-41BC-88D2-2F94CEFB5506}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
    "{2323E63B-77E5-49DA-AB6C-674CAE419990}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
    "{BA87D380-4483-441F-8DE3-F17AFA5472AB}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{85087D8B-AF97-4EB9-A26E-D8B9AB8F767F}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
    "{935C2EF6-A603-4F13-8463-5A832EC27F6B}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{D75EE1D6-182D-42A7-BE19-058BA7449A8C}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{E274B2FC-F54F-4631-BB1B-F63DD15BA9A2}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{694F75FE-AD5C-4AB0-BB36-7C2CAA098EAF}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{6014D925-779E-4517-9853-F48EE1F54858}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{0158754C-0CAA-4651-A1BC-C0CA90A95F43}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{44A7F39C-5F3C-4878-86B5-5C42F49CA0E1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{C2105CA8-6F50-4906-9F35-ADCC317BB1B5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{D0AE3926-EEC5-4F02-A564-C24AE84F922B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{9403EDE5-FA94-449F-A7F9-2006D330B0EF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{0A170A43-2489-43EB-94D1-14C011EC8E00}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{92705FC6-3834-42CF-A1C2-951FC62A792B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{ABFA226F-9F7F-4A45-8C10-41200108E400}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{9E083724-1576-4B2F-AB37-28264F3AD549}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{99BB1849-B0D3-4BF9-AE69-CBD3D4D90E85}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{61345718-70C4-4BB0-895F-5C6B057A29B9}c:\\pfs\\callatl\\rteng9.exe"= UDP:c:\pfs\callatl\rteng9.exe:Adaptive Server Anywhere Network Server
    "UDP Query User{46C99389-B63D-4649-85DB-09D456556A0C}c:\\pfs\\callatl\\rteng9.exe"= TCP:c:\pfs\callatl\rteng9.exe:Adaptive Server Anywhere Network Server
    "{73F4409A-9BEE-43E3-8EEA-6EA46F146480}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{542FF41D-9B7B-4FC9-BA91-03087202C1D3}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{FCAE582B-BFDE-4031-A6B2-E942D6DCDC48}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{84C8EE9D-B181-4CB6-9DEF-5E10D1182426}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "TCP Query User{91DD7B81-5284-4EE3-898F-B7FCDA70A0C4}c:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
    "UDP Query User{F61A71FE-49C2-46D4-A8FB-21FD6B48FC09}c:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
    "{A566E360-E33C-4151-B73D-298F8D7375BA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{9CF371CE-6A1B-4A1F-94B6-6EB7FDC5ACCB}c:\\program files\\myspace\\im\\myspaceim.exe"= UDP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
    "UDP Query User{3E50D583-5CE3-4BCF-B4DA-DA0DCC9E8ED8}c:\\program files\\myspace\\im\\myspaceim.exe"= TCP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
    "TCP Query User{2D67E430-0432-45AD-97B0-F2D57BF110B1}c:\\program files\\steam\\steamapps\\chrisjoel99\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\chrisjoel99\team fortress 2\hl2.exe:hl2
    "UDP Query User{E051E56B-B626-49BF-8CAF-4B554C568734}c:\\program files\\steam\\steamapps\\chrisjoel99\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\chrisjoel99\team fortress 2\hl2.exe:hl2
    "TCP Query User{30D3893D-CA8F-464D-ADC2-CD3C34E9C33A}c:\\windows\\system32\\inetcntrl\\inetcntrl.exe"= UDP:c:\windows\system32\inetcntrl\inetcntrl.exe:Bsecure Internet Protection Services - Application
    "UDP Query User{3418718A-3627-4320-B891-FED1638E378D}c:\\windows\\system32\\inetcntrl\\inetcntrl.exe"= TCP:c:\windows\system32\inetcntrl\inetcntrl.exe:Bsecure Internet Protection Services - Application
    "{9E88FF8B-81FA-467C-8503-97E49A447378}"= UDP:c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe:CarboniteService
    "{1BE45432-CA66-4FF8-A0B3-B0296B4C8D88}"= TCP:c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe:CarboniteService
    "TCP Query User{2E960ED9-A67A-447F-9C73-4F3659EE5E64}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
    "UDP Query User{21B8F057-2C70-4CA4-AA65-2A3307F10E09}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
    "TCP Query User{2C629294-CFE7-4901-8B3A-80F215074715}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{A4BCCFBF-FC39-4F22-925F-122CC75AF664}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "TCP Query User{09FE37CB-4F10-45A4-AA95-0B457E900F1E}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{8EF1332D-E18B-467D-953F-A1C1EE00501C}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "{1D2A0AA2-59EB-41AD-B3F8-62FD7F08A975}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{6D44CAEF-1A96-4460-A59C-9EA6211E30A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{F0FBCE7D-47D8-4946-96CC-9CF789689165}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{2B12A8FA-DE31-444B-9A06-A5C49220875F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{9FD04B9E-725C-41D0-80D6-017B77D55732}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{51A90F84-482A-4FFA-B188-A78745D3C6FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
    R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
    S3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2006-12-01 622080]
    S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-10-24 87288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b52b3c3-33c2-11dc-a172-001b2409c8cc}]
    \shell\AutoRun\command - f:\jdsecure\Windows\JDSecure20.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-02 c:\windows\Tasks\HPCeeScheduleForChristopher.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-10-30 19:08]

    2008-10-30 c:\windows\Tasks\RegFixPro Scheduled Scan.job
    - c:\program files\RegFixPro\RegFixPro.exe []

    2008-10-30 c:\windows\Tasks\RegFixPro Scheduled Scan.job
    - c:\program files\RegFixPro []

    2008-10-25 c:\windows\Tasks\User_Feed_Synchronization-{C9B20CC4-9CDD-4CD4-A19E-29DE132A20EB}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

    2008-11-03 c:\windows\Tasks\wrSpySweeper_L0BF6609CB4D647D7B6C58916D3EAD243.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]

    2008-11-03 c:\windows\Tasks\wrSpySweeper_L0BF6609CB4D647D7B6C58916D3EAD243.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]

    2008-11-03 c:\windows\Tasks\wrSpySweeper_L0BF6609CB4D647D7B6C58916D3EAD243.job
    - c:\","d:\","E:\" []
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    MSConfigStartUp-NMSVC - c:\program files\CE\nmSvc.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://yahoo.com/
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    R0 -: HKLM-Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565MOUS
    O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-04 20:18:10
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\users\Christopher\AppData\Local\Microsoft\Windows\WER\ReportArchive\store.lock 0 bytes
    c:\users\Christopher\AppData\Local\Microsoft\Windows\WER\ReportQueue\store.lock 0 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Trend Micro\BM\TMBMSRV.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe
    c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
    c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\windows\System32\drivers\XAudio.exe
    c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\System32\VSSVC.exe
    c:\windows\ehome\ehsched.exe
    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    c:\windows\ehome\ehrecvr.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\System32\rundll32.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-04 21:10:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-11-05 02:08:30

    Pre-Run: 29,518,880,768 bytes free
    Post-Run: 30,596,694,016 bytes free

    359 --- E O F --- 2008-11-02 02:02:20
     
  9. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    HJT Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:48:12 PM, on 11/4/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Safari\Safari.exe
    C:\Windows\system32\InetCntrl\Maint\ControlCenter.exe
    C:\Windows\system32\InetCntrl\InetCntrl.exe
    C:\Users\Christopher\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
    O4 - HKLM\..\Run: [WPCUMI] "C:\Windows\system32\WpcUmi.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [InetCntrl] "C:\Windows\system32\InetCntrl\StartInet.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [EPSON Stylus CX9400Fax Series] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE" /FU "C:\Users\CHRIST~1\AppData\Local\Temp\E_SC730.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: MRI_DISABLED
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565MOUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11722 bytes
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,872
    did that make any difference

    can IE connect now
     
  11. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    I still cannot connect IE to internet. Still have the same problem as before with IE and other programs tied to it. ITunes won't update, MS Money, etc. It's almost like something is blocking the ports through which these programs are communicating, as Safari and Firefox have no trouble connecting.
     
  12. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,872
    then it must be the firewall

    any other cause and nothing would connect
     
  13. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    I turned off the Windows Firewall, but still have the same problem. I cannot even connect to my router via IE. I'm at the point where I may just have to reinstall the OS.
     
  14. chrisjoel99

    chrisjoel99 Thread Starter

    Joined:
    Oct 26, 2008
    Messages:
    10
    I tried something new. I created a new administrator user account in vista, and then logged in under this account. IE connects with no problems!! I logged out and logged back into my old user account and IE wouldn't connect. Any thoughts on why this could be?
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,872
    I am certain it is something in Trend internet security blocking it
    or bsafe parental settings blocking

    there can't be any other explanation
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/762967