IE keeps closing

BostonBoy1019 · June 2007

Hey guys, I know there are "steps to take before posting", but my internet explorer keeps closing randomly (and more frequently than ever), and everytime I try to open and read that post it closes before I can get past the clear history/temp internet files. I have done that and I have a HJT log. What could be wrong with my comp? Thanks for the help, you guys are the best.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:37:20 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\X3watch\x3watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.minorleaguebaseball.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mash1/en-us/redir.asp?affid=365-1&installtype=force&systempopup=true
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FAH@C:+Documents and Settings+Owner+Local Settings+Temporary Internet Files+Content.IE5+0Z6EYDRA+FAH504-Console[1].exe - Unknown owner - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0Z6EYDRA\FAH504-Console[1].exe (file missing)
O23 - Service: FAH@C:+Documents and Settings+Owner+Local Settings+Temporary Internet Files+Content.IE5+CPQB4H67+FAH504-Console[1].exe - Unknown owner - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPQB4H67\FAH504-Console[1].exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8278 bytes

Baabiouz · June 2007

Hi!

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

********************

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

Viewpoint

Please note any other programs that you dont recognize in that list in your next response

Boot your computer now.

********************

You are using new Hijackthis. It's Beta and it's better to use Hijackthis v. 1.99.1.
Please, download Hijackthis v.1.99.1 here.

Once it is downloaded, extract the zip file to c:\hjt and navigate to the c:\hjt folder. Now double-click on hijackthis.exe and when the window opens, put a checkmark in the box at the bottom that states Don't show this frame again when I start HijackThis.
Please, clikc now "Do system scan and save a logfile" and copy and paste the contents of the notepad it opens as a reply to this post.

************

Please, send a fresh HjT log

BostonBoy1019 · June 2007

Here's my HJT log. I installed Zone Alarm and the "old" HJT. I thought that the windows firewall was enough protection so I didn't bother with Zone Alarm because after the subscription stops it seems lame.
Logfile of HijackThis v1.99.1
Scan saved at 12:25:20 AM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.minorleaguebaseball.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mash1/en-us/redir.asp?affid=365-1&installtype=force&systempopup=true
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FAH@C:+Documents and Settings+Owner+Local Settings+Temporary Internet Files+Content.IE5+0Z6EYDRA+FAH504-Console[1].exe - Unknown owner - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0Z6EYDRA\FAH504-Console[1].exe (file missing)
O23 - Service: FAH@C:+Documents and Settings+Owner+Local Settings+Temporary Internet Files+Content.IE5+CPQB4H67+FAH504-Console[1].exe - Unknown owner - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPQB4H67\FAH504-Console[1].exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

The only programs I didn't recognize were:
Learn2 Player
MSXML 6.0 parser
Thanks again!

Baabiouz · June 2007

Learn2 Player comes with AOL

I don't know more about it. It's not dangerous..

MSXML
Not dangerous

****************

Please, scan your PC with Panda..

Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Do NOT lose it!

Please, send the Panda activescan report.

BostonBoy1019 · June 2007

Sorry about the lengthy response time, but things have been crazy. Here's the panda scan. It keep loading the same screen at "local disk" and said there was an error on the page and the "install active x control" kept popping up. I couldn't click local disk so I kept installing it and it eventually worked after like 5 minutes of that. I sometimes run into a problem where I can't click certain buttons on pages...idk why this is. Here's the panda log though...thanks again!

Incident Status Location

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
Potentially unwanted tool:Application/ViewPoint Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\0\Private\Vendor\ProgFiles\ViewBarBHO.dll
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50A.tmp
Spyware:Cookie/Cd Freaks Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50E.tmp

Baabiouz · June 2007

Log looks okay...

Please do the following...

1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download Deckard's System Scanner to your Desktop

* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Please post Main.txt and Extra.txt

BostonBoy1019 · June 2007

Ok...here's the Dss scan results.
Main-
Deckard's System Scanner v20070611.50
Run by Owner on 2007-06-16 at 10:36:24
Computer is in Normal Mode.

-- System Restore

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
115: 2007-06-16 14:36:29 UTC - RP253 - Deckard's System Scanner Restore Point
114: 2007-06-16 01:43:03 UTC - RP252 - System Checkpoint
113: 2007-06-15 00:32:23 UTC - RP251 - Software Distribution Service 3.0
112: 2007-06-14 05:11:48 UTC - RP250 - Software Distribution Service 3.0
111: 2007-06-13 04:21:45 UTC - RP249 - System Checkpoint

-- First Restore Point --
1: 2007-03-18 22:32:58 UTC - RP139 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Owner.exe)

Logfile of HijackThis v1.99.1
Scan saved at 10:37:24 AM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y09074ST\dss[1].exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.minorleaguebaseball.com/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mash1/en-us/redir.asp?affid=365-1&installtype=force&systempopup=true
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FAH@C:+Documents and Settings+Owner+Local Settings+Temporary Internet Files+Content.IE5+0Z6EYDRA+FAH504-Console[1].exe - Unknown owner - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0Z6EYDRA\FAH504-Console[1].exe (file missing)
O23 - Service: FAH@C:+Documents and Settings+Owner+Local Settings+Temporary Internet Files+Content.IE5+CPQB4H67+FAH504-Console[1].exe - Unknown owner - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CPQB4H67\FAH504-Console[1].exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-- File Associations

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe

S2 FAH@C:+Documents and Settings+Owner+Local Settings+Temporary Internet Files+Content.IE5+0Z6EYDRA+FAH504-Console[1].exe - c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0z6eydra\fah504-console[1].exe -svcstart (file missing)
S2 FAH@C:+Documents and Settings+Owner+Local Settings+Temporary Internet Files+Content.IE5+CPQB4H67+FAH504-Console[1].exe - c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cpqb4h67\fah504-console[1].exe -svcstart (file missing)

-- Scheduled Tasks

2007-06-16 10:12:37 330 --ah

C:\WINDOWS\Tasks\MP Scheduled Scan.job
2006-06-15 11:53:57 258 --a

C:\WINDOWS\Tasks\ISP signup reminder 2.job

-- Files created between 2007-05-16 and 2007-06-16

2007-06-15 21:19:52 0 d

C:\WINDOWS\system32\ActiveScan
2007-06-12 00:48:39 512 --a

C:\ScanSectorLog.dat
2007-06-11 23:59:54 0 d

C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-06-11 23:36:33 57632 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-11 23:36:33 8021024 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-11 23:23:39 0 d

C:\WINDOWS\SxsCaPendDel
2007-06-11 23:12:57 11264 --a

C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-06-11 23:11:39 0 d

C:\WINDOWS\system32\ZoneLabs
2007-05-19 16:08:25 86016 --a

C:\WINDOWS\system32\ElbyCDIO.dll <Not Verified; Elaborate Bytes AG; Elaborate Bytes CDRTools>
2007-05-17 21:59:19 0 d

C:\Documents and Settings\Owner\Application Data\WinRAR
2007-05-16 22:38:30 0 d

C:\Documents and Settings\Owner\Application Data\DivX
2007-05-16 22:34:28 155648 --a

C:\WINDOWS\system32\AvidAVICodec.dll <Not Verified; Avid Technology, Inc; Avid AVI Codec Version 2.0d2>
2007-05-16 22:20:28 0 d

C:\Program Files\DivX

-- Find3M Report

2007-06-16 10:09:57 793 --ahs---- C:\WINDOWS\system32\mmf.sys
2007-06-15 21:56:33 0 d

C:\Program Files\X3watch
2007-06-15 21:56:22 0 d

C:\Program Files\Windows Defender
2007-06-15 21:44:39 0 d

C:\Program Files\Digital Media Reader
2007-06-11 23:20:38 4212 ---h

C:\WINDOWS\system32\zllictbl.dat
2007-06-11 23:10:55 0 d

C:\Program Files\Microsoft.NET
2007-06-11 23:05:15 0 d

C:\Program Files\Viewpoint
2007-06-02 01:19:59 0 d

C:\Program Files\AIM6
2007-05-11 00:41:02 0 d

C:\Program Files\Folding@Home
2007-05-11 00:37:15 802816 --a

C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-11 00:37:15 823296 --a

C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-11 00:37:15 823296 --a

C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-11 00:37:15 740442 --a

C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-10 00:13:24 0 d

C:\Program Files\Elaborate Bytes
2007-05-10 00:09:29 0 d

C:\Program Files\SlySoft
2007-05-09 23:22:15 0 d

C:\Program Files\BitLord
2007-05-09 21:02:25 0 d

C:\Documents and Settings\Owner\Application Data\1clickPro
2007-05-09 20:34:23 0 d

C:\Documents and Settings\Owner\Application Data\RipIt4Me
2007-05-09 01:29:43 0 d

C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-05-09 01:28:13 0 d

C:\Program Files\Lavasoft
2007-05-09 01:27:32 0 d

C:\Program Files\Common Files\Wise Installation Wizard
2007-05-04 21:48:40 0 d

C:\Program Files\DVD Decrypter
2007-04-30 09:37:45 0 d

C:\Program Files\Microsoft SQL Server
2007-04-30 09:32:27 0 d

C:\Program Files\MSXML 6.0
2007-04-29 01:44:02 0 d

C:\Program Files\BitTorrent
2007-04-29 01:41:07 0 d

C:\Documents and Settings\Owner\Application Data\Vso
2007-04-29 01:41:07 34 --a

C:\Documents and Settings\Owner\Application Data\pcouffin.log
2007-04-29 01:41:03 47360 --a

C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-04-29 01:41:03 1144 --a

C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2007-04-29 01:41:03 1074 --a

C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2007-04-29 01:40:45 0 d

C:\Program Files\VSO
2007-04-29 01:39:54 0 d

C:\Program Files\DVD Shrink
2007-04-28 23:50:45 0 d

C:\Program Files\LG Software Innovations
2007-04-28 22:52:57 0 d

C:\Documents and Settings\Owner\Application Data\BitTorrent
2007-04-23 23:41:15 0 d

C:\Program Files\Java
2007-04-23 23:26:38 0 d

C:\Program Files\Google
2007-04-22 20:15:29 3596288 --a

C:\WINDOWS\system32\qt-dx331.dll
2007-04-22 20:02:34 196608 --a

C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-04-22 20:02:34 73728 --a

C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-04-22 20:01:47 12288 --a

C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-18 02:13:44 12289999 --a

C:\AVG7QT.DAT
2007-04-18 02:13:28 0 d

C:\Documents and Settings\Owner\Application Data\AVG7

-- Registry Dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
@=""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"x3watch"="C:\\Program Files\\X3watch\\x3watch.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41797a41-f84d-11da-947b-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

-- End of Deckard's System Scanner: finished at 2007-06-16 at 10:38:03

BostonBoy1019 · June 2007

I never got the "extra.txt" for some reason...idk why? The computer has been wicked slow lately for some reason...I kind of think it is because of Zone Alarm (it made my computer run real slow last time I downloaded it). My mouse doesn't move like I want it though, and things are spotty as to whether they are clicked or not. Things seem to be getting worse. I've ran scans, defrags and everything else...still pretty bad. Sometimes the current page I'm on goes back to the last one automatically too for some reason.

Baabiouz · June 2007

You can chage your Firewall.. Logs are fine.

Baabiouz · June 2007

There is lot of unnecessary startup programs, so let's fix those..

Please run Hijackthis.exe and Click Do system scan only.
Check these lines..:

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please, reboot your computer now.

BostonBoy1019 · June 2007

So my computer is clean? Why is it running so awfully slow? I'll go with a different firewall I guess, but does Zone Alarm have a history of making computers run slow because I always have been told to download that by people, so I'm guessing it is well respected and appreciated. I appreciate you showing me how to not have so many things start up when I turn on the computer...that was frustrating having to wait 15 minutes for my computer to turn on. Are there some trouble shooting things I can do for my computer, or should I take this to another section of hte forum? My internet explorer hasn't been closing automatically as much lately, but it does go back and forward pages without my telling it to with increasing regularity. Thanks for the help again!

BostonBoy1019 · June 2007

One more thing...there have been new desktop items created recently that I don't know how they got there. They are:
Owner.exe (its logo/picture thingy is the same as HJT)
Then there are 2 microsoft word documents that seem as if they are open. They are faded and have the "~$" before word title name minus teh first 2 letters. Are these cause for concern and how do I fix the "open" Word documents?

Baabiouz · June 2007

Your log looks clean, yes..

Owner.exe = Dss copied hijackthis.exe and renamed copy to Owner.exe (your username).
I can't say anything to "how do I fix the "open" Word documents".. ;(

BostonBoy1019 · June 2007

I downloaded Agitum for a firewall. After installing all the updates and restarting, I went to run the spyware scan on it. It froze. I left the computer thinking it was just taking a while. 15 hours later, the scan was still ongoing with the top part saying "static." I pressed "control/alt/delete" and closed it. When I tried to re-open it, my computer restarted. Upon restarting, this webpage popped up:
http://wer.microsoft.com/responses/Response.aspx/10/en-us/5.1.2600.2.00010300.2.0?SGD=95e06450-637c-4d78-9506-8e8acd41cd11
Things are still running slow...does this have anything to do with it? I can take this to the section of your reccomendation if it doesn't fit here because you said it is not a spyware/virus problem. Thanks!

Baabiouz · June 2007

Hi!
Please, try change agnitum for example to Kerio.
Kerio founds here.

Did that help?

Baabiouz · July 2007

Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum

If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead

IE keeps closing

Comments