Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cannot access IE [second laptop]

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cannot access IE [second laptop]

Unread postby PopaTom » November 29th, 2009, 3:09 pm

It all started when I D/L "Enterprise Suite Malware Remover". I tried booting into safe mode and that didnt help. When I try to access IE through another browser or any program that requires IE I get a msn stating "There was a problem sending command to the program" I am having to use another computer to write this msg. TYIA

Dell Inspiron 1545, XP Pro. Ver. 2002 SP3, Pentium(R0 Dual-Core CPU T4200 @ 2.00GHz 1.20 GHz, 3.46 GB of Ram

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:49 AM, on 11/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USCON/1
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.9 google.ae
O1 - Hosts: 93.174.89.9 google.as
O1 - Hosts: 93.174.89.9 google.at
O1 - Hosts: 93.174.89.9 google.az
O1 - Hosts: 93.174.89.9 google.ba
O1 - Hosts: 93.174.89.9 google.be
O1 - Hosts: 93.174.89.9 google.bg
O1 - Hosts: 93.174.89.9 google.bs
O1 - Hosts: 93.174.89.9 google.ca
O1 - Hosts: 93.174.89.9 google.cd
O1 - Hosts: 93.174.89.9 google.com.gh
O1 - Hosts: 93.174.89.9 google.com.hk
O1 - Hosts: 93.174.89.9 google.com.jm
O1 - Hosts: 93.174.89.9 google.com.mx
O1 - Hosts: 93.174.89.9 google.com.my
O1 - Hosts: 93.174.89.9 google.com.na
O1 - Hosts: 93.174.89.9 google.com.nf
O1 - Hosts: 93.174.89.9 google.com.ng
O1 - Hosts: 93.174.89.9 google.ch
O1 - Hosts: 93.174.89.9 google.com.np
O1 - Hosts: 93.174.89.9 google.com.pr
O1 - Hosts: 93.174.89.9 google.com.qa
O1 - Hosts: 93.174.89.9 google.com.sg
O1 - Hosts: 93.174.89.9 google.com.tj
O1 - Hosts: 93.174.89.9 google.com.tw
O1 - Hosts: 93.174.89.9 google.dj
O1 - Hosts: 93.174.89.9 google.de
O1 - Hosts: 93.174.89.9 google.dk
O1 - Hosts: 93.174.89.9 google.dm
O1 - Hosts: 93.174.89.9 google.ee
O1 - Hosts: 93.174.89.9 google.fi
O1 - Hosts: 93.174.89.9 google.fm
O1 - Hosts: 93.174.89.9 google.fr
O1 - Hosts: 93.174.89.9 google.ge
O1 - Hosts: 93.174.89.9 google.gg
O1 - Hosts: 93.174.89.9 google.gm
O1 - Hosts: 93.174.89.9 google.gr
O1 - Hosts: 93.174.89.9 google.ht
O1 - Hosts: 93.174.89.9 google.ie
O1 - Hosts: 93.174.89.9 google.im
O1 - Hosts: 93.174.89.9 google.in
O1 - Hosts: 93.174.89.9 google.it
O1 - Hosts: 93.174.89.9 google.ki
O1 - Hosts: 93.174.89.9 google.la
O1 - Hosts: 93.174.89.9 google.li
O1 - Hosts: 93.174.89.9 google.lv
O1 - Hosts: 93.174.89.9 google.ma
O1 - Hosts: 93.174.89.9 google.ms
O1 - Hosts: 93.174.89.9 google.mu
O1 - Hosts: 93.174.89.9 google.mw
O1 - Hosts: 93.174.89.9 google.nl
O1 - Hosts: 93.174.89.9 google.no
O1 - Hosts: 93.174.89.9 google.nr
O1 - Hosts: 93.174.89.9 google.nu
O1 - Hosts: 93.174.89.9 google.pl
O1 - Hosts: 93.174.89.9 google.pn
O1 - Hosts: 93.174.89.9 google.pt
O1 - Hosts: 93.174.89.9 google.ro
O1 - Hosts: 93.174.89.9 google.ru
O1 - Hosts: 93.174.89.9 google.rw
O1 - Hosts: 93.174.89.9 google.se
O1 - Hosts: 93.174.89.9 google.sh
O1 - Hosts: 93.174.89.9 google.sm
O1 - Hosts: 93.174.89.9 google.sn
O1 - Hosts: 93.174.89.9 google.st
O1 - Hosts: 93.174.89.9 google.tl
O1 - Hosts: 93.174.89.9 google.tm
O1 - Hosts: 93.174.89.9 google.tt
O1 - Hosts: 93.174.89.9 google.us
O1 - Hosts: 93.174.89.9 google.vu
O1 - Hosts: 93.174.89.9 google.ws
O1 - Hosts: 93.174.89.9 google.co.ck
O1 - Hosts: 93.174.89.9 google.co.id
O1 - Hosts: 93.174.89.9 google.co.il
O1 - Hosts: 93.174.89.9 google.co.in
O1 - Hosts: 93.174.89.9 google.co.jp
O1 - Hosts: 93.174.89.9 google.co.kr
O1 - Hosts: 93.174.89.9 google.co.ls
O1 - Hosts: 93.174.89.9 google.co.ma
O1 - Hosts: 93.174.89.9 google.co.nz
O1 - Hosts: 93.174.89.9 google.co.tz
O1 - Hosts: 93.174.89.9 google.co.ug
O1 - Hosts: 93.174.89.9 google.co.uk
O1 - Hosts: 93.174.89.9 google.co.za
O1 - Hosts: 93.174.89.9 google.co.zm
O1 - Hosts: 93.174.89.9 google.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r203425\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O24 - Desktop Component 0: (no name) - http://www.freshtracks.ca/images/aurora-borealis.jpg

--
End of file - 11108 bytes
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Re: Cannot access IE [second laptop]

Unread postby MWR 3 day Mod » December 3rd, 2009, 1:44 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Cannot access IE [second laptop]

Unread postby deltalima » December 8th, 2009, 8:08 am

Hi PopaTom,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cannot access IE [second laptop]

Unread postby PopaTom » December 11th, 2009, 9:03 am

Hi deltalima,

Thank you for answering my post.
I am LQQKING forward to working with you.
The scan you requested is pasted below:
Thank You, PopaTom

---------------------------------------------------------------------------


Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
AT&T Communication Manager
Banctec Service Agreement
Choice Guard
Compatibility Pack for the 2007 Office system
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Documentation & Support Launcher
Driver Installer
Games, Music, & Photos Launcher
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Service Offers Launcher
Java(TM) 6 Update 11
Junk Mail filter update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 6.0 Parser (KB927977)
NinjaTrader 6.5
PC Tools AntiVirus 6.0
PowerDVD
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Secure Viewer 2.7
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB898461)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Presentation Foundation
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Cannot access IE [second laptop]

Unread postby deltalima » December 12th, 2009, 2:35 pm

Hi PopaTom,

I notice that you have also posted your HijackThis log at another site.

http://forums.techguy.org/malware-remov ... lware.html

Please see viewtopic.php?f=11&t=23980 and decide if you wish to continue to be helped here. If so then please ask for the other thread to be closed and let me know.

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

:use HostsXpert:

    Please download HostXpert.

    • Unzip HostsXpert.zip
    • Double click on HostsXpert.exe to launch the programme.
    • Check to see if top button on left hand side says Make Writable ?
      • If it does. click on it then proceed to next instruction.
      • If not, just proceed to next instruction
    • Then click on "Restore ms Hosts file" to restore your Hosts file to its default condidtion..
    • Click on Make Read Only to secure it against further infection.
    • Close program when complete.

Now please reboot your computer.

Please download DDS ... by sUBs.
Save it to your desktop. Alternate download link:here.
  • Double click the tool to run it.
  • A black Screen will open... read the contents but do nothing.
  • When DDS finishes... Notepad will open with 2 reports... DDS.txt and Attach.txt
    Ignore the comments about zipping / attaching any of the report files. The 2 report files are not saved anywhere,
    if you close Notepad, before copying /pasting them... you will need to run DDS again.
  • Copy/paste both DDS.txt and Attach.txt reports in your next reply.
  • Once the reports have been posted, you can delete DDS from your desktop.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with DDS.txt and Attach.txt from the DDS scan into your next reply and an update on how your computer is running.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cannot access IE [second laptop]

Unread postby PopaTom » December 12th, 2009, 3:02 pm

Hi Deltalima,
I opened that other post in Tech Guy a while back. I have since marked "solved" on it. I thought by doing that they would close the post. Also I went back in to Tech Guys today and asked them to remove my posts because a tech from a diff. site was helping me. I checked in on them again this evening and my post had been removed. I am going to proceed with your instructions and get back to you. If I can do anything else please let me know. Thanks, PopaTom
----------------------------------------------------------------------------------------------

I opened "HijackThis". I got these msgs after the scan finished:

>First msg<...>>>> "For some reason your system denied write access to the Hosts file. If any Hijacked domains are in this fil, Hijack This may not be able to fix this.
If that happens, you need to edit the file yourself. To do this, click start, Run, and type:
notepadC:\WINDOWS\System32\drivers\etc\hosts
and press Enter. Find the line(s) Hijack This reports and delete them. Save the file as `hosts` (with quotes), and reboot".
<< END OF first MSG.

Second msg opened when I closed out of first msg. The second msg is as follows:

.Second msg,..>>>>> "You have a particularly large amount of hijacked domains. Its probably better to delete the file itself than to fix each item (and create a back up).
If you see the same IP address in all the reported )! items, consider deleting your Hosts file, which is located at C:\WINDOWS\System32\drivers\etc\hosts".
<< END OF SECOND MSG.
______________________



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:49 AM, on 11/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USCON/1
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.9 google.ae
O1 - Hosts: 93.174.89.9 google.as
O1 - Hosts: 93.174.89.9 google.at
O1 - Hosts: 93.174.89.9 google.az
O1 - Hosts: 93.174.89.9 google.ba
O1 - Hosts: 93.174.89.9 google.be
O1 - Hosts: 93.174.89.9 google.bg
O1 - Hosts: 93.174.89.9 google.bs
O1 - Hosts: 93.174.89.9 google.ca
O1 - Hosts: 93.174.89.9 google.cd
O1 - Hosts: 93.174.89.9 google.com.gh
O1 - Hosts: 93.174.89.9 google.com.hk
O1 - Hosts: 93.174.89.9 google.com.jm
O1 - Hosts: 93.174.89.9 google.com.mx
O1 - Hosts: 93.174.89.9 google.com.my
O1 - Hosts: 93.174.89.9 google.com.na
O1 - Hosts: 93.174.89.9 google.com.nf
O1 - Hosts: 93.174.89.9 google.com.ng
O1 - Hosts: 93.174.89.9 google.ch
O1 - Hosts: 93.174.89.9 google.com.np
O1 - Hosts: 93.174.89.9 google.com.pr
O1 - Hosts: 93.174.89.9 google.com.qa
O1 - Hosts: 93.174.89.9 google.com.sg
O1 - Hosts: 93.174.89.9 google.com.tj
O1 - Hosts: 93.174.89.9 google.com.tw
O1 - Hosts: 93.174.89.9 google.dj
O1 - Hosts: 93.174.89.9 google.de
O1 - Hosts: 93.174.89.9 google.dk
O1 - Hosts: 93.174.89.9 google.dm
O1 - Hosts: 93.174.89.9 google.ee
O1 - Hosts: 93.174.89.9 google.fi
O1 - Hosts: 93.174.89.9 google.fm
O1 - Hosts: 93.174.89.9 google.fr
O1 - Hosts: 93.174.89.9 google.ge
O1 - Hosts: 93.174.89.9 google.gg
O1 - Hosts: 93.174.89.9 google.gm
O1 - Hosts: 93.174.89.9 google.gr
O1 - Hosts: 93.174.89.9 google.ht
O1 - Hosts: 93.174.89.9 google.ie
O1 - Hosts: 93.174.89.9 google.im
O1 - Hosts: 93.174.89.9 google.in
O1 - Hosts: 93.174.89.9 google.it
O1 - Hosts: 93.174.89.9 google.ki
O1 - Hosts: 93.174.89.9 google.la
O1 - Hosts: 93.174.89.9 google.li
O1 - Hosts: 93.174.89.9 google.lv
O1 - Hosts: 93.174.89.9 google.ma
O1 - Hosts: 93.174.89.9 google.ms
O1 - Hosts: 93.174.89.9 google.mu
O1 - Hosts: 93.174.89.9 google.mw
O1 - Hosts: 93.174.89.9 google.nl
O1 - Hosts: 93.174.89.9 google.no
O1 - Hosts: 93.174.89.9 google.nr
O1 - Hosts: 93.174.89.9 google.nu
O1 - Hosts: 93.174.89.9 google.pl
O1 - Hosts: 93.174.89.9 google.pn
O1 - Hosts: 93.174.89.9 google.pt
O1 - Hosts: 93.174.89.9 google.ro
O1 - Hosts: 93.174.89.9 google.ru
O1 - Hosts: 93.174.89.9 google.rw
O1 - Hosts: 93.174.89.9 google.se
O1 - Hosts: 93.174.89.9 google.sh
O1 - Hosts: 93.174.89.9 google.sm
O1 - Hosts: 93.174.89.9 google.sn
O1 - Hosts: 93.174.89.9 google.st
O1 - Hosts: 93.174.89.9 google.tl
O1 - Hosts: 93.174.89.9 google.tm
O1 - Hosts: 93.174.89.9 google.tt
O1 - Hosts: 93.174.89.9 google.us
O1 - Hosts: 93.174.89.9 google.vu
O1 - Hosts: 93.174.89.9 google.ws
O1 - Hosts: 93.174.89.9 google.co.ck
O1 - Hosts: 93.174.89.9 google.co.id
O1 - Hosts: 93.174.89.9 google.co.il
O1 - Hosts: 93.174.89.9 google.co.in
O1 - Hosts: 93.174.89.9 google.co.jp
O1 - Hosts: 93.174.89.9 google.co.kr
O1 - Hosts: 93.174.89.9 google.co.ls
O1 - Hosts: 93.174.89.9 google.co.ma
O1 - Hosts: 93.174.89.9 google.co.nz
O1 - Hosts: 93.174.89.9 google.co.tz
O1 - Hosts: 93.174.89.9 google.co.ug
O1 - Hosts: 93.174.89.9 google.co.uk
O1 - Hosts: 93.174.89.9 google.co.za
O1 - Hosts: 93.174.89.9 google.co.zm
O1 - Hosts: 93.174.89.9 google.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r203425\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O24 - Desktop Component 0: (no name) - http://www.freshtracks.ca/images/aurora-borealis.jpg

--
End of file - 11108 bytes

Please keep in mind that at the present time I can not access the internet with the infected PC . I am using another PC to communicate with you. I am transfering files to this computer from the infected computer via shared doc`s. I will wait for further instructions from you to proceed with your last instructions. Thanks, PopaTom
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Cannot access IE [second laptop]

Unread postby deltalima » December 14th, 2009, 8:15 am

Hi PopaTom,

Please continue with the DDS and GMER scans, here are the details

Please download DDS ... by sUBs.
Save it to your desktop. Alternate download link:here.
  • Double click the tool to run it.
  • A black Screen will open... read the contents but do nothing.
  • When DDS finishes... Notepad will open with 2 reports... DDS.txt and Attach.txt
    Ignore the comments about zipping / attaching any of the report files. The 2 report files are not saved anywhere,
    if you close Notepad, before copying /pasting them... you will need to run DDS again.
  • Copy/paste both DDS.txt and Attach.txt reports in your next reply.
  • Once the reports have been posted, you can delete DDS from your desktop.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with DDS.txt and Attach.txt from the DDS scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cannot access IE [second laptop]

Unread postby PopaTom » December 14th, 2009, 8:04 pm

Hi Deltalima,
Hope this is what you wanted . I had to d/l them on a diff PC to a cd , then open and run them on the infected PC, etc,etc. In this reply I will post the DDS.txt and the attach.txt. I will paste the GMER scan in my next reply. Thanks


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/23/2009 2:13:55 PM
System Uptime: 12/14/2009 2:48:54 PM (1 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 269.072 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP55: 9/13/2009 6:49:45 PM - System Checkpoint
RP56: 9/15/2009 9:44:00 AM - System Checkpoint
RP57: 9/16/2009 7:17:36 PM - System Checkpoint
RP58: 9/18/2009 4:52:02 PM - System Checkpoint
RP59: 9/19/2009 6:11:29 PM - System Checkpoint
RP60: 9/21/2009 1:24:15 PM - System Checkpoint
RP61: 9/22/2009 7:42:47 PM - System Checkpoint
RP62: 9/24/2009 6:54:52 AM - System Checkpoint
RP63: 9/25/2009 9:46:14 AM - System Checkpoint
RP64: 9/26/2009 5:21:35 PM - System Checkpoint
RP65: 9/27/2009 5:34:23 PM - System Checkpoint
RP66: 9/29/2009 11:00:36 AM - System Checkpoint
RP67: 10/1/2009 7:37:34 AM - System Checkpoint
RP68: 10/2/2009 11:44:55 AM - System Checkpoint
RP69: 10/3/2009 3:29:24 PM - System Checkpoint
RP70: 10/4/2009 6:36:48 PM - System Checkpoint
RP71: 10/6/2009 2:26:16 PM - System Checkpoint
RP72: 10/7/2009 5:18:48 PM - System Checkpoint
RP73: 10/8/2009 6:22:12 PM - System Checkpoint
RP74: 10/10/2009 1:34:47 PM - System Checkpoint
RP75: 10/11/2009 5:49:51 PM - System Checkpoint
RP76: 10/12/2009 6:51:28 PM - System Checkpoint
RP77: 10/13/2009 7:11:16 PM - System Checkpoint
RP78: 10/15/2009 5:02:48 AM - Software Distribution Service 3.0
RP79: 10/17/2009 3:41:15 AM - System Checkpoint
RP80: 10/19/2009 11:16:50 AM - System Checkpoint
RP81: 10/21/2009 7:20:55 AM - System Checkpoint
RP82: 10/22/2009 7:26:24 AM - System Checkpoint
RP83: 10/23/2009 9:05:12 AM - System Checkpoint
RP84: 10/24/2009 9:34:33 AM - System Checkpoint
RP85: 10/25/2009 7:53:47 PM - System Checkpoint
RP86: 10/25/2009 8:25:49 PM - Installed HP Smart Web Printing
RP87: 10/26/2009 5:38:43 AM - Software Distribution Service 3.0
RP88: 10/27/2009 8:23:13 AM - System Checkpoint
RP89: 10/28/2009 7:00:11 PM - System Checkpoint
RP90: 10/30/2009 8:33:08 AM - Installed Windows XP KB915865.
RP91: 10/30/2009 8:33:36 AM - Installed Windows NLSDownlevelMapping.
RP92: 10/30/2009 8:33:54 AM - Installed Windows IDNMitigationAPIs.
RP93: 10/30/2009 8:34:15 AM - Installed Windows Internet Explorer 7.
RP94: 10/30/2009 8:34:37 AM - Software Distribution Service 3.0
RP95: 10/31/2009 12:21:13 PM - Software Distribution Service 3.0
RP96: 11/1/2009 3:50:58 PM - System Checkpoint
RP97: 11/3/2009 9:53:08 AM - System Checkpoint
RP98: 11/4/2009 1:50:06 PM - System Checkpoint
RP99: 11/7/2009 9:16:45 AM - System Checkpoint
RP100: 11/9/2009 8:52:13 AM - System Checkpoint
RP101: 11/10/2009 10:09:24 AM - System Checkpoint
RP102: 11/11/2009 10:46:59 AM - System Checkpoint
RP103: 11/13/2009 9:34:50 AM - System Checkpoint
RP104: 11/14/2009 8:30:02 PM - System Checkpoint
RP105: 11/16/2009 10:14:55 AM - System Checkpoint
RP106: 11/18/2009 10:14:18 AM - System Checkpoint
RP107: 11/20/2009 10:28:47 AM - System Checkpoint
RP108: 11/21/2009 8:45:56 PM - System Checkpoint
RP109: 11/22/2009 3:15:18 PM - Restore Operation
RP110: 11/22/2009 5:35:58 PM - Restore Operation
RP111: 11/22/2009 7:28:48 PM - Restore Operation
RP112: 11/26/2009 11:09:40 AM - System Checkpoint
RP113: 11/28/2009 12:00:47 PM - System Checkpoint
RP114: 11/29/2009 12:15:10 PM - System Checkpoint
RP115: 12/6/2009 10:23:18 AM - System Checkpoint
RP116: 12/6/2009 1:37:44 PM - Before fixing registry with Registry Cleaner
RP117: 12/11/2009 6:14:26 AM - System Checkpoint
RP118: 12/12/2009 10:35:23 PM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 93.174.89.9 google.ae
Hosts: 93.174.89.9 google.as
Hosts: 93.174.89.9 google.at
Hosts: 93.174.89.9 google.az
Hosts: 93.174.89.9 google.ba
Hosts: 93.174.89.9 google.be
Hosts: 93.174.89.9 google.bg
Hosts: 93.174.89.9 google.bs
Hosts: 93.174.89.9 google.ca
Hosts: 93.174.89.9 google.cd
Hosts: 93.174.89.9 google.com.gh
Hosts: 93.174.89.9 google.com.hk
Hosts: 93.174.89.9 google.com.jm
Hosts: 93.174.89.9 google.com.mx
Hosts: 93.174.89.9 google.com.my
Hosts: 93.174.89.9 google.com.na
Hosts: 93.174.89.9 google.com.nf
Hosts: 93.174.89.9 google.com.ng
Hosts: 93.174.89.9 google.ch
Hosts: 93.174.89.9 google.com.np
Hosts: 93.174.89.9 google.com.pr
Hosts: 93.174.89.9 google.com.qa
Hosts: 93.174.89.9 google.com.sg
Hosts: 93.174.89.9 google.com.tj
Hosts: 93.174.89.9 google.com.tw
Hosts: 93.174.89.9 google.dj
Hosts: 93.174.89.9 google.de
Hosts: 93.174.89.9 google.dk
Hosts: 93.174.89.9 google.dm
Hosts: 93.174.89.9 google.ee
Hosts: 93.174.89.9 google.fi
Hosts: 93.174.89.9 google.fm
Hosts: 93.174.89.9 google.fr
Hosts: 93.174.89.9 google.ge
Hosts: 93.174.89.9 google.gg
Hosts: 93.174.89.9 google.gm
Hosts: 93.174.89.9 google.gr
Hosts: 93.174.89.9 google.ht
Hosts: 93.174.89.9 google.ie
Hosts: 93.174.89.9 google.im
Hosts: 93.174.89.9 google.in
Hosts: 93.174.89.9 google.it
Hosts: 93.174.89.9 google.ki
Hosts: 93.174.89.9 google.la
Hosts: 93.174.89.9 google.li
Hosts: 93.174.89.9 google.lv
Hosts: 93.174.89.9 google.ma
Hosts: 93.174.89.9 google.ms
Hosts: 93.174.89.9 google.mu
Hosts: 93.174.89.9 google.mw
Hosts: 93.174.89.9 google.nl
Hosts: 93.174.89.9 google.no
Hosts: 93.174.89.9 google.nr
Hosts: 93.174.89.9 google.nu
Hosts: 93.174.89.9 google.pl
Hosts: 93.174.89.9 google.pn
Hosts: 93.174.89.9 google.pt
Hosts: 93.174.89.9 google.ro
Hosts: 93.174.89.9 google.ru
Hosts: 93.174.89.9 google.rw
Hosts: 93.174.89.9 google.se
Hosts: 93.174.89.9 google.sh
Hosts: 93.174.89.9 google.sm
Hosts: 93.174.89.9 google.sn
Hosts: 93.174.89.9 google.st
Hosts: 93.174.89.9 google.tl
Hosts: 93.174.89.9 google.tm
Hosts: 93.174.89.9 google.tt
Hosts: 93.174.89.9 google.us
Hosts: 93.174.89.9 google.vu
Hosts: 93.174.89.9 google.ws
Hosts: 93.174.89.9 google.co.ck
Hosts: 93.174.89.9 google.co.id
Hosts: 93.174.89.9 google.co.il
Hosts: 93.174.89.9 google.co.in
Hosts: 93.174.89.9 google.co.jp
Hosts: 93.174.89.9 google.co.kr
Hosts: 93.174.89.9 google.co.ls
Hosts: 93.174.89.9 google.co.ma
Hosts: 93.174.89.9 google.co.nz
Hosts: 93.174.89.9 google.co.tz
Hosts: 93.174.89.9 google.co.ug
Hosts: 93.174.89.9 google.co.uk
Hosts: 93.174.89.9 google.co.za
Hosts: 93.174.89.9 google.co.zm
Hosts: 93.174.89.9 google.com
Hosts: 93.174.89.9 google.com.af
Hosts: 93.174.89.9 google.com.ag
Hosts: 93.174.89.9 google.com.ar
Hosts: 93.174.89.9 google.com.au
Hosts: 93.174.89.9 google.com.bn
Hosts: 93.174.89.9 google.com.br
Hosts: 93.174.89.9 google.com.by
Hosts: 93.174.89.9 google.com.bz
Hosts: 93.174.89.9 google.com.cu
Hosts: 93.174.89.9 google.com.ec
Hosts: 93.174.89.9 google.com.fj
Hosts: 93.174.89.9 www.google.ae
Hosts: 93.174.89.9 www.google.as
Hosts: 93.174.89.9 www.google.at
Hosts: 93.174.89.9 www.google.az
Hosts: 93.174.89.9 www.google.ba
Hosts: 93.174.89.9 www.google.be
Hosts: 93.174.89.9 www.google.bg
Hosts: 93.174.89.9 www.google.bs
Hosts: 93.174.89.9 www.google.ca
Hosts: 93.174.89.9 www.google.cd
Hosts: 93.174.89.9 www.google.com.gh
Hosts: 93.174.89.9 www.google.com.hk
Hosts: 93.174.89.9 www.google.com.jm
Hosts: 93.174.89.9 www.google.com.mx
Hosts: 93.174.89.9 www.google.com.my
Hosts: 93.174.89.9 www.google.com.na
Hosts: 93.174.89.9 www.google.com.nf
Hosts: 93.174.89.9 www.google.com.ng
Hosts: 93.174.89.9 www.google.ch
Hosts: 93.174.89.9 www.google.com.np
Hosts: 93.174.89.9 www.google.com.pr
Hosts: 93.174.89.9 www.google.com.qa
Hosts: 93.174.89.9 www.google.com.sg
Hosts: 93.174.89.9 www.google.com.tj
Hosts: 93.174.89.9 www.google.com.tw
Hosts: 93.174.89.9 www.google.dj
Hosts: 93.174.89.9 www.google.de
Hosts: 93.174.89.9 www.google.dk
Hosts: 93.174.89.9 www.google.dm
Hosts: 93.174.89.9 www.google.ee
Hosts: 93.174.89.9 www.google.fi
Hosts: 93.174.89.9 www.google.fm
Hosts: 93.174.89.9 www.google.fr
Hosts: 93.174.89.9 www.google.ge
Hosts: 93.174.89.9 www.google.gg
Hosts: 93.174.89.9 www.google.gm
Hosts: 93.174.89.9 www.google.gr
Hosts: 93.174.89.9 www.google.ht
Hosts: 93.174.89.9 www.google.ie
Hosts: 93.174.89.9 www.google.im
Hosts: 93.174.89.9 www.google.la
Hosts: 93.174.89.9 www.google.li
Hosts: 93.174.89.9 www.google.lv
Hosts: 93.174.89.9 www.google.ma
Hosts: 93.174.89.9 www.google.ms
Hosts: 93.174.89.9 www.google.mu
Hosts: 93.174.89.9 www.google.mw
Hosts: 93.174.89.9 www.google.nl
Hosts: 93.174.89.9 www.google.no
Hosts: 93.174.89.9 www.google.nr
Hosts: 93.174.89.9 www.google.nu
Hosts: 93.174.89.9 www.google.pl
Hosts: 93.174.89.9 www.google.pn
Hosts: 93.174.89.9 www.google.pt
Hosts: 93.174.89.9 www.google.ro
Hosts: 93.174.89.9 www.google.ru
Hosts: 93.174.89.9 www.google.rw
Hosts: 93.174.89.9 www.google.sc
Hosts: 93.174.89.9 www.google.se
Hosts: 93.174.89.9 www.google.sh
Hosts: 93.174.89.9 www.google.si
Hosts: 93.174.89.9 www.google.sm
Hosts: 93.174.89.9 www.google.sn
Hosts: 93.174.89.9 www.google.st
Hosts: 93.174.89.9 www.google.tl
Hosts: 93.174.89.9 www.google.tm
Hosts: 93.174.89.9 www.google.tt
Hosts: 93.174.89.9 www.google.us
Hosts: 93.174.89.9 www.google.vu
Hosts: 93.174.89.9 www.google.ws
Hosts: 93.174.89.9 www.google.co.ck
Hosts: 93.174.89.9 www.google.co.id
Hosts: 93.174.89.9 www.google.co.il
Hosts: 93.174.89.9 www.google.co.in
Hosts: 93.174.89.9 www.google.co.jp
Hosts: 93.174.89.9 www.google.co.kr
Hosts: 93.174.89.9 www.google.co.ls
Hosts: 93.174.89.9 www.google.co.ma
Hosts: 93.174.89.9 www.google.co.nz
Hosts: 93.174.89.9 www.google.co.tz
Hosts: 93.174.89.9 www.google.co.ug
Hosts: 93.174.89.9 www.google.co.uk
Hosts: 93.174.89.9 www.google.co.za
Hosts: 93.174.89.9 www.google.co.zm
Hosts: 93.174.89.9 www.google.com
Hosts: 93.174.89.9 www.google.com.af
Hosts: 93.174.89.9 www.google.com.ag
Hosts: 93.174.89.9 www.google.com.ar
Hosts: 93.174.89.9 www.google.com.au
Hosts: 93.174.89.9 www.google.com.bn
Hosts: 93.174.89.9 www.google.com.br
Hosts: 93.174.89.9 www.google.com.by
Hosts: 93.174.89.9 www.google.com.bz
Hosts: 93.174.89.9 www.google.com.cu
Hosts: 93.174.89.9 www.google.com.ec
Hosts: 93.174.89.9 www.google.com.fj
Hosts: 93.174.89.9 google.com
Hosts: 93.174.89.9 www.google.com
Hosts: 93.174.89.9 bing.com
Hosts: 93.174.89.9 www.bing.com
Hosts: 93.174.89.9 search.yahoo.com
Hosts: 93.174.89.9 www.search.yahoo.com
Hosts: 93.174.89.9 search.live.com
Hosts: 93.174.89.9 search.msn.com

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
AT&T Communication Manager
Banctec Service Agreement
Choice Guard
Compatibility Pack for the 2007 Office system
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Documentation & Support Launcher
Driver Installer
Games, Music, & Photos Launcher
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Service Offers Launcher
Java(TM) 6 Update 11
Junk Mail filter update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 6.0 Parser (KB927977)
NinjaTrader 6.5
PC Tools AntiVirus 6.0
PowerDVD
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Secure Viewer 2.7
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

12/11/2009 5:43:08 AM, error: Service Control Manager [7000] - The Sierra Wireless MUX NDIS Driver (UMTS80) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/11/2009 5:43:08 AM, error: Service Control Manager [7000] - The RT73 USB Wireless LAN Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Thomas Hugh Pean at 15:04:15.59 on Mon 12/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3167 [GMT -7:00]

AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-24 130936]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-4-24 21904]
R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-4-24 826600]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-17 108160]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-4-24 28560]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-4-17 157696]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]

=============== Created Last 30 ================

2009-12-06 20:28:48 0 d-----w- c:\docume~1\thomas~1\applic~1\Registry Cleaner
2009-11-29 18:01:32 0 d-----w- c:\program files\Trend Micro
2009-11-23 04:06:21 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-23 04:04:32 0 d-----w- c:\program files\Skyhook Wireless
2009-11-23 04:01:20 0 d-----w- c:\program files\MSXML 4.0
2009-11-23 04:01:15 0 d-----w- c:\windows\Downloaded Installations
2009-11-23 04:01:15 0 d-----w- c:\program files\Yahoo!
2009-11-23 04:00:47 0 d-----w- c:\program files\common files\HP
2009-11-23 01:18:25 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools(3)
2009-11-22 22:17:42 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-22 18:15:34 0 d-----w- c:\windows\system32\NtmsData
2009-11-22 18:11:38 0 d-----w- c:\program files\Uniblue
2009-11-22 17:33:50 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-22 17:33:50 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-22 17:33:50 767952 ----a-w- c:\windows\BDTSupport(2).dll
2009-11-22 17:33:50 131 ----a-w- c:\windows\IDB.zip
2009-11-22 17:33:50 1152470 ----a-w- c:\windows\UDB.zip
2009-11-22 17:31:52 0 d-----w- c:\program files\Spyware Doctor

==================== Find3M ====================

2009-12-07 03:02:21 144 ----a-w- c:\docume~1\thomas~1\applic~1\wklnhst.dat
2009-11-03 05:33:06 2143744 ----a-w- C:\1277496.dll
2009-11-03 05:33:06 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-10-25 06:42:16 166369 ----a-w- c:\windows\hpoins28.dat

============= FINISH: 15:04:34.50 ===============

DDS (Ver_09-12-01.01) - NTFSx86
Run by Thomas Hugh Pean at 15:04:15.59 on Mon 12/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3167 [GMT -7:00]

AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-24 130936]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-4-24 21904]
R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-4-24 826600]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-17 108160]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-4-24 28560]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-4-17 157696]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]

=============== Created Last 30 ================

2009-12-06 20:28:48 0 d-----w- c:\docume~1\thomas~1\applic~1\Registry Cleaner
2009-11-29 18:01:32 0 d-----w- c:\program files\Trend Micro
2009-11-23 04:06:21 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-23 04:04:32 0 d-----w- c:\program files\Skyhook Wireless
2009-11-23 04:01:20 0 d-----w- c:\program files\MSXML 4.0
2009-11-23 04:01:15 0 d-----w- c:\windows\Downloaded Installations
2009-11-23 04:01:15 0 d-----w- c:\program files\Yahoo!
2009-11-23 04:00:47 0 d-----w- c:\program files\common files\HP
2009-11-23 01:18:25 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools(3)
2009-11-22 22:17:42 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-22 18:15:34 0 d-----w- c:\windows\system32\NtmsData
2009-11-22 18:11:38 0 d-----w- c:\program files\Uniblue
2009-11-22 17:33:50 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-22 17:33:50 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-22 17:33:50 767952 ----a-w- c:\windows\BDTSupport(2).dll
2009-11-22 17:33:50 131 ----a-w- c:\windows\IDB.zip
2009-11-22 17:33:50 1152470 ----a-w- c:\windows\UDB.zip
2009-11-22 17:31:52 0 d-----w- c:\program files\Spyware Doctor

==================== Find3M ====================

2009-12-07 03:02:21 144 ----a-w- c:\docume~1\thomas~1\applic~1\wklnhst.dat
2009-11-03 05:33:06 2143744 ----a-w- C:\1277496.dll
2009-11-03 05:33:06 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-10-25 06:42:16 166369 ----a-w- c:\windows\hpoins28.dat

============= FINISH: 15:04:34.50 ===============
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Cannot access IE [second laptop]

Unread postby PopaTom » December 15th, 2009, 12:27 am

Hi Deltalima,
Here is the GMER scan. I hope it worked.



GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 21:16:42
Windows 5.1.2600 Service Pack 3
Running: 6g5w6wuw.exe; Driver: C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\fxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9E16514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E05282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E05474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9E16D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9E16FB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9E153FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E17422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9E167D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9E04F32]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd )
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

---- EOF - GMER 1.0.15 ----

I`m not to sure of this . I got a msg telling me "PCTAVSvc.exe had encountered a problem and had to close. I managed to save this but it doesn`t look to me like it would take it two hours to scan that little bit> PopaTom
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Cannot access IE [second laptop]

Unread postby deltalima » December 17th, 2009, 2:37 pm

Hi PopaTom,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\1277496.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Now please repeat the process and Copy/paste this file and path into the white box at the top:
C:\windows\system32\drivers\wpsnuio.sys


And post the results from both scans in your next reply.

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Processes
    explorer.exe
    :Files
    C:\WINDOWS\System32\drivers\etc\hosts
    :commands
    [emptytemp]
    [resethosts]

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please post the results from OTM and the two results from Virustotal in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cannot access IE [second laptop]

Unread postby PopaTom » December 17th, 2009, 10:15 pm

Hello deltalima,
I can not connect to IE on my Laptop to open Virustotal.

I am not sure how or even if I can transfer the .dll file you have requested me to test, from the Laptop to my desktop to be tested.

You requested that I run [color=#0000FF]HostsXpert
in an eariler post and I was unable to complete that request. I explained why in my reply.

I`m sorry if I did not make it clear that the request was never completed. I guess in order to use Virustotal I will have to be able to access the IE on the infected laptop first???

( I have been using my Desktop to communicate with the infected Laptop).
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Cannot access IE [second laptop]

Unread postby deltalima » December 19th, 2009, 7:28 am

Hi PopaTom,

I should have remembered that you have lost Internet access and are transferring files via CD. Please skip the Virustotal and continue with the rest of the instructions as follows.

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Processes
    explorer.exe
    :Files
    C:\WINDOWS\System32\drivers\etc\hosts
    :commands
    [emptytemp]
    [resethosts]

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cannot access IE [second laptop]

Unread postby PopaTom » December 19th, 2009, 11:05 am

Hi deltalima,
This is the OTM scan that you requested.

----------------------------------------------------------------------------------------------

All processes killed
Error: Unable to interpret <:Processess> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
========== FILES ==========
C:\WINDOWS\System32\drivers\etc\hosts moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Carolyn Sue Pean
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Thomas Hugh Pean
->Temp folder emptied: 475681386 bytes
->Temporary Internet Files folder emptied: 12143358 bytes
->Java cache emptied: 420631 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 24622939 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23942546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 43205 bytes

Total Files Cleaned = 512.18 mb

HOSTS file reset successfully

OTM by OldTimer - Version 3.1.2.2 log created on 12192009_074842

Files moved on Reboot...

Registry entries deleted on Reboot...
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Cannot access IE [second laptop]

Unread postby deltalima » December 19th, 2009, 5:25 pm

Hi PopaTom,

Please test Internet Explorer .

If you still get the There was a problem sending command to the program error then please download the setup file from here and transfer via CD to the computer with the problem.

Please run the executable and follow the instructions to install IE7.

Please try the newly installed version and let me know how it is now performing.

Also please run a new HijackThis scan and post the log back here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cannot access IE [second laptop]

Unread postby PopaTom » December 19th, 2009, 11:23 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:44 PM, on 12/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Hi deltalima,
WAHLAAA !!!! Here is the HijackThis file. I am now working from the infected(?) laptop. It feels great. Thank you so much. I will be waiting for further instructions.
--------------------------------------------------------------------------------

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USCON/1
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r203425\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O24 - Desktop Component 0: (no name) - http://www.freshtracks.ca/images/aurora-borealis.jpg

--
End of file - 7377 bytes
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware