Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help !! Internet Explorer Opening on it's own

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help !! Internet Explorer Opening on it's own

Unread postby chrx » January 20th, 2008, 2:33 pm

I could really use some help. I have picked up something that opens internet explorer on it's own and goes to various sites. My system has greatly slowed down, even after running scans and after the removal process :(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:19 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servle ... 1.0000004d
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bvtqfvx - {AA7C8041-642C-40FE-B958-655602F606BC} - (no file)
O21 - SSODL: alxvdvm - {D46A27EB-8185-48F6-A213-94E117D2CEEA} - C:\WINDOWS\alxvdvm.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6898 bytes
chrx
Active Member
 
Posts: 11
Joined: January 3rd, 2008, 6:16 pm
Advertisement
Register to Remove

Re: Help !! Internet Explorer Opening on it's own

Unread postby silver » January 23rd, 2008, 10:50 pm

Hi chrx,

Please print/save a copy of these instructions because we will be using Safe Mode, during which time you won't have access to the internet.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder (usually Start->My Computer->C:->SDFix and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).


Then, download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply


Once complete, please post the SDFix report and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
The logs may not fit into one post so please check that they are complete and use multiple posts if necessary.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Help !! Internet Explorer Opening on it's own

Unread postby chrx » January 24th, 2008, 1:03 am

Deckard's System Scanner v20071014.68
Run by DEBBIE on 2008-01-23 22:46:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-01-24 04:46:55 UTC - RP22 - Deckard's System Scanner Restore Point
21: 2008-01-23 23:26:09 UTC - RP21 - System Checkpoint
20: 2008-01-22 22:26:10 UTC - RP20 - System Checkpoint
19: 2008-01-21 21:39:26 UTC - RP19 - System Checkpoint
18: 2008-01-20 20:58:03 UTC - RP18 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-02 04:12:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as DEBBIE.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:08 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\DEBBIE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DEBBIE.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servle ... 1.0000004d
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6671 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 catchme - c:\docume~1\debbie\locals~1\temp\catchme.sys (file missing)
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless pci card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Belkin 54g Wireless USB Network Adapter Service (Belkin 54g Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe

S4 Advantage (Advantage Database Server) - c:\ecc\ads\ads.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin 802.11g Wireless Card
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_700E1799&REV_00\4&1C660DD6&0&08F0
Manufacturer: Belkin Components
Name: Belkin 802.11g Wireless Card
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_700E1799&REV_00\4&1C660DD6&0&08F0
Service: RT61


-- Scheduled Tasks -------------------------------------------------------------

2008-01-23 05:30:00 326 --a------ C:\WINDOWS\Tasks\One Button Checkup.job
2008-01-17 20:00:00 578 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - DEBBIE.job


-- Files created between 2007-12-23 and 2008-01-23 -----------------------------

2008-01-23 22:28:00 0 d-------- C:\WINDOWS\ERUNT
2008-01-21 21:04:02 0 dr-h----- C:\Documents and Settings\DEBBIE\Recent
2008-01-20 12:13:00 0 d-------- C:\Program Files\Trend Micro
2008-01-20 08:57:15 0 d-------- C:\Documents and Settings\DEBBIE\Application Data\Grisoft
2008-01-01 13:28:35 0 d-------- C:\Program Files\a-squared Free
2007-12-31 16:35:59 0 d-------- C:\Program Files\MSBuild
2007-12-31 16:33:41 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-12-31 16:32:42 0 d-------- C:\Program Files\Reference Assemblies
2007-12-31 16:31:53 0 d-------- C:\e4433d1bd7ee27326b8c171224
2007-12-30 21:28:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-30 21:28:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-30 21:28:46 0 d-------- C:\Documents and Settings\DEBBIE\Application Data\SUPERAntiSpyware.com
2007-12-30 21:28:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 17:46:11 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-29 17:46:11 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-29 17:46:11 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-29 17:46:11 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-29 17:46:11 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-29 11:06:21 0 d--hs---- C:\found.000
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-28 22:18:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-28 22:18:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-28 22:18:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-28 22:18:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-28 22:18:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-28 22:18:44 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-28 22:18:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-28 22:18:44 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-28 22:18:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-28 22:18:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-28 22:18:44 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-28 22:18:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-28 22:18:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-12-28 21:14:45 966 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 20:04:45 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-27 19:32:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 19:30:23 0 d-------- C:\Program Files\Lavasoft
2007-12-27 07:05:49 0 d-------- C:\Program Files\RogueRemover FREE


-- Find3M Report ---------------------------------------------------------------

2008-01-23 22:48:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-20 11:32:49 0 d-------- C:\Program Files\CCleaner
2007-12-30 21:28:19 0 d-------- C:\Program Files\Common Files
2007-12-27 19:30:42 0 d-------- C:\Documents and Settings\DEBBIE\Application Data\Lavasoft
2007-12-27 18:59:17 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-27 18:59:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-15 16:09:46 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-15 11:46:06 0 d-------- C:\Program Files\MSXML 6.0
2007-12-15 11:28:41 0 d-------- C:\Program Files\Symantec
2007-12-15 11:03:53 0 dr-h----- C:\Documents and Settings\DEBBIE\Application Data\yahoo!
2007-12-15 10:46:19 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/28/2003 02:19 PM]
"nwiz"="nwiz.exe" [07/28/2003 02:19 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/17/2006 04:23 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 03:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 11:59 PM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 01:11 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/10/2005 04:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
@=C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servle ... 1.0000004d

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\DEBBIE\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 8:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
DESKTOP.INI [9/3/2002 8:00:00 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/2/2007 8:03:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=C:\WINDOWS\pss\APC UPS Status.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk
backup=C:\WINDOWS\pss\Belkin Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3217c3fb-0832-11da-bdb5-0007e98f87ce}]
AutoRun\command- JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94b5cbee-0781-11da-bdac-0007e98f87ce}]
AutoRun\command- JDSecure\Windows\JDSecure31.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2008-01-23 22:49:43 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023 MiB / 555.05 MiB
Pagefile Memory (total/avail): 1312.28 MiB / 890.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.98 MiB

C: is Fixed (NTFS) - 37.21 GiB total, 21.7 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75DEA0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:





Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 13 Sep 2004 94,458 ...H. --- "C:\Program Files\Nero\data\Nero PhotoShow Express.exe"
Wed 24 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT112E.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT1242.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT1340.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT142B.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT1506.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT15D5.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT1696.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT174D.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT17FB.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT18A2.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT7E.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BITC58.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BITE3E.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BITFC5.tmp"
Wed 24 Sep 2003 4,438 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Des5.tmp"
Fri 26 Sep 2003 7,318 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Off2.tmp"
Fri 26 Sep 2003 7,318 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Off3.tmp"
Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!
chrx
Active Member
 
Posts: 11
Joined: January 3rd, 2008, 6:16 pm

Re: Help !! Internet Explorer Opening on it's own

Unread postby silver » January 24th, 2008, 1:20 am

Hi chrx,

It looks like a couple of the reports have been cut off. Please re-post the DSS extra.txt and the SDFix report. You should be able to find them here:

C:\Deckard\System Scanner\extra.txt
C:\SDFix\Report.txt
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Help !! Internet Explorer Opening on it's own

Unread postby chrx » January 24th, 2008, 9:50 am

SDFix: Version 1.131

Run by DEBBIE on Wed 01/23/2008 at 10:29 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\DEBBIE\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 22:37:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 13 Sep 2004 94,458 ...H. --- "C:\Program Files\Nero\data\Nero PhotoShow Express.exe"
Wed 24 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT112E.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT1242.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT1340.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT142B.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT1506.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT15D5.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT1696.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT174D.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT17FB.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT18A2.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BIT7E.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BITC58.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BITE3E.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\Documents and Settings\DEBBIE\Local Settings\Temp\BITFC5.tmp"
Wed 24 Sep 2003 4,438 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Des5.tmp"
Fri 26 Sep 2003 7,318 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Off2.tmp"
Fri 26 Sep 2003 7,318 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Off3.tmp"
Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 10 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!
Deckard's System Scanner v20071014.68
Run by DEBBIE on 2008-01-23 22:46:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-01-24 04:46:55 UTC - RP22 - Deckard's System Scanner Restore Point
21: 2008-01-23 23:26:09 UTC - RP21 - System Checkpoint
20: 2008-01-22 22:26:10 UTC - RP20 - System Checkpoint
19: 2008-01-21 21:39:26 UTC - RP19 - System Checkpoint
18: 2008-01-20 20:58:03 UTC - RP18 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-02 04:12:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as DEBBIE.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:08 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\DEBBIE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DEBBIE.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servle ... 1.0000004d
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6671 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 catchme - c:\docume~1\debbie\locals~1\temp\catchme.sys (file missing)
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless pci card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Belkin 54g Wireless USB Network Adapter Service (Belkin 54g Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe

S4 Advantage (Advantage Database Server) - c:\ecc\ads\ads.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin 802.11g Wireless Card
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_700E1799&REV_00\4&1C660DD6&0&08F0
Manufacturer: Belkin Components
Name: Belkin 802.11g Wireless Card
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_700E1799&REV_00\4&1C660DD6&0&08F0
Service: RT61


-- Scheduled Tasks -------------------------------------------------------------

2008-01-23 05:30:00 326 --a------ C:\WINDOWS\Tasks\One Button Checkup.job
2008-01-17 20:00:00 578 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - DEBBIE.job


-- Files created between 2007-12-23 and 2008-01-23 -----------------------------

2008-01-23 22:28:00 0 d-------- C:\WINDOWS\ERUNT
2008-01-21 21:04:02 0 dr-h----- C:\Documents and Settings\DEBBIE\Recent
2008-01-20 12:13:00 0 d-------- C:\Program Files\Trend Micro
2008-01-20 08:57:15 0 d-------- C:\Documents and Settings\DEBBIE\Application Data\Grisoft
2008-01-01 13:28:35 0 d-------- C:\Program Files\a-squared Free
2007-12-31 16:35:59 0 d-------- C:\Program Files\MSBuild
2007-12-31 16:33:41 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-12-31 16:32:42 0 d-------- C:\Program Files\Reference Assemblies
2007-12-31 16:31:53 0 d-------- C:\e4433d1bd7ee27326b8c171224
2007-12-30 21:28:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-30 21:28:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-30 21:28:46 0 d-------- C:\Documents and Settings\DEBBIE\Application Data\SUPERAntiSpyware.com
2007-12-30 21:28:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 17:46:11 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-29 17:46:11 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-29 17:46:11 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-29 17:46:11 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-29 17:46:11 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-29 11:06:21 0 d--hs---- C:\found.000
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-28 22:18:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-28 22:18:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-28 22:18:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-28 22:18:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-28 22:18:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-28 22:18:44 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-28 22:18:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-28 22:18:44 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-28 22:18:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-28 22:18:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-28 22:18:44 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-28 22:18:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-28 22:18:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-28 22:18:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-12-28 21:14:45 966 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 20:04:45 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-27 19:32:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 19:30:23 0 d-------- C:\Program Files\Lavasoft
2007-12-27 07:05:49 0 d-------- C:\Program Files\RogueRemover FREE


-- Find3M Report ---------------------------------------------------------------

2008-01-23 22:48:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-20 11:32:49 0 d-------- C:\Program Files\CCleaner
2007-12-30 21:28:19 0 d-------- C:\Program Files\Common Files
2007-12-27 19:30:42 0 d-------- C:\Documents and Settings\DEBBIE\Application Data\Lavasoft
2007-12-27 18:59:17 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-27 18:59:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-15 16:09:46 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-15 11:46:06 0 d-------- C:\Program Files\MSXML 6.0
2007-12-15 11:28:41 0 d-------- C:\Program Files\Symantec
2007-12-15 11:03:53 0 dr-h----- C:\Documents and Settings\DEBBIE\Application Data\yahoo!
2007-12-15 10:46:19 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/28/2003 02:19 PM]
"nwiz"="nwiz.exe" [07/28/2003 02:19 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/17/2006 04:23 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 03:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 11:59 PM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 01:11 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/10/2005 04:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
@=C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servle ... 1.0000004d

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\DEBBIE\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 8:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
DESKTOP.INI [9/3/2002 8:00:00 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/2/2007 8:03:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=C:\WINDOWS\pss\APC UPS Status.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk
backup=C:\WINDOWS\pss\Belkin Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3217c3fb-0832-11da-bdb5-0007e98f87ce}]
AutoRun\command- JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94b5cbee-0781-11da-bdac-0007e98f87ce}]
AutoRun\command- JDSecure\Windows\JDSecure31.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2008-01-23 22:49:43 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023 MiB / 555.05 MiB
Pagefile Memory (total/avail): 1312.28 MiB / 890.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.98 MiB

C: is Fixed (NTFS) - 37.21 GiB total, 21.7 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75DEA0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DEBBIE\Application Data
CLASSPATH="C\QTJava.zip"
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEBORAH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DEBBIE
LOGONSERVER=\\DEBORAH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA="C\QTJava.zip"
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DEBBIE\LOCALS~1\Temp
TMP=C:\DOCUME~1\DEBBIE\LOCALS~1\Temp
USERDOMAIN=DEBORAH
USERNAME=DEBBIE
USERPROFILE=C:\Documents and Settings\DEBBIE
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

DEBBIE (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Gateway --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3301464-BA26-11D3-8D89-00D0B7218812}\setup.exe" -l0x9 FromAddRemove
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Advantage Database Server for Windows NT/2000 --> C:\WINDOWS\uninst.exe -fC:\ECC\ADS\DeIsL1.isu
All-Pro Software StatTrak Address Manager Demo 3.1 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\All-Pro Software\StatTrak Address Manager\Deploy.log"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belkin 802.11g Wireless PCI Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4BA782D-AE40-48A4-B160-652DA8D9B7C3}\Setup.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Conexant SmartHSFi V92 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
DAO --> MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
EPSON EPIC --> C:\Program Files\epic\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Lexmark Printer Software Uninstall --> C:\Program Files\Lexmark\Install\Uninstall.exe
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero PhotoShow Express --> "C:\Program Files\Nero\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OLYMPUS CAMEDIA Master 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe"
PerformanceTest v5.0 --> "C:\Program Files\PerformanceTest\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Basic 2005 --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="basic" QBFULLNAME="QuickBooks Basic 2005" ADDREMOVE=1
Quicken 2002 New User Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type33338 / Error
Event Submitted/Written: 01/20/2008 11:45:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33337 / Error
Event Submitted/Written: 01/20/2008 11:45:30 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33336 / Error
Event Submitted/Written: 01/20/2008 11:44:35 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33335 / Error
Event Submitted/Written: 01/20/2008 11:36:36 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application YBrowser.exe, version 2006.8.11.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33318 / Error
Event Submitted/Written: 01/20/2008 11:04:53 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type72553 / Warning
Event Submitted/Written: 01/23/2008 10:34:31 PM / 01/23/2008 10:35:01 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type72550 / Error
Event Submitted/Written: 01/23/2008 10:27:32 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AVG Anti-Spyware Driver
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
SPBBCDrv
SRTSPX
SYMTDI
Tcpip

Event Record #/Type72549 / Error
Event Submitted/Written: 01/23/2008 10:27:32 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type72548 / Error
Event Submitted/Written: 01/23/2008 10:27:32 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31

Event Record #/Type72547 / Error
Event Submitted/Written: 01/23/2008 10:27:32 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-01-23 22:49:43 ------------
chrx
Active Member
 
Posts: 11
Joined: January 3rd, 2008, 6:16 pm

Re: Help !! Internet Explorer Opening on it's own

Unread postby silver » January 24th, 2008, 10:49 pm

Hi chrx,

You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player.
To remove, open Start->Control Panel->Add/Remove Programs find Viewpoint Media Player (Remove Only) and select Remove

You have Ad-Aware SE Personal installed - this program is no longer supported so you should remove it and install the current version, which is Ad-Aware 2007. It is available from here:
http://www.lavasoft.com/products/ad_aware_free.php

Open HijackThis, choose Do a system scan only, there are two optional entries to remove:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Some Internet Explorer control panel items have been restricted, this may have been put in place for your protection by Spybot S&D. If not, or you wish to remove the restrictions anyway, please check this line.

Any sites in your Trusted Zone are a security risk, so unless you need this for Windows Update to work correctly, then please check this line.

If you checked one or both lines, then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.
If you checked neither line then just close HijackThis.


Make hidden/system files and folders visible:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

Use Windows Explorer (right-click Start, select Explore) to find and delete the following file:
C:\WINDOWS\alxvdvm.dll
If you have trouble deleting it, please let me know in your next response.


Next please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.


Once complete, please post the Kaspersky report and a new HijackThis log. Also, tell me how your computer is running.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Help !! Internet Explorer Opening on it's own

Unread postby chrx » January 25th, 2008, 7:59 am

KASPERSKY ONLINE SCANNER REPORT
Friday, January 25, 2008 5:42:07 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 531905


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 67833
Number of viruses found 2
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 01:13:14

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0772E0F1.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\70E2871C.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped

C:\Documents and Settings\DEBBIE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\DEBBIE\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\DEBBIE\Desktop\Zip files\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\DEBBIE\Desktop\Zip files\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\DEBBIE\Desktop\Zip files\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\DEBBIE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\DEBBIE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\DEBBIE\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\DEBBIE\Local Settings\Temp\BITFC5.tmp Object is locked skipped

C:\Documents and Settings\DEBBIE\Local Settings\Temp\Perflib_Perfdata_f28.dat Object is locked skipped

C:\Documents and Settings\DEBBIE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\DEBBIE\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\DEBBIE\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\RECYCLER\NPROTECT\00009289.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009292.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009295.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009298.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009301.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009304.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009307.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009331.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00009332.log Object is locked skipped

C:\RECYCLER\NPROTECT\00009350.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00009389.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00009397.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00009411.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00009436.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00009437.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00009526.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009527.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00009528.exe Object is locked skipped

C:\RECYCLER\NPROTECT\00009529.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00009530.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00009531.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00009532.grd Object is locked skipped

C:\RECYCLER\NPROTECT\00009533.sig Object is locked skipped

C:\RECYCLER\NPROTECT\00009534.spm Object is locked skipped

C:\RECYCLER\NPROTECT\00009535.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00009536.BIN Object is locked skipped

C:\RECYCLER\NPROTECT\00009537 Object is locked skipped

C:\RECYCLER\NPROTECT\00009538.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00009539.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00009540.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00009541.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00009542.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00009543.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00009544.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00009545.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00009546.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00009547.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009548.CAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009549.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00009550.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00009551.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00009552.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009553.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009554.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009555.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009556.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00009557.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009558.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009559.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009560.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009561.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009562.GRD Object is locked skipped

C:\RECYCLER\NPROTECT\00009563.SIG Object is locked skipped

C:\RECYCLER\NPROTECT\00009564.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00009565.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009566.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009567.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009568.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009569.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009570.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009571.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009572.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009573.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009574.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009575.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00009576.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009604.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00009633.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009636.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009639.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009642.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009645.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009648.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009651.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00009669.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00009689.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00009697.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00009711.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00009733.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00009734.log Object is locked skipped

C:\RECYCLER\NPROTECT\00009756.XLS Object is locked skipped

C:\RECYCLER\NPROTECT\00009759.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009764.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00009766.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00009770.KC Object is locked skipped

C:\RECYCLER\NPROTECT\00009831.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009832.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00009833.exe Object is locked skipped

C:\RECYCLER\NPROTECT\00009834.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00009835.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00009836.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00009837.grd Object is locked skipped

C:\RECYCLER\NPROTECT\00009838.sig Object is locked skipped

C:\RECYCLER\NPROTECT\00009839.spm Object is locked skipped

C:\RECYCLER\NPROTECT\00009840.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00009841.BIN Object is locked skipped

C:\RECYCLER\NPROTECT\00009842 Object is locked skipped

C:\RECYCLER\NPROTECT\00009843.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00009844.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00009845.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00009846.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00009847.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00009848.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00009849.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00009850.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00009851.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00009852.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009853.CAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009854.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00009855.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00009856.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00009857.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009858.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009859.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009860.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009861.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00009862.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009863.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009864.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009865.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009866.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009867.GRD Object is locked skipped

C:\RECYCLER\NPROTECT\00009868.SIG Object is locked skipped

C:\RECYCLER\NPROTECT\00009869.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00009870.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009871.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009872.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009873.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009874.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009875.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009876.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009877.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009878.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009879.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009880.dat Object is locked skipped

C:\RECYCLER\NPROTECT\00009881.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00009882.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00009884.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00009891.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00009892.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00009968.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010034.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00010042.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00010056._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010057._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010058._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010059._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010060._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010061._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010062._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010063._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010064._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010065._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010066._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010067._P Object is locked skipped

C:\RECYCLER\NPROTECT\00010068 Object is locked skipped

C:\RECYCLER\NPROTECT\00010069.CAB Object is locked skipped

C:\RECYCLER\NPROTECT\00010070.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00010071.pnf Object is locked skipped

C:\RECYCLER\NPROTECT\00010072.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00010074.CAB Object is locked skipped

C:\RECYCLER\NPROTECT\00010075.STA Object is locked skipped

C:\RECYCLER\NPROTECT\00010076.STA Object is locked skipped

C:\RECYCLER\NPROTECT\00010077.dll Object is locked skipped

C:\RECYCLER\NPROTECT\00010078.BLO Object is locked skipped

C:\RECYCLER\NPROTECT\00010079.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00010080.pnf Object is locked skipped

C:\RECYCLER\NPROTECT\00010081.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00010083.dll Object is locked skipped

C:\RECYCLER\NPROTECT\00010084.BLO Object is locked skipped

C:\RECYCLER\NPROTECT\00010085.dll Object is locked skipped

C:\RECYCLER\NPROTECT\00010086.exe Object is locked skipped

C:\RECYCLER\NPROTECT\00010087.req Object is locked skipped

C:\RECYCLER\NPROTECT\00010088.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00010089.txt Object is locked skipped

C:\RECYCLER\NPROTECT\00010090.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00010091.dll Object is locked skipped

C:\RECYCLER\NPROTECT\00010092.exe Object is locked skipped

C:\RECYCLER\NPROTECT\00010093.url Object is locked skipped

C:\RECYCLER\NPROTECT\00010094.ver Object is locked skipped

C:\RECYCLER\NPROTECT\00010095.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00010096.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00010097.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00010098.dll Object is locked skipped

C:\RECYCLER\NPROTECT\00010100.PSM Object is locked skipped

C:\RECYCLER\NPROTECT\00010101.STA Object is locked skipped

C:\RECYCLER\NPROTECT\00010102.STA Object is locked skipped

C:\RECYCLER\NPROTECT\00010103.STA Object is locked skipped

C:\RECYCLER\NPROTECT\00010104.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00010110.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00010111.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00010138.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00010139.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00010150.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00010151.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00010195.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010198.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010201.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010204.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010207.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010210.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010213.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010231.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00010232.log Object is locked skipped

C:\RECYCLER\NPROTECT\00010242.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010243.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010244.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010245.dll Object is locked skipped

C:\RECYCLER\NPROTECT\00010246.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00010247.pnf Object is locked skipped

C:\RECYCLER\NPROTECT\00010248.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00010252.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00010324.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00010328.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00010329.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00010366.OLD Object is locked skipped

C:\RECYCLER\NPROTECT\00010369.qbI Object is locked skipped

C:\RECYCLER\NPROTECT\00010464.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010465.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010466.exe Object is locked skipped

C:\RECYCLER\NPROTECT\00010467.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00010468.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010469.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00010470.grd Object is locked skipped

C:\RECYCLER\NPROTECT\00010471.sig Object is locked skipped

C:\RECYCLER\NPROTECT\00010472.spm Object is locked skipped

C:\RECYCLER\NPROTECT\00010473.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00010474.BIN Object is locked skipped

C:\RECYCLER\NPROTECT\00010475 Object is locked skipped

C:\RECYCLER\NPROTECT\00010476.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00010477.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00010478.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00010479.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010480.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00010481.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00010482.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00010483.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010484.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00010485.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010486.CAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010487.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00010488.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00010489.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00010490.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010491.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010492.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010493.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010494.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00010495.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010496.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010497.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010498.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010499.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010500.GRD Object is locked skipped

C:\RECYCLER\NPROTECT\00010501.SIG Object is locked skipped

C:\RECYCLER\NPROTECT\00010502.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00010503.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010504.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010505.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010506.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010507.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010508.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010509.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010510.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010511.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010512.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010513.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00010514.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010525.qbI Object is locked skipped

C:\RECYCLER\NPROTECT\00010526.XLS Object is locked skipped

C:\RECYCLER\NPROTECT\00010542.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00010550.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00010564.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00010569.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00010640.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010643.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010646.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010650.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010653.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010656.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010659.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00010664.old Object is locked skipped

C:\RECYCLER\NPROTECT\00010762.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00010766.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00010767.log Object is locked skipped

C:\RECYCLER\NPROTECT\00010781.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00010782.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00010819.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00010827.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00010841.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00010919.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010920.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010921.exe Object is locked skipped

C:\RECYCLER\NPROTECT\00010922.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00010923.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010924.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00010925.grd Object is locked skipped

C:\RECYCLER\NPROTECT\00010926.sig Object is locked skipped

C:\RECYCLER\NPROTECT\00010927.spm Object is locked skipped

C:\RECYCLER\NPROTECT\00010928.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00010929.BIN Object is locked skipped

C:\RECYCLER\NPROTECT\00010930 Object is locked skipped

C:\RECYCLER\NPROTECT\00010931.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00010932.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00010933.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00010934.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010935.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00010936.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00010937.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00010938.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00010939.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00010940.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010941.CAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010942.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00010943.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00010944.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00010945.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010946.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010947.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010948.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010949.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00010950.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010951.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010952.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010953.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010954.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010955.GRD Object is locked skipped

C:\RECYCLER\NPROTECT\00010956.SIG Object is locked skipped

C:\RECYCLER\NPROTECT\00010957.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00010958.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010959.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010960.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010961.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010962.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010963.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010964.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010965.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010966.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010967.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00010968.dat Object is locked skipped

C:\RECYCLER\NPROTECT\00010969.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00010970.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011086.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011089.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011092.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011095.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011098.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011101.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011104.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011195.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00011203.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00011218.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00011229.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00011230.log Object is locked skipped

C:\RECYCLER\NPROTECT\00011293.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011294.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011295.exe Object is locked skipped

C:\RECYCLER\NPROTECT\00011296.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00011297.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011298.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00011299.grd Object is locked skipped

C:\RECYCLER\NPROTECT\00011300.sig Object is locked skipped

C:\RECYCLER\NPROTECT\00011301.spm Object is locked skipped

C:\RECYCLER\NPROTECT\00011302.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00011303.BIN Object is locked skipped

C:\RECYCLER\NPROTECT\00011304 Object is locked skipped

C:\RECYCLER\NPROTECT\00011305.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00011306.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00011307.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00011308.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011309.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00011310.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00011311.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00011312.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011313.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00011314.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011315.CAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011316.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00011317.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00011318.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00011319.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011320.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011321.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011322.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011323.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00011324.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011325.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011326.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011327.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011328.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011329.GRD Object is locked skipped

C:\RECYCLER\NPROTECT\00011330.SIG Object is locked skipped

C:\RECYCLER\NPROTECT\00011331.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00011332.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011333.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011334.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011335.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011336.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011337.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011338.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011339.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011340.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011341.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011342.dat Object is locked skipped

C:\RECYCLER\NPROTECT\00011343.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00011344.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011353.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00011361.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00011362.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00011491.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011494.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011497.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011499 Object is locked skipped

C:\RECYCLER\NPROTECT\00011501.QBC Object is locked skipped

C:\RECYCLER\NPROTECT\00011504.OLD Object is locked skipped

C:\RECYCLER\NPROTECT\00011505.$OR Object is locked skipped

C:\RECYCLER\NPROTECT\00011506.dat Object is locked skipped

C:\RECYCLER\NPROTECT\00011507.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011508.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011509.usa Object is locked skipped

C:\RECYCLER\NPROTECT\00011510.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011511.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011512.usa Object is locked skipped

C:\RECYCLER\NPROTECT\00011513.GIF Object is locked skipped

C:\RECYCLER\NPROTECT\00011514.GIF Object is locked skipped

C:\RECYCLER\NPROTECT\00011515.GIF Object is locked skipped

C:\RECYCLER\NPROTECT\00011516.GIF Object is locked skipped

C:\RECYCLER\NPROTECT\00011517.GIF Object is locked skipped

C:\RECYCLER\NPROTECT\00011518.GIF Object is locked skipped

C:\RECYCLER\NPROTECT\00011519.GIF Object is locked skipped

C:\RECYCLER\NPROTECT\00011520.GIF Object is locked skipped

C:\RECYCLER\NPROTECT\00011521.XLT Object is locked skipped

C:\RECYCLER\NPROTECT\00011522.XML Object is locked skipped

C:\RECYCLER\NPROTECT\00011523.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011524.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011525.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011526.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011527.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011528.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011529.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011530.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011531.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011532.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011533.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011534.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011535.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011536.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011537.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011538.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011539.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011540.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011541.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011542.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011543.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011544.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011545.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011546.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011547.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011548.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011549.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011550.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011551.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011552.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011553.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011554.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011555.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011556.HTM Object is locked skipped

C:\RECYCLER\NPROTECT\00011557.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011558.qin Object is locked skipped

C:\RECYCLER\NPROTECT\00011559.QIN Object is locked skipped

C:\RECYCLER\NPROTECT\00011560.QIN Object is locked skipped

C:\RECYCLER\NPROTECT\00011561.qin Object is locked skipped

C:\RECYCLER\NPROTECT\00011562.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011563.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011564.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011565.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011566.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011567.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011568 Object is locked skipped

C:\RECYCLER\NPROTECT\00011570.QBC Object is locked skipped

C:\RECYCLER\NPROTECT\00011573.$OR Object is locked skipped

C:\RECYCLER\NPROTECT\00011574.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011575.CFG Object is locked skipped

C:\RECYCLER\NPROTECT\00011576.CHM Object is locked skipped

C:\RECYCLER\NPROTECT\00011577.1PH Object is locked skipped

C:\RECYCLER\NPROTECT\00011578.1PH Object is locked skipped

C:\RECYCLER\NPROTECT\00011579.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011580.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011581.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011582.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011583.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011584.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011585.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011586.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011587.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011588.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011589.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011590.1PE Object is locked skipped

C:\RECYCLER\NPROTECT\00011591.XML Object is locked skipped

C:\RECYCLER\NPROTECT\00011592.qin Object is locked skipped

C:\RECYCLER\NPROTECT\00011593.QIN Object is locked skipped

C:\RECYCLER\NPROTECT\00011594.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011595.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011596.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011597.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011598.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011599.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011603 Object is locked skipped

C:\RECYCLER\NPROTECT\00011605.QBC Object is locked skipped

C:\RECYCLER\NPROTECT\00011608.$OR Object is locked skipped

C:\RECYCLER\NPROTECT\00011609.$OR Object is locked skipped

C:\RECYCLER\NPROTECT\00011610.XML Object is locked skipped

C:\RECYCLER\NPROTECT\00011611.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011612.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011613.QIN Object is locked skipped

C:\RECYCLER\NPROTECT\00011614.qin Object is locked skipped

C:\RECYCLER\NPROTECT\00011615.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011616.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011617.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011618.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011619.LCK Object is locked skipped

C:\RECYCLER\NPROTECT\00011620.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011623.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00011632.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00011633.log Object is locked skipped

C:\RECYCLER\NPROTECT\00011698.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00011706.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00011720.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00011731.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011760.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00011768.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00011769.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00011857.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011858.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011859.exe Object is locked skipped

C:\RECYCLER\NPROTECT\00011860.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00011861.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011862.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00011863.grd Object is locked skipped

C:\RECYCLER\NPROTECT\00011864.sig Object is locked skipped

C:\RECYCLER\NPROTECT\00011865.spm Object is locked skipped

C:\RECYCLER\NPROTECT\00011866.sys Object is locked skipped

C:\RECYCLER\NPROTECT\00011867.BIN Object is locked skipped

C:\RECYCLER\NPROTECT\00011868 Object is locked skipped

C:\RECYCLER\NPROTECT\00011869.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00011870.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00011871.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00011872.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011873.EXP Object is locked skipped

C:\RECYCLER\NPROTECT\00011874.SYS Object is locked skipped

C:\RECYCLER\NPROTECT\00011875.VXD Object is locked skipped

C:\RECYCLER\NPROTECT\00011876.DLL Object is locked skipped

C:\RECYCLER\NPROTECT\00011877.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00011878.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011879.CAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011880.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00011881.cat Object is locked skipped

C:\RECYCLER\NPROTECT\00011882.inf Object is locked skipped

C:\RECYCLER\NPROTECT\00011883.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011884.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011885.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011886.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011887.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00011888.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011889.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011890.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011891.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011892.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011893.GRD Object is locked skipped

C:\RECYCLER\NPROTECT\00011894.SIG Object is locked skipped

C:\RECYCLER\NPROTECT\00011895.INF Object is locked skipped

C:\RECYCLER\NPROTECT\00011896.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011897.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011898.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011899.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011900.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011901.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011902.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011903.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011904.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011905.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011906.dat Object is locked skipped

C:\RECYCLER\NPROTECT\00011907.TXT Object is locked skipped

C:\RECYCLER\NPROTECT\00011908.DAT Object is locked skipped

C:\RECYCLER\NPROTECT\00011994.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00012013.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00012016.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00012019.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00012022.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00012025.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00012028.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00012031.QFN Object is locked skipped

C:\RECYCLER\NPROTECT\00012037.old Object is locked skipped

C:\RECYCLER\NPROTECT\00012073.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00012081.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00012094.log Object is locked skipped

C:\RECYCLER\NPROTECT\00012099.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00012100.log Object is locked skipped

C:\RECYCLER\NPROTECT\00012149.XLS Object is locked skipped

C:\RECYCLER\NPROTECT\00012154.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00012158.xml Object is locked skipped

C:\RECYCLER\NPROTECT\00012159.log Object is locked skipped

C:\RECYCLER\NPROTECT\00012163.KC Object is locked skipped

C:\RECYCLER\NPROTECT\00012173.edb Object is locked skipped

C:\RECYCLER\NPROTECT\00012196.XLS Object is locked skipped

C:\RECYCLER\NPROTECT\00012210.C$$ Object is locked skipped

C:\RECYCLER\NPROTECT\00012211.cfg Object is locked skipped

C:\RECYCLER\NPROTECT\00012258.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00012266.cab Object is locked skipped

C:\RECYCLER\NPROTECT\00012281.edb Object is locked skipped

C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci\0001000E.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0000208.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0000219.exe Infected: not-a-virus:AdWare.Win32.Vapsup.vq skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{D2015DA8-3EB2-4082-8188-562BC29D28E1}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:37 AM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servle ... 1.0000004d
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

:| Silver ...I could not find in Windows Explorer or in Search the file to delete called C:WINDOWS\alxvdvmdll Please give me another hint where and how to delet THANKS A BUNCH
--
End of file - 6630 bytes
chrx
Active Member
 
Posts: 11
Joined: January 3rd, 2008, 6:16 pm

Re: Help !! Internet Explorer Opening on it's own

Unread postby silver » January 25th, 2008, 8:43 am

Hi chrx,

That file is probably no longer there but we'll double-check as follows:
Press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
cmd /c dir c:\alxvdvm.dll /a /s >> "%userprofile%\desktop\look.txt"
A black box will open and a file will appear on your Desktop called look.txt.
Please wait until the black box closes before opening look.txt, then post the contents of look.txt in your next response.

Please now delete SDFix.exe from your Desktop, as well as this folder:
C:\SDFix

Also, open the Zip files folder on your Desktop and delete SmitfraudFix.exe


Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Press OK and Yes to confirm


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Once complete, please post the look.txt results and let me know how your computer is running.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Help !! Internet Explorer Opening on it's own

Unread postby chrx » January 25th, 2008, 9:53 am

Good Moring Silver

Help.txt
Volume in drive C has no label.
Volume Serial Number is 2826-33F4

The OS has seemed to returned to normal speed and intenet explore has not opened on it's own lately. One bug I do remember was called b2adz this went to a particular website IP address on it's own and brought back all kinds of popups. I disconnected from internet and scanned and cleaned for 2 weeks after which when I replugged the internet I was reinfected, that's when I contacted your services. Only time will tell as I have been plugged in for about 12 hours without a problem

:twisted: After running spybot I am still getting Microsoft.WindowsSecurityCenter_disabled

I seen this since day one of my probs, any suggestions
Thanks
chrx
chrx
chrx
Active Member
 
Posts: 11
Joined: January 3rd, 2008, 6:16 pm

Re: Help !! Internet Explorer Opening on it's own

Unread postby silver » January 25th, 2008, 10:19 pm

Hi chrx,

It sounds like the Security Center is disabled. Let's try re-enabling it:

Next press Start->Run, type services.msc into the box and press OK
Scroll down the list, locate the entry for Security Center and double-click it.
Next to Startup Type, change the setting to Automatic (if it is not already set)
Then press OK and close the Services console.

Next, select Start->Control Panel->Security Center
Under Resources on the left, click Change the way Security Center alerts me
Make sure all three boxes are checked and press OK

This should hopefully resolve the problem, please run Spybot and see if it still gives you that report.


Re-hide hidden/system files and folders:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Press OK

At this stage I think your machine is clean of malware :) here are some tips to help you keep it that way:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule

You have good protection software installed however please ensure it is kept up to date. Check that your antivirus and antispyware programs are set to automatically update themselves daily, and that your firewall is the latest version.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Help !! Internet Explorer Opening on it's own

Unread postby chrx » January 26th, 2008, 10:14 am

Hi Silver
The system is working at a great speed again with no popups or any real issues. However on a reboot Windows Security Center DOES NOT automatically startup. I have checked this several times and it requires siwtching from a DIABLED MODE to AUTOMATIC mode and then Starting the sevice and it will stay running until a reboot, then becomes diabled again. Any suggestions :?:
chrx
Active Member
 
Posts: 11
Joined: January 3rd, 2008, 6:16 pm

Re: Help !! Internet Explorer Opening on it's own

Unread postby silver » January 27th, 2008, 12:08 am

Hi chrx,

Please have a look in Norton Internet Security for a setting called "Show Messages from Windows Security Center" - if this box is not checked then check this box.

Then re-enable the Security Center service again using the previous instructions and reboot. Let me know if this helps.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Help !! Internet Explorer Opening on it's own

Unread postby chrx » January 28th, 2008, 5:56 pm

Hi Silver
I have done some research and have checked my computers and some friends that subscribe to AT&T telephone DSL services and we get Norton Antivirus as a freebee and when we compared we all got the same DIABLED WindowsSecurityCenter warning

This is the way I see it.
Instead of just disabling the Anti Virus Windows Security Center alerts.
The Norton software disables the whole Windows Security center.

(Norton checks on start-up and won't let it or stops the WSC start up, as it would be redundant.)
http://www.microsoft.com/windowsxp/usin ... lerts.mspx

Let me know what you think

I don't think it should be a problem.
chrx
Active Member
 
Posts: 11
Joined: January 3rd, 2008, 6:16 pm

Re: Help !! Internet Explorer Opening on it's own

Unread postby silver » January 29th, 2008, 6:19 am

Yes that is basically what I found also, and it shouldn't be a problem as long as your security software is turned on and updated. However, if that setting I mentioned exists you may be able to turn it back on if you wish.

If you have any other questions or issues please let me know :)
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Help !! Internet Explorer Opening on it's own

Unread postby chrx » January 29th, 2008, 8:34 am

Thanks so very much for all your help. Malremoveral.com has been a wealth of knowlege and help, I have learned so very much under your guidance. I just wanted to make this last post so that you can consider my issues solved and move on to help others.

Thanks again

CHRX MISSOURI :lol:
chrx
Active Member
 
Posts: 11
Joined: January 3rd, 2008, 6:16 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware