Firefox Hangs & Various Programs Will Not Update (Trojan Infection)
 
  Tweaks.com
 Home    Members    Calendar    Who's On    
Search
    Main Site
 


Home » Windows & System Security » HiJack This Logs » Firefox Hangs & Various Programs Will Not...


Firefox Hangs & Various Programs Will Not...Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
knight1fox3
Posted 6/29/2008 10:41 AM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 7/7/2008 1:33 PM
Posts: 12, Visits: 11
Greetings,

First off, thank you for the recommendations in the post "READ BEFORE POSTING HIJACK THIS LOGS". I followed the steps and I am still having problems. When launching Firefox, most times the program will hang and never actually go to the requested website. AVG will also not update along with SUPERAntispyware and windows XP update. I am running SP2 and I have done the other updates manually. In an attempt to correct this problem, below is my Hijackthis log. If all else fails, wiping the drive and a fresh install of XP is an option, but I would like to try and fix the problem if possible. I appreciate any help and/or suggestions in advance. Thank you. Also, let me know if you need any additional information from me.

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:46 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: (no name) - {1BD73B94-7614-48AA-BAAD-2D6C2B3ECD82} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: {cb551c24-df3a-7e59-fbe4-ccda71f96064} - {46069f17-adcc-4ebf-95e7-a3fd42c155bc} - C:\WINDOWS\system32\naaenjcx.dll (file missing)
O2 - BHO: (no name) - {922FBD52-7432-4839-BD54-FAF61639020E} - (no file)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BM9b97b920] Rundll32.exe "C:\WINDOWS\system32\dmjfibcq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - file:///D:/LTOCX14N.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkHWQKb - jkkHWQKb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4378 bytes
Post #241833
RichieUK
Posted 6/29/2008 11:25 AM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,010, Visits: 54,734
Welcome

Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall



Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

________________________________________


ASAP & UNITE member since 2006





Spreadfirefox Affiliate Button Get Thunderbird!
Post #241837
knight1fox3
Posted 6/30/2008 9:35 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 7/7/2008 1:33 PM
Posts: 12, Visits: 11
Thanks for the help RichieUK. Here is what you requested:

ComboFix 08-06-20.4 - ********** 2008-06-30 20:21:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1084 [GMT -5:00]
Running from: C:\Documents and Settings\**********\desktop\combofix.exe
Command switches used :: /killall

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM9b97b920.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cdeddfhk.ini
C:\WINDOWS\system32\cdeddfhk.ini2
C:\WINDOWS\system32\dmjfibcq.dll
C:\WINDOWS\system32\evdfyjjw.dll
C:\WINDOWS\system32\hivotuon.dll
C:\WINDOWS\system32\jfistyia.ini
C:\WINDOWS\system32\mosbkdcs.dll
C:\WINDOWS\system32\noutovih.ini
C:\WINDOWS\system32\xlusgall.ini
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 20:33 . 1,893C:\WINDOWS\bcmwltrytmp.reg
2008-06-27 22:29 . 2008-06-27 22:29d--------C:\Program Files\SUPERAntiSpyware
2008-06-27 22:29 . 2008-06-27 22:29d--------C:\Documents and Settings\**********\Application Data\SUPERAntiSpyware.com
2008-06-27 22:29 . 2008-06-27 22:29d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 21:59 . 2008-06-27 21:59d--------C:\Program Files\Trend Micro
2008-06-25 20:24 . 2008-06-25 21:59d--------C:\Program Files\XoftSpySE
2008-06-24 22:17 . 2008-06-24 22:17230--a------C:\WINDOWS\system32\spupdsvc.inf
2008-06-24 22:15 . 2008-06-25 18:321,374--a------C:\WINDOWS\imsins.BAK
2008-06-24 21:34 . 2008-06-30 20:33794,656--ahs----C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-24 21:34 . 2008-06-30 20:3010,244--ahs----C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-24 21:27 . 2008-06-24 21:27d--------C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-24 21:27 . 2008-06-24 21:294,212---h-----C:\WINDOWS\system32\zllictbl.dat
2008-06-24 21:26 . 2008-04-02 20:0775,248--a------C:\WINDOWS\zllsputility.exe
2008-06-24 21:26 . 2004-04-27 04:4011,264--a------C:\WINDOWS\system32\SpOrder.dll
2008-06-24 21:25 . 2008-06-24 21:26d--------C:\WINDOWS\system32\ZoneLabs
2008-06-24 21:25 . 2008-06-24 21:25d--------C:\Program Files\Zone Labs
2008-06-24 21:25 . 2008-04-02 20:071,086,952--a------C:\WINDOWS\system32\zpeng24.dll
2008-06-24 21:25 . 2008-06-30 20:33352,918--a------C:\WINDOWS\system32\vsconfig.xml
2008-06-24 21:22 . 2008-06-30 20:33d--------C:\WINDOWS\Internet Logs
2008-06-22 11:24 . 2008-06-24 20:59d--------C:\Program Files\Piolet
2008-06-22 11:24 . 2008-06-22 11:24662,288--a------C:\WINDOWS\system32\MSCOMCT2.OCX
2008-06-22 11:24 . 2008-06-22 11:24416,528--a------C:\WINDOWS\system32\COMCT332.OCX
2008-06-22 11:24 . 2008-06-22 11:24152,848--a------C:\WINDOWS\system32\COMDLG32.OCX
2008-06-22 11:24 . 2008-06-22 11:24132,880--a------C:\WINDOWS\system32\MSINET.OCX
2008-06-22 11:24 . 2008-06-22 11:24124,688--a------C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-22 10:42 . 2008-06-22 13:35d--------C:\Program Files\Spybot - Search & Destroy
2008-06-22 10:36 . 2008-06-28 13:06d--h-----C:\$AVG8.VAULT$
2008-06-22 10:14 . 2008-06-24 19:24d--------C:\WINDOWS\system32\drivers\Avg
2008-06-22 10:14 . 2008-06-22 10:1496,520--a------C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-22 10:14 . 2008-06-22 10:1475,272--a------C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-22 10:14 . 2008-06-22 10:1410,520--a------C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 10:13 . 2008-06-22 13:35d--------C:\Program Files\AVG
2008-06-22 10:13 . 2008-06-22 13:35d--------C:\Documents and Settings\All Users\Application Data\avg8
2008-06-19 03:02 . 2008-06-19 03:02118--a------C:\WINDOWS\system32\MRT.INI
2008-06-18 03:52 . 2008-06-13 08:10272,128---------C:\WINDOWS\system32\drivers\bthport.sys
2008-06-18 03:52 . 2008-06-13 08:10272,128-----c---C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 09:20 . 2008-06-22 13:35d--------C:\WINDOWS\system32\247880

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 03:29---------d-----wC:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 03:15---------d-----wC:\Program Files\Google
2008-06-25 02:59---------d-----wC:\Documents and Settings\**********\Application Data\Apple Computer
2008-06-25 01:54---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-22 16:241,376,528----a-wC:\WINDOWS\system32\msvbvm60.dll
2008-05-29 09:000----a-wC:\Program Files\uninstall.dat
2008-05-08 12:28202,752----a-wC:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:181,287,680----a-wC:\WINDOWS\system32\quartz.dll
2008-04-21 07:04659,456----a-wC:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46069f17-adcc-4ebf-95e7-a3fd42c155bc}]
C:\WINDOWS\system32\naaenjcx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-22 10:14 1177368]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 22:05 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWQKb]
jkkHWQKb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98a48abc]
C:\WINDOWS\system32\hivotuon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM9b97b920]
C:\WINDOWS\system32\dmjfibcq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-ra------ 2000-10-16 10:37 32768 C:\WINDOWS\system32\rmctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-03-01 16:52 1695744 C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 10:33 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-04-02 20:07 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Piolet\\piolet.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-22 10:14]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-22 10:14]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-22 10:13]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-22 10:14]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 20:32:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-30 20:34:51 - machine was rebooted [**********]
ComboFix-quarantined-files.txt 2008-07-01 01:34:44

Pre-Run: 43,329,499,136 bytes free
Post-Run: 43,491,581,952 bytes free

173--- E O F ---2008-06-25 23:33:08

New Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:44 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: {cb551c24-df3a-7e59-fbe4-ccda71f96064} - {46069f17-adcc-4ebf-95e7-a3fd42c155bc} - C:\WINDOWS\system32\naaenjcx.dll (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - file:///D:/LTOCX14N.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkHWQKb - jkkHWQKb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4328 bytes
Post #241896
RichieUK
Posted 7/1/2008 1:51 AM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,010, Visits: 54,734
Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

KILLALL::

File::
C:\WINDOWS\bcmwltrytmp.reg

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46069f17-adcc-4ebf-95e7-a3fd42c155bc}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWQKb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98a48abc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM9b97b920]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.



This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

________________________________________


ASAP & UNITE member since 2006





Spreadfirefox Affiliate Button Get Thunderbird!
Post #241898
knight1fox3
Posted 7/1/2008 9:56 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 7/7/2008 1:33 PM
Posts: 12, Visits: 11
Here you go and thanks again for the assistance:

New ComboFix Log:

ComboFix 08-06-30.2 - ********** 2008-07-01 21:38:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1089 [GMT -5:00]
Running from: C:\Documents and Settings\**********\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\**********\Desktop\CFScript.txt
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\bcmwltrytmp.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM9b97b920.txt
C:\WINDOWS\system32\atikvmag.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-06-27 22:29 . 2008-06-27 22:29d--------C:\Program Files\SUPERAntiSpyware
2008-06-27 22:29 . 2008-06-27 22:29d--------C:\Documents and Settings\**********\Application Data\SUPERAntiSpyware.com
2008-06-27 22:29 . 2008-06-27 22:29d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 21:59 . 2008-06-27 21:59d--------C:\Program Files\Trend Micro
2008-06-25 20:24 . 2008-06-25 21:59d--------C:\Program Files\XoftSpySE
2008-06-24 22:17 . 2008-06-24 22:17230--a------C:\WINDOWS\system32\spupdsvc.inf
2008-06-24 22:15 . 2008-06-25 18:321,374--a------C:\WINDOWS\imsins.BAK
2008-06-24 21:34 . 2008-07-01 21:43847,904--ahs----C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-24 21:34 . 2008-07-01 21:4010,916--ahs----C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-24 21:27 . 2008-06-24 21:27d--------C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-24 21:27 . 2008-06-24 21:294,212---h-----C:\WINDOWS\system32\zllictbl.dat
2008-06-24 21:26 . 2008-04-02 20:0775,248--a------C:\WINDOWS\zllsputility.exe
2008-06-24 21:26 . 2004-04-27 04:4011,264--a------C:\WINDOWS\system32\SpOrder.dll
2008-06-24 21:25 . 2008-06-24 21:26d--------C:\WINDOWS\system32\ZoneLabs
2008-06-24 21:25 . 2008-06-24 21:25d--------C:\Program Files\Zone Labs
2008-06-24 21:25 . 2008-04-02 20:071,086,952--a------C:\WINDOWS\system32\zpeng24.dll
2008-06-24 21:25 . 2008-07-01 21:43352,918--a------C:\WINDOWS\system32\vsconfig.xml
2008-06-24 21:22 . 2008-07-01 21:43d--------C:\WINDOWS\Internet Logs
2008-06-22 11:24 . 2008-06-24 20:59d--------C:\Program Files\Piolet
2008-06-22 11:24 . 2008-06-22 11:24662,288--a------C:\WINDOWS\system32\MSCOMCT2.OCX
2008-06-22 11:24 . 2008-06-22 11:24416,528--a------C:\WINDOWS\system32\COMCT332.OCX
2008-06-22 11:24 . 2008-06-22 11:24152,848--a------C:\WINDOWS\system32\COMDLG32.OCX
2008-06-22 11:24 . 2008-06-22 11:24132,880--a------C:\WINDOWS\system32\MSINET.OCX
2008-06-22 11:24 . 2008-06-22 11:24124,688--a------C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-22 10:42 . 2008-06-22 13:35d--------C:\Program Files\Spybot - Search & Destroy
2008-06-22 10:36 . 2008-06-28 13:06d--h-----C:\$AVG8.VAULT$
2008-06-22 10:14 . 2008-06-24 19:24d--------C:\WINDOWS\system32\drivers\Avg
2008-06-22 10:14 . 2008-06-22 10:1496,520--a------C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-22 10:14 . 2008-06-22 10:1475,272--a------C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-22 10:14 . 2008-06-22 10:1410,520--a------C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 10:13 . 2008-06-22 13:35d--------C:\Program Files\AVG
2008-06-22 10:13 . 2008-06-22 13:35d--------C:\Documents and Settings\All Users\Application Data\avg8
2008-06-19 03:02 . 2008-06-19 03:02118--a------C:\WINDOWS\system32\MRT.INI
2008-06-18 03:52 . 2008-06-13 08:10272,128---------C:\WINDOWS\system32\drivers\bthport.sys
2008-06-18 03:52 . 2008-06-13 08:10272,128-----c---C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 09:20 . 2008-06-22 13:35d--------C:\WINDOWS\system32\247880

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 03:29---------d-----wC:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 03:15---------d-----wC:\Program Files\Google
2008-06-25 02:59---------d-----wC:\Documents and Settings\**********\Application Data\Apple Computer
2008-06-25 01:54---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-22 16:241,376,528----a-wC:\WINDOWS\system32\msvbvm60.dll
2008-05-29 09:000----a-wC:\Program Files\uninstall.dat
2008-05-08 12:28202,752----a-wC:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:181,287,680----a-wC:\WINDOWS\system32\quartz.dll
2008-04-21 07:04659,456----a-wC:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-30_20.34.21.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 01:31:272,048--s-a-wC:\WINDOWS\bootstat.dat
+ 2008-07-02 02:41:442,048--s-a-wC:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-22 10:14 1177368]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 22:05 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-ra------ 2000-10-16 10:37 32768 C:\WINDOWS\system32\rmctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-03-01 16:52 1695744 C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 10:33 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-04-02 20:07 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Piolet\\piolet.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-22 10:14]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-22 10:14]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-22 10:13]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-22 10:14]

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Broadcom Wireless Manager UI - C:\WINDOWS\system32\WLTRAY
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 21:42:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-01 21:45:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 02:45:29
ComboFix2.txt 2008-07-01 01:34:52

Pre-Run: 43,476,889,600 bytes free
Post-Run: 43,453,673,472 bytes free

156--- E O F ---2008-06-25 23:33:08

New Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:43 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - file:///D:/LTOCX14N.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4008 bytes
Post #241926