Here is my HiJack This Log, please help

[brooom]

I did a Malwarebytes scan, and it is telling me that everything to do with C:\windows\iexplore is a Trojan.Agent. There are also a few other things I am nervous about deleting as I do not know what they are for, such as c:\windows\smdat32a.sys and c:\windows\smdat32m.sys.

So here is my HiJack Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:45:59 AM, on 4/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\FairPoint\FairPoint Security Suite\rps.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe

C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,acciher.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\FairPoint\FairPoint Security Suite\pkR.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ms0503565-6638] C:\WINDOWS\ms0503565-6638.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [FairPointServicepoint.exe] "C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe

O4 - HKCU\..\Run: [ulptx] C:\WINDOWS\system32\ywebwy.exe reg_run

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: WD Anywhere Backup Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Event Reminder.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{35C6FBCE-C700-4279-82E3-F07A65A70653}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D0EAA94-29F0-4548-A049-5437353E0419}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FAAED76-7D83-452C-A5EC-2D767A1B71F3}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CS2\Services\Tcpip\..\{2F0916F2-3C53-4563-902B-828B465F0A43}: NameServer = 218.93.202.110,218.93.202.111

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: FairPoint Security Suite (Radialpoint Security Services) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe

O23 - Service: FairPoint Security Suite Firewall (RP_FWS) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O24 - Desktop Component 0: (no name) - http://cachemediasrv.patriots.com/ImgDyn.c...;h=100&cs=1

--

End of file - 11290 bytes

Can anyone help me make heads or tails of all of this?

Greatly appreciated!

[miekiemoes]

Hi,

This looks like you have never removed anything your scanner(s) alert you of, because I see malware traces in your log from 3 years ago! (a very old Qoologic variant for example).

Also, I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..

I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!

This is somewhat suicidal in today's digital world.

That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/

This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.

Then reboot.

After reboot, open your Avira and select "reports".

There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

But before you perform above steps... I see you are running AdWatch.

I suggest you disable it because it can interfere with the fixes.

To disable AdWatch:

* Right click on the Ad-Watch icon in the system tray.

* At the bottom of the screen there will be two checkable items called Active and Automatic.

o Active: This will turn Ad-Watch On\Off without closing it.

o Automatic: Suspicious activity will be blocked automatically.

* Uncheck both of those boxes.

* (When done, you can re-enable it using the same steps but this time check both boxes.)

[brooom]

Hi,

Thanks for helping. I do have Fairpoint Security Suite with Virus Protection - I run it regularly. I don't know why it doesn't show up.

I have attached my AVSCAN Report. It is HUGE.

Here is my HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:21:53 PM, on 4/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe

C:\Program Files\FairPoint\FairPoint Security Suite\rps.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe

C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,acciher.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\FairPoint\FairPoint Security Suite\pkR.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ms0503565-6638] C:\WINDOWS\ms0503565-6638.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [FairPointServicepoint.exe] "C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe

O4 - HKCU\..\Run: [ulptx] C:\WINDOWS\system32\ywebwy.exe reg_run

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: WD Anywhere Backup Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Event Reminder.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{35C6FBCE-C700-4279-82E3-F07A65A70653}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D0EAA94-29F0-4548-A049-5437353E0419}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FAAED76-7D83-452C-A5EC-2D767A1B71F3}: NameServer = 218.93.202.110,218.93.202.111

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: FairPoint Security Suite (Radialpoint Security Services) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe

O23 - Service: FairPoint Security Suite Firewall (RP_FWS) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O24 - Desktop Component 0: (no name) - http://cachemediasrv.patriots.com/ImgDyn.c...;h=100&cs=1

--

End of file - 11690 bytes

Thanks so much.

AVSCAN.zip

AVSCAN.zip

[miekiemoes]

Hi,

I overlooked the fact that you had Farpoint. It's an unknown one, which explains it. That means that you have to uninstall Avira again - or uninstall Farpoint, because you can't have more than 1 Antivirus present (compatibility issues). In anyway, Avira did a nice cleanup - 3650 Viruses and/or unwanted programs were found.

Then, I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  

Then, reboot.

Then, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,acciher.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [ms0503565-6638] C:\WINDOWS\ms0503565-6638.exe

O4 - HKCU\..\Run: [ulptx] C:\WINDOWS\system32\ywebwy.exe reg_run

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O24 - Desktop Component 0: (no name) - http://cachemediasrv.patriots.com/ImgDyn.c...;h=100&cs=1 <== check this if you set this active desktop

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

Then,

First of all, please update MalwareBytes...

• Start MalwareBytes and click the Update tab. There click "Check for updates"
  
• In case you can't update the database via the update option, please download and install the database from here. Only do this when the update option doesn't work.
  
• Once the updates are downloaded, perform a full scan again.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[brooom]

Hello,

Here is my MBAM Log:

Malwarebytes' Anti-Malware 1.36

Database version: 1959

Windows 5.1.2600 Service Pack 3

4/10/2009 7:06:28 AM

mbam-log-2009-04-10 (07-06-28).txt

Scan type: Full Scan (C:\|)

Objects scanned: 207499

Time elapsed: 8 hour(s), 22 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 94

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\IEXPLORE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\CUSTOM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\PLUGINS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\IEXPLORE\BASIC.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\CLASSES.ZIP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\FAVORITE.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\FECHRCNV.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\GLOBHIST.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\IEMASTHD.GIF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\IEXPLORE.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MSAGEN16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MSAWT16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MSHTML16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MSJAVA16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MSJPEG16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MSNET16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MSNLS.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\NOTES.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\RA.GIF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\RAPLAYER.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\RAPLAYER.HLP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\README.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\README.TXT (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\SCHNL16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\SECSSP16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\SETUP31.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\SPACE.GIF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\START.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\START.RAM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\WN26-39.BMP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\WN38-39.BMP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\CUSTOM\IEDKCS16.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\CUSTOM\INSCHK16.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\CUSTOM\INSRUN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\CUSTOM\INSTALL.INS (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\CUSTOM\WNIE26.BMP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\CUSTOM\WNIE38.BMP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\AUTHOR.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\COMMANDS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\CONBOOK.GIF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\CONCEPTS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\DOCWIN.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\EULA.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\FILETY16.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\FIND.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\HISTORY.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\HOME.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\HOTLIST.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\HTML.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\LOOK.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\MAIL.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\NEWNEWS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\OPEN.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\OPTIONS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\PERFORM.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\PRINT.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\PROXY.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\RATINGS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\SAVEAS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\SSL.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\TOPICS.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\TROUBLE.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\UPDATE.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\HELP\URL.HTM (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\ABP.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.DAN (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.DEU (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ENG (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ENU (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ESN (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ESP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FIN (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FRA (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FRC (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ISL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ITA (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.NLD (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.NOR (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.PTG (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\CHARSET.SVE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\HEX40BIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\HEX40BIN.PIF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MAIL.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MAIL.INI (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MAILON.HLP (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MAPIIE.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MAPISEND.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MDB.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MIME.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MONCFG.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\MSGSTORE.PRF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\RECV.PRF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\SEND.PRF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\SENDMAIL.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\SKELETON.PRF (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\SPOOLERI.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\IEXPLORE\MAIL\TRANS.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

And here is my HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:13:59 AM, on 4/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\FairPoint\FairPoint Security Suite\rps.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe

C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\FairPoint\FairPoint Security Suite\pkR.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [FairPointServicepoint.exe] "C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe

O4 - HKCU\..\Run: [ulptx] C:\WINDOWS\system32\ywebwy.exe reg_run

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: WD Anywhere Backup Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Event Reminder.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{35C6FBCE-C700-4279-82E3-F07A65A70653}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D0EAA94-29F0-4548-A049-5437353E0419}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FAAED76-7D83-452C-A5EC-2D767A1B71F3}: NameServer = 218.93.202.110,218.93.202.111

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: FairPoint Security Suite (Radialpoint Security Services) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe

O23 - Service: FairPoint Security Suite Firewall (RP_FWS) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--

End of file - 10654 bytes

Thanks!

[miekiemoes]

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

[brooom]

Here is the ComboFix Log:

ComboFix 09-04-04.01 - Compaq_Owner 2009-04-10 8:17:11.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.266 [GMT -4:00]

Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

AV: FairPoint Security Suite Virus Protection *On-access scanning disabled* (Updated)

FW: FairPoint Security Suite Firewall *disabled*

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\INSTALL.LOG

c:\program files\Need2Find

c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR

c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR

c:\program files\Need2Find\bar\1.bin\PARTNER.DAT

c:\recycler\RB37.tmp

c:\recycler\RB5.tmp

c:\windows\Fonts\acrsec.fon

c:\windows\IE4 Error Log.txt

.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))

.

2009-04-10 08:13 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe

2009-04-09 17:57 . 2009-04-09 17:57 <DIR> d-------- c:\program files\Avira

2009-04-09 17:57 . 2009-04-09 17:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-04-09 17:57 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys

2009-04-09 09:04 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys

2009-04-09 09:03 . 2009-04-09 09:16 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\HouseCall 6.6

2009-04-09 07:42 . 2009-04-09 07:42 <DIR> d-------- c:\program files\Trend Micro

2009-04-08 22:43 . 2009-04-08 22:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-04-08 22:43 . 2009-04-08 22:43 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes

2009-04-08 22:43 . 2009-04-08 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-08 22:43 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-08 22:43 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-04-08 22:32 . 2009-04-08 22:31 410,984 --a------ c:\windows\system32\deploytk.dll

2009-04-08 22:32 . 2009-04-08 22:31 73,728 --a------ c:\windows\system32\javacpl.cpl

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-10 12:23 38,941,984 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-10 12:23 2,761,760 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-04-10 11:08 519,764 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-10 11:08 259,532 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-04-10 02:11 --------- d-----w c:\program files\Viewpoint

2009-04-10 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-04-09 02:31 --------- d-----w c:\program files\Java

2009-04-08 23:00 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Corel

2009-04-08 22:58 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys

2009-03-24 02:59 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent

2009-03-17 11:55 --------- d-----w c:\program files\Google

2009-03-09 20:57 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Move Networks

2009-03-09 12:46 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys

2009-03-09 12:46 15,688 ----a-w c:\windows\system32\lsdelete.exe

2009-03-09 12:40 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-09 12:39 --------- d-----w c:\program files\Lavasoft

2009-03-02 19:59 87,608 -c--a-w c:\documents and settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT

2009-02-12 18:04 --------- d-----w c:\program files\Raxco

2009-02-12 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco

2009-02-12 18:03 --------- d-----w c:\program files\Verizon

2009-02-12 18:03 --------- d-----w c:\program files\InstallShield Installation Information

2009-02-12 18:03 --------- d-----w c:\program files\FairPoint

2009-02-12 18:03 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Verizon

2009-02-12 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon

2009-02-12 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\FairPoint

2009-02-12 18:00 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\FairPoint

2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys

2007-07-20 05:19 855,886 ----a-w c:\program files\AUG2007_d3dx10_35_x64.cab

2007-07-20 05:19 800,467 ----a-w c:\program files\AUG2007_d3dx10_35_x86.cab

2007-07-20 05:19 1,803,760 ----a-w c:\program files\AUG2007_d3dx9_35_x64.cab

2007-07-20 05:18 44,684 ----a-w c:\program files\dxdllreg_x86.cab

2007-07-20 05:18 201,696 ----a-w c:\program files\AUG2007_XACT_x64.cab

2007-07-20 05:18 156,612 ----a-w c:\program files\AUG2007_XACT_x86.cab

2007-07-20 05:18 1,711,752 ----a-w c:\program files\AUG2007_d3dx9_35_x86.cab

2006-07-08 17:44 0 -c--a-w c:\documents and settings\Compaq_Owner\Application Data\internaldb41.dat

2008-08-19 17:54 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll

2008-08-19 17:54 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll

2008-08-19 17:56 46,408 ----a-w c:\program files\mozilla firefox\plugins\atmccli.dll

2008-08-19 17:57 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll

2007-03-09 08:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll

2008-08-20 14:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-08-04 462336]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]

"HPHUPD05"="c:\program files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]

"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-04 491520]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]

"FairPointServicepoint.exe"="c:\program files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe" [2008-10-21 2286832]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\

WD Anywhere Backup Launcher.lnk - c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2009-01-01 17542]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Event Reminder.lnk - c:\program files\Broderbund\Broderbund Party and Crafts Creator\pmremind.exe [2005-06-16 331776]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]

ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2009-01-01 253952]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.iac2"= I:\iac25_32.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"=

"c:\\Program Files\\Windows Media Components\\Encoder\\wmstreamedt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\ijji\\ENGLISH\\u_gbound.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Compaq_Owner\\Desktop\\Office\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-09 64160]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-09 108289]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-09-27 10664]

S3 Radialpoint Security Services;FairPoint Security Suite;c:\program files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe [2008-11-10 96496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e1beb8a-3f67-11dc-bd06-00112fa12bf6}]

\Shell\AutoRun\command - I:\setupSNK.exe

.

Contents of the 'Scheduled Tasks' folder

2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:44]

2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-04-10 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 00:35]

2005-01-24 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 13:24]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-ESPN BottomLine - c:\program files\ESPN\BottomLine\bline.exe

HKCU-Run-Aim6 - (no file)

HKLM-Run-PS2 - c:\windows\system32\ps2.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

TCP: {35C6FBCE-C700-4279-82E3-F07A65A70653} = 218.93.202.110,218.93.202.111

TCP: {4D0EAA94-29F0-4548-A049-5437353E0419} = 218.93.202.110,218.93.202.111

TCP: {9FAAED76-7D83-452C-A5EC-2D767A1B71F3} = 218.93.202.110,218.93.202.111

FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9v3nx3g4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=

FF - prefs.js: browser.startup.homepage - www.myyahoo.com

FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=

FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9v3nx3g4.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 08:23:29

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1818982709-2396969477-3295273251-1009\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Completion time: 2009-04-10 8:26:38

ComboFix-quarantined-files.txt 2009-04-10 12:25:21

Pre-Run: 62,585,323,520 bytes free

Post-Run: 63,016,792,064 bytes free

267 --- E O F --- 2009-03-21 07:02:35

Thanks!

[miekiemoes]

Hi,

This looks Ok again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

[brooom]

Things seems a bit quieter now, smoother.

Unfortunately, I am getting website page load errors. I have been trying to access a website that I know is there, and when the problem first started it would redirect me to a page full of advertisements.

Now it won't let me load that page at all - I'm getting Page Load Error and Connection Interruption messages when I attempt.

So I know something is still going on.

Thanks.

[miekiemoes]

Hi,

This may be your fairpoint causing this though. To find out, see if the page loads from Windows safe mode (with networking support).

Also, can you give me the link to that website? This so I can test as well.

Also, do you have the problem in IE or Firefox or both? This is also important to know...

[brooom]

Hi,

The website is http://www.adopteerights.net.

It is happening in both IE and Firefox.

I am off to see if it works in safe mode.

[miekiemoes]

Hi,

Can you try if this link works? http://adopteerights.net/nulliusfilius/ because that's what I get when I click your link.

Also, is this your Nameserver?

O17 - HKLM\System\CCS\Services\Tcpip\..\{35C6FBCE-C700-4279-82E3-F07A65A70653}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D0EAA94-29F0-4548-A049-5437353E0419}: NameServer = 218.93.202.110,218.93.202.111

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FAAED76-7D83-452C-A5EC-2D767A1B71F3}: NameServer = 218.93.202.110,218.93.202.111

[miekiemoes]

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.