bump I read "read this" and have IESiteBlocker.NavFilte

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

bump I read "read this" and have IESiteBlocker.NavFilte25th July 2009, 3:06 pm

was able to install hijack this and run the scan - I see something called wormradar.com (IEsiteblocker) in the log..... trying to figure out a way to get whole logfile off pc since usb drives have been disabled....

My browsers have been hijacked, and possibly my usb drives. In addition, it may have tried to spread over my wireless connection (have an apple express modem), so I've disconnected that and have another (non infected) pc cabled directly into the modem.

So... I'm not sure what I have and the sick pc (running xp pro) can't get to the internet (can't ping anything either). Last night my virus protection jumped up and said something was trying to install and that it had been quarantined, so I thought I was safe. I didn't make note of the name (it was mal something and some kind of trojan) and now the virus protection navigation has been disabled too (can't view anything there).

I'm creating a cd with some tools on it to try to load that to the sick pc.

Will you still be able to help me if I can get the windows, java, adobe reader etc updates done on the sick pc ? Even though the pc seems to be unable to connect to the internet?

Thanks in advance
skhpa

Last edited by skhpa101 on 29th July 2009, 2:03 pm; edited 5 times in total (Reason for editing : bump)

Re: bump I read "read this" and have IESiteBlocker.NavFilte25th July 2009, 7:40 pm

The IESiteBlocker is AVG8, harmless.

If you can't update Java/Adobe, skip them and see if Hijack This will run. Even the basics will help us.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
bump I read "read this" and have IESiteBlocker.NavFilte DXwU4

bump I read "read this" and have IESiteBlocker.NavFilte DXwU4

bump I read "read this" and have IESiteBlocker.NavFilte VvYDg

Re: bump I read "read this" and have IESiteBlocker.NavFilte26th July 2009, 12:39 am

ok, thanks. have to figure out a way to get the HJT log off (usb drives aren't responding). have an old floppy drive somewhere.... will post again tomorrow

bump - Partial HiJack This LogFile26th July 2009, 9:39 pm

Anybody out there ? Is this partial (retyped) logfile any help ? I really need to get this pc fixed - I work from home and it's monday morning.... help!

OK... can't get the floppy drive to work either so I HAVE TYPED LOGFILE HERE - PLEASE dont be mad at me for not typing the whole thing - did not type processes that I recognized, like logmein, quickbooks etc and the entries that end in .... looked pretty harmless - Cannot get pc on line and cannot use any drives (usb floppy etc)

sorry - there may be some typos... what a pita....

logfile of trend micro hijack this v2.0.2
scan saved at 4:44:01 pm, on 7/26/09
platform: windows xp sp2 (winnt 5.01.2600)
msie: internet explorer v7.00(7.00.6000.16850)
boot mode: normal

Running processes:
C:\ WINDOWS\System32\smss.exe
C:\ WINDOWS\System32\winlogin.exe
C:\ WINDOWS\System32\services.exe
C:\ WINDOWS\System32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\ WINDOWS\System32\svchost.exe
C:\ WINDOWS\System32\svchost.exe
C:\ WINDOWS\System32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\.Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMax\SMAgent.exe

R0 - HKCU\Softwre\microsoft\Internet Explorer\main, start page=http://www.makerent.com
R1 - HKLM\software\microsoft\internet explorer\main, default_page_url=http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\software\microsoft\internet explorer\main, default_page_url=http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKLM\software\microsoft\internet explorer\main, default_page_url=http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\software\microsoft\internet explorer\main, default_page_url=http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\software\microsoft\windows\currentversion\internet settings.proxyoverride =*.local
R3 - urlsearchhook: wisdom-soft toolbar...
O2 - BHO: Adobe pdf readerlink helper...
O2 - BHO - skype addon (mastermind)...
O2 - BHO: realplayer dowload and record...
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}- C:\Program Files\AVG\AVG8\avggssie.dll
O2 - BHO: SVHelper Class - {...} - C:\Program Files|Java...
O2 - BHO:Google Toolbar Notifier...
O4 - HKLM\..\Run: [logmein gui]...
O4 - HKLM\..\Run: [avg8_tray]...
O4 - HKLM\..\Run: [quicktime task]...
O4 - HKLM\..\Run: [tkbellexe]...
O4 - HKLM\..\Run: [airlink101 wlan monitor]...
O4 - HKLM\..\Run: [aniwzcs2servig.exe]...
O4 - HKLM\..\Run: [spysweeper]...
O4 - HKLM\..\Run: [ctfmon.exe]...
O4 - HKLM\..\Run: [h/pc connection agent] ... activesync...
O8 - extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - extra button (no name) - {2eaf5bb2-07of-11d3-9307-00c04fae2d4f} -
c:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - extra button (no name) - [08b0e5c0-4cb-11cf-aaa5-00401c608501} - c:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - extra button (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583 } -
c:\windows\network diagnostic\xpnetdiag.exe
020 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
020 - Init_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

Last edited by skhpa101 on 27th July 2009, 3:15 pm; edited 7 times in total (Reason for editing : typing in more logfile entries)

bump?27th July 2009, 1:46 pm

can anyone help me with this? I'm in deep yogurt and gotta find some help somewhere today. if the partial logfile is a problem, plz let me know. i'm willing to do a donation.......... do i need to do that first ? I work from home and can't wait much longer. will have to pack up this bad boy and take it somewhere....

Re: bump I read "read this" and have IESiteBlocker.NavFilte27th July 2009, 3:54 pm

Hello.
Please post a full log, do not edit the lines, otherwise I can't help.

typed in the logfile27th July 2009, 5:49 pm

omg... i had to TYPE the entire logfile to post it here since can't get pc online...
tried to be accurate and proof read ... what a pita....

Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 12:08:57 pm, on 7/27/09
Platform: Windows XP SP2 (winnt 5.01.2600)
MSIE: Internet Explorer v7.00(7.00.6000.16850)
Boot mode: ormal

Running processes:
C:\ WINDOWS\System32\smss.exe
C:\ WINDOWS\System32\winlogin.exe
C:\ WINDOWS\System32\services.exe
C:\ WINDOWS\System32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\ WINDOWS\System32\svchost.exe
C:\ WINDOWS\System32\svchost.exe
C:\ WINDOWS\System32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\.Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\SoundMac\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeI
C:\Program Files\Microsoft Activesync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\ WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Upddate_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWs\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Softwre\Microsoft\Internet Explorer\main, start page=http://www.makerent.com
R1 - HKLM\Software\microsoft\Internet Explorer\main, default_page_url=http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKLM\Software\microsoft\Internet Explorer\main, default_page_url=http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKLM\Software\microsoft\Internet Explorer\main, default_page_url=http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\microsoft\Internet Explorer\main, default_page_url=http://go.microsoft.com/fwlink/?linkid=69157
R1 - HKCU\Software\Microsoft\Windows\Currentersion|Internet Settins,ProxyOverride = *.local
R3 - urlsearchhook: wisdom-soft toolbar - {6dfc55bb-bffff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbwis1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO - Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Common
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - }3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avggssie.dll
O2 - BHO: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462c-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre1.6.0_07\bin\ssv.dll
O2 - BHO:Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1.1309.3572\swg.dll
O2 - BHO: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSysTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TKBellExe] "C:\Program Files\Common Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe"/ startintray
O4 - HKLM\..\Run: [ctfmon.exe] "C:WINDOWS\system32\ctfmon.exe"
O4 - HKLM\..\Run: [H\PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKLM\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button (no name) - [08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools" menuitem: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.dll
O9 - Extra button: Real.com {CD67F990-D8E9-11d2-98FE-00C0F0328AFE} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583 } - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
015 - Trusted Zone: http://www.cafepress.com
015 - Trusted Zone: http://www.pens.com
016 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFomTheWeb ActiveX Control) -
http://support.rexplorer.net/iftw_install//iftwclix.cab
016 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class0 -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202226154843
016 - DPF: {D27CDB6E-AE6D11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
016 - DPF: {FD0B6769-6490-$a91-AA0A-B5AE0DC75AC9} (Performance Viewer ActiveX Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100
018 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B -433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
018 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FbDDe494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
018 - Protocol: qbwc - {Fc598A64-626C4447-85B8-5315-4-5FD57} - mscoree.dll (file missing)
018 - Protocol: skype4com - {FFC8B962-9B40-4Dff-9458-183)C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
020 - AppInit_DLLs: C:\PROGRA~1\Goole\GOOGLE~1\GOEC62~1.DLL
020 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
023 - Service: ANIWZCSd Service(ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
023 - Service: AVG8 Watchdog (avg8wd) - AVG Technologies CA, s.r.o - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
023 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
023 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
023 - Service: Google Update Service (gupdate1c9ac1514b39476) (gupdatee1c9ac1514b39476) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
023 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
023 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
023 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
023 - Service: LogMeIn Maintenance Service (LMIMain) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
023 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
023 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
023 - Service: Intuit QuickBooks FCS (QBFCService) - Intui Inc. - C:\Program Files\Common
Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
023 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
023 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SondMAX\SMAgent.exe
023 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
023 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 8820 bytes

Last edited by skhpa101 on 27th July 2009, 5:52 pm; edited 1 time in total (Reason for editing : add subject)

Re: bump I read "read this" and have IESiteBlocker.NavFilte27th July 2009, 9:09 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV. (AVG8)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: bump I read "read this" and have IESiteBlocker.NavFilte27th July 2009, 9:22 pm

nevermind...

Last edited by skhpa101 on 27th July 2009, 10:24 pm; edited 1 time in total

Re: bump I read "read this" and have IESiteBlocker.NavFilte27th July 2009, 9:35 pm

Skip that bit.

?? skip what ??27th July 2009, 10:47 pm

the hard part is going to be TYPING ANOTHER LOG FILE into this post ! any tips on how i might at least get the floppy or usb drives back so I can copy logfiles ?

skip the recovery console download ? I just found a site and downloaded the .iso file and am burning it to a cd....

Re: bump I read "read this" and have IESiteBlocker.NavFilte28th July 2009, 5:05 pm

Hello, have you tried the keyboard shortcuts:

Ctrl+A - to copy all text

Ctrl+C - to copy all the text

and

Ctrl+V - To paste the text

?

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

bump I read "read this" and have IESiteBlocker.NavFilte 2wg6fte

Re: bump I read "read this" and have IESiteBlocker.NavFilte28th July 2009, 7:35 pm

yes. that's not the problem. i can copy and paste no problem. but, none of the drives work ie usb, floppy etc.are not responding, so i can't copy the text to anything to post the log. and the browsers have been hijacked so can't get online that way. bottom line is that the pc is completely offline and data transfer is impossible - cd drive is working and i am loading programs from there, but it's not a cd burner so can't copy back from the pc

I have HackTool: App/ForceLib-A AND Virus: Mal/Behav-02329th July 2009, 9:19 am

ok. have the sick pc online so can post logfiles - and i found the names of what i have

HackTool: App/ForceLib-A
Virus: Mal/Behav-023

Updated Spysweeper and just ran and quarantined them. Do I need to run hijack this again and post log ?

Last edited by skhpa101 on 29th July 2009, 2:21 pm; edited 2 times in total (Reason for editing : new info about virus)

Re: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 3:50 pm

Ok - haven't heard from the forum - so will post the hijack this log and the combo fix logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:10 AM, on 7/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makerent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.cafepress.com
O15 - Trusted Zone: http://www.pens.com
O15 - Trusted Zone: http://www.rivhsa.org
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://support.rexplorer.net/iftw_install//iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202226154843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 7800 bytes

Re: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 4:21 pm

ok, disabled avg and spysweeper and tried to run combo-fix - which I downloaded from the link in your response - it's popping up a caution window that says

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

ComboFix.exe may be downloaded from any of the above sites. If you have downloaded from some other site, there's a likely chance that it maybe tainted. For peace of mind, I suggest that you delete the current copy and get a fresh one.

Re: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 4:22 pm

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

Re: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 4:26 pm

i went ahead and downloaded a fresh copy of comb fix (adding the hyphen) at download... and ran it.... it is installing windows recovery console now... should i stop this or let it run ?

recovery console is done installing... should i click "yes" to continue combo fix scan

bump29th July 2009, 4:48 pm

stopped the combo fix scan after it completed win rcovery console install

ran dds

DDS (Ver_09-06-26.01) - NTFSx86
Run by sperry at 12:46:36.15 on Wed 07/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.469 [GMT -4]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\sperry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.makerent.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Wisdom-soft Toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWis1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Wisdom-soft Toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWis1.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Wisdom-soft Toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWis1.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ANIWZCS2Service] "c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: cafepress.com\www
Trusted Zone: pens.com\www
Trusted Zone: rivhsa.org\www
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://support.rexplorer.net/iftw_install//iftwclix.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202226154843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sperry\applic~1\mozilla\firefox\profiles\qwt7blsh.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.makerent.com
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - component: c:\documents and settings\sperry\application

data\mozilla\firefox\profiles\qwt7blsh.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sperry\application

data\mozilla\firefox\profiles\qwt7blsh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npbeatnk.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nppl3260.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-30 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-30 27784]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-30 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-1-10 47640]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-3-31 1205760]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2007-11-15 572416]
S4 gupdate1c9ac1514b39476;Google Update Service (gupdate1c9ac1514b39476);c:\program files\google\update\GoogleUpdate.exe [2009-3-23 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18

[?]

=============== Created Last 30 ================

2009-07-29 12:24 a-dshr-- C:\cmdcons
2009-07-29 12:23 219,648 a------- c:\windows\PEV.exe
2009-07-29 12:23 161,792 a------- c:\windows\SWREG.exe
2009-07-29 12:23 98,816 a------- c:\windows\sed.exe
2009-07-29 12:23 --ds---- C:\Combo-Fix
2009-07-29 12:00 388,608 a------- c:\windows\system32\CF21789.exe
2009-07-29 11:59 388,608 a------- c:\windows\system32\CF21743.exe
2009-07-29 11:59 388,608 a------- c:\windows\system32\CF20620.exe
2009-07-28 16:56 --d----- c:\program files\Ask.com
2009-07-27 19:54 3,251 a------- c:\windows\system32\wbem\Outlook_01ca0f1583f79090.mof
2009-07-25 12:13 --d----- c:\docume~1\sperry\applic~1\Malwarebytes
2009-07-25 12:12 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 12:12 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-25 12:12 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-25 12:12 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 12:00 --d----- c:\program files\Trend Micro
2009-07-25 09:49 --d----- c:\windows\pss
2009-07-21 08:23 1,409 a------- c:\windows\QTFont.for
2009-07-21 08:23 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-18 19:51 6 a------- c:\windows\WS_FTP.EXT
2009-07-18 19:51 0 a------- c:\windows\WS_FTP.CNV
2009-07-16 13:22 --d----- c:\program files\MSECache
2009-07-15 10:50 --d----- C:\WhitePapers
2009-07-15 09:40 3,284 a------- c:\windows\system32\ANIWZCS{747A1008-4F7C-4BA4-A98D-E2E982C1ED8D}
2009-07-15 09:33 7 a------- c:\windows\system32\ANIWZCSUSERNAME
2009-07-15 09:31 7 a------- c:\windows\system32\ANIWZCSUSERNAME{747A1008-4F7C-4BA4-A98D-E2E982C1ED8D}
2009-07-15 09:30 262,144 a------- c:\windows\system32\wnicapi.dll
2009-07-15 09:30 245,760 a------- c:\windows\system32\WlanApp.dll
2009-07-15 09:30 217,088 a------- c:\windows\system32\aIPH.dll
2009-07-15 09:30 1,327,189 a------- c:\windows\system32\odSupp_M.dll
2009-07-15 09:30 692,224 a------- c:\windows\system32\ANIWZCS2.dll
2009-07-15 09:30 49,152 a------- c:\windows\system32\JJAKEn.dll
2009-07-15 09:30 49,152 a------- c:\windows\system32\AQCKGen.dll
2009-07-15 09:30 45,115 a------- c:\windows\system32\ANICtl.dll
2009-07-15 09:29 48,128 a------- c:\windows\system32\ANIO64.sys
2009-07-15 09:29 36,864 a------- c:\windows\system32\ANIOApi.dll
2009-07-15 09:29 28,195 a------- c:\windows\system32\ANIO.sys
2009-07-15 09:29 16,997 a------- c:\windows\system32\ANIO.VXD
2009-07-15 09:29 11,904 a------- c:\windows\system32\anio4.sys
2009-07-15 09:29 --d----- c:\program files\ANI
2009-07-15 09:29 --d----- c:\program files\Airlink101

==================== Find3M ====================

2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:09 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-13 15:39 1,563,008 a------- c:\windows\WRSetup.dll
2009-05-10 08:56 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-02-21 20:56 60,744 a------- c:\documents and settings\sperry\g2mdlhlpx.exe

============= FINISH: 12:46:55.62 ===============

Last edited by skhpa101 on 29th July 2009, 5:42 pm; edited 1 time in total

feeling vulnerable and forgotten.... snif snif29th July 2009, 5:27 pm

have spysweeper and avg turned off... wondering if i can turn them back on ?
have been sitting here since 6 am (its now 2 pm) hoping for some attention... really need some help ....

Re: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 6:11 pm

Hello.
See if Combofix will run anyhow. I don't see any traces of a file infecter on the system.

combo fix log - part 129th July 2009, 6:43 pm

Combo Fix ran but gave an exception processing message C00000013 - Parameters 75b6bf9c4 75b6bf9c4 75b6bf9c4 - then it had the option of try again, cancel or continue, so i hit continue -

here's the combo fix log

ComboFix 09-07-29.01 - sperry 07/29/2009 14:15.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.327 [GMT -4:00]
Running from: c:\downloads\FromCDBurn\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-28 21:01 . 2009-07-29 17:49 -------- d-----w- c:\documents and settings\sperry\Local Settings\Application Data\AskToolbar
2009-07-28 20:56 . 2009-07-28 20:56 -------- d-----w- c:\program files\Ask.com
2009-07-25 16:13 . 2009-07-25 16:13 -------- d-----w- c:\documents and settings\sperry\Application Data\Malwarebytes
2009-07-25 16:12 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:12 . 2009-07-25 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:12 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 16:12 . 2009-07-25 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:00 . 2009-07-25 16:00 -------- d-----w- c:\program files\Trend Micro
2009-07-18 07:59 . 2009-07-18 07:59 -------- d-----w- c:\documents and settings\sperry\Local Settings\Application Data\Temp
2009-07-16 17:22 . 2009-07-16 17:22 -------- d-----w- c:\program files\MSECache
2009-07-15 14:50 . 2009-07-15 14:50 -------- d-----w- C:\WhitePapers
2009-07-15 13:30 . 2007-12-11 19:36 245760 ----a-w- c:\windows\system32\WlanApp.dll
2009-07-15 13:30 . 2007-11-21 22:36 217088 ----a-w- c:\windows\system32\aIPH.dll
2009-07-15 13:30 . 2007-10-08 23:13 262144 ----a-w- c:\windows\system32\wnicapi.dll
2009-07-15 13:30 . 2008-01-02 14:24 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-07-15 13:30 . 2006-09-26 17:49 45115 ----a-w- c:\windows\system32\ANICtl.dll
2009-07-15 13:30 . 2005-10-27 12:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-07-15 13:30 . 2005-10-19 22:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-07-15 13:30 . 2005-10-19 22:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-07-15 13:29 . 2009-07-15 13:30 -------- d-----w- c:\program files\ANI
2009-07-15 13:29 . 2007-11-21 22:46 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-07-15 13:29 . 2007-05-12 20:39 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-07-15 13:29 . 2007-05-12 20:39 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-07-15 13:29 . 2007-05-12 20:39 11904 ----a-w- c:\windows\system32\anio4.sys
2009-07-15 13:29 . 2009-07-15 13:29 -------- d-----w- c:\program files\Airlink101

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 16:11 . 2008-01-11 00:21 -------- d-----w- c:\program files\LogMeIn
2009-07-29 15:28 . 2009-03-16 19:58 0 ----a-w- c:\documents and settings\sperry\Local Settings\Application Data\prvlcl.dat
2009-07-29 02:39 . 2009-03-24 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-26 02:18 . 2008-06-30 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-07-24 21:32 . 2009-04-30 13:19 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-20 15:18 . 2008-05-09 01:51 -------- d-----w- c:\documents and settings\sperry\Application Data\Skype
2009-07-20 12:56 . 2008-05-09 01:52 -------- d-----w- c:\documents and settings\sperry\Application Data\skypePM
2009-07-19 17:54 . 2008-01-10 22:29 56632 ----a-w- c:\documents and settings\sperry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 13:30 . 2008-01-11 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-24 17:51 . 2008-02-05 18:27 -------- d-----w- c:\program files\Google
2009-06-17 12:58 . 2008-06-30 04:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2006-02-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 00:18 . 2009-06-15 00:18 390664 ----a-w- c:\documents and settings\sperry\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-12 12:09 . 2008-06-30 04:30 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 12:43 . 2008-01-22 16:15 -------- d-----w- c:\program files\Wisdom-soft
2009-06-03 19:27 . 2006-02-28 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 19:39 . 2008-01-23 22:29 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-10 12:56 . 2008-06-30 04:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-07 15:44 . 2006-02-28 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-03-10 11:55 . 2008-09-06 02:43 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-02-05 18:28 . 2008-02-05 18:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2009-07-19 12:50 2215960 ----a-w- c:\program files\Wisdom-soft\tbWis1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 12:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 13:09 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"QuickBooksDB18"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9ac1514b39476"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

Re: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 6:43 pm

combo fix log part 2

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/25/2009 3:24 PM 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/30/2008 12:30 AM 327688]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/30/2008 12:30 AM 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1/10/2008 8:22 PM 47640]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/31/2009 6:07 PM 1205760]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 9:18 PM 572416]
S4 gupdate1c9ac1514b39476;Google Update Service (gupdate1c9ac1514b39476);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2009 8:11 PM 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-23 00:09]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 00:11]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 00:11]

2009-07-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 19:06]

2009-07-29 c:\windows\Tasks\wrSpySweeper_LFB6A6F7EA8BE4D23B7D7563A71CA2D0F.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-23 19:40]

2009-07-29 c:\windows\Tasks\wrSpySweeper_LFB6A6F7EA8BE4D23B7D7563A71CA2D0F.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-23 19:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.makerent.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cafepress.com\www
Trusted Zone: pens.com\www
Trusted Zone: rivhsa.org\www
FF - ProfilePath - c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.makerent.com
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - component: c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 14:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: 2009-07-29 14:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 18:34

Pre-Run: 39,768,895,488 bytes free
Post-Run: 40,595,517,440 bytes free

240 --- E O F --- 2009-07-29 16:10

Re: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 6:56 pm

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\documents and settings\sperry\Local Settings\Application Data\AskToolbar
c:\program files\Ask.com

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
"c:\program files\Ask.com\GenericAskToolbar.dll"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

DDs:
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
bump I read "read this" and have IESiteBlocker.NavFilte Sfxdaw

bump I read "read this" and have IESiteBlocker.NavFilte Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

bump29th July 2009, 11:17 pm

Sorry - bumped again cuz I think I'm so many pages down you can't see me.... here's the latest

ComboFix 09-07-29.03 - sperry 07/29/2009 19:03.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.568 [GMT -4]
Running from: c:\downloads\FromCDBurn\Combo-Fix.exe
Command switches used :: c:\documents and settings\sperry\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sperry\Local Settings\Application Data\AskToolbar
c:\documents and settings\sperry\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\sperry\Local Settings\Application Data\AskToolbar\config.xml
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-25 16:13 . 2009-07-25 16:13 -------- d-----w- c:\documents and settings\sperry\Application Data\Malwarebytes
2009-07-25 16:12 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:12 . 2009-07-25 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:12 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 16:12 . 2009-07-25 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:00 . 2009-07-25 16:00 -------- d-----w- c:\program files\Trend Micro
2009-07-18 07:59 . 2009-07-18 07:59 -------- d-----w- c:\documents and settings\sperry\Local Settings\Application Data\Temp
2009-07-16 17:22 . 2009-07-16 17:22 -------- d-----w- c:\program files\MSECache
2009-07-15 14:50 . 2009-07-15 14:50 -------- d-----w- C:\WhitePapers
2009-07-15 13:30 . 2007-12-11 19:36 245760 ----a-w- c:\windows\system32\WlanApp.dll
2009-07-15 13:30 . 2007-11-21 22:36 217088 ----a-w- c:\windows\system32\aIPH.dll
2009-07-15 13:30 . 2007-10-08 23:13 262144 ----a-w- c:\windows\system32\wnicapi.dll
2009-07-15 13:30 . 2008-01-02 14:24 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-07-15 13:30 . 2006-09-26 17:49 45115 ----a-w- c:\windows\system32\ANICtl.dll
2009-07-15 13:30 . 2005-10-27 12:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-07-15 13:30 . 2005-10-19 22:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-07-15 13:30 . 2005-10-19 22:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-07-15 13:29 . 2009-07-15 13:30 -------- d-----w- c:\program files\ANI
2009-07-15 13:29 . 2007-11-21 22:46 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-07-15 13:29 . 2007-05-12 20:39 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-07-15 13:29 . 2007-05-12 20:39 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-07-15 13:29 . 2007-05-12 20:39 11904 ----a-w- c:\windows\system32\anio4.sys
2009-07-15 13:29 . 2009-07-15 13:29 -------- d-----w- c:\program files\Airlink101

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 16:11 . 2008-01-11 00:21 -------- d-----w- c:\program files\LogMeIn
2009-07-29 15:28 . 2009-03-16 19:58 0 ----a-w- c:\documents and settings\sperry\Local Settings\Application Data\prvlcl.dat
2009-07-29 02:39 . 2009-03-24 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-26 02:18 . 2008-06-30 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-07-24 21:32 . 2009-04-30 13:19 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-20 15:18 . 2008-05-09 01:51 -------- d-----w- c:\documents and settings\sperry\Application Data\Skype
2009-07-20 12:56 . 2008-05-09 01:52 -------- d-----w- c:\documents and settings\sperry\Application Data\skypePM
2009-07-19 17:54 . 2008-01-10 22:29 56632 ----a-w- c:\documents and settings\sperry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 13:30 . 2008-01-11 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-24 17:51 . 2008-02-05 18:27 -------- d-----w- c:\program files\Google
2009-06-17 12:58 . 2008-06-30 04:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2006-02-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 00:18 . 2009-06-15 00:18 390664 ----a-w- c:\documents and settings\sperry\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-12 12:09 . 2008-06-30 04:30 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 12:43 . 2008-01-22 16:15 -------- d-----w- c:\program files\Wisdom-soft
2009-06-03 19:27 . 2006-02-28 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 19:39 . 2008-01-23 22:29 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-10 12:56 . 2008-06-30 04:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-07 15:44 . 2006-02-28 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-03-10 11:55 . 2008-09-06 02:43 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-02-05 18:28 . 2008-02-05 18:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2009-07-19 12:50 2215960 ----a-w- c:\program files\Wisdom-soft\tbWis1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 12:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 13:09 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"QuickBooksDB18"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9ac1514b39476"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/25/2009 3:24 PM 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/30/2008 12:30 AM 327688]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/30/2008 12:30 AM 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1/10/2008 8:22 PM 47640]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/31/2009 6:07 PM 1205760]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 9:18 PM 572416]
S4 gupdate1c9ac1514b39476;Google Update Service (gupdate1c9ac1514b39476);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2009 8:11 PM 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-23 00:09]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 00:11]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 00:11]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.makerent.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cafepress.com\www
Trusted Zone: pens.com\www
Trusted Zone: rivhsa.org\www
FF - ProfilePath - c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.makerent.com
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - component: c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 19:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\sperry\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-07-29 19:10
ComboFix-quarantined-files.txt 2009-07-29 23:10
ComboFix2.txt 2009-07-29 18:34

Pre-Run: 40,604,241,920 bytes free
Post-Run: 40,641,503,232 bytes free

216 --- E O F --- 2009-07-29 16:10

Last edited by skhpa101 on 30th July 2009, 12:04 am; edited 1 time in total (Reason for editing : bump new combo fix log)

Re: bump I read "read this" and have IESiteBlocker.NavFilte30th July 2009, 7:00 pm

Hello.
Two more things need removing.

Now open a new notepad file.
Input this into the notepad file:

Registry:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-

Firefox::
FF - ProfilePath - c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
bump I read "read this" and have IESiteBlocker.NavFilte Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: bump I read "read this" and have IESiteBlocker.NavFilte30th July 2009, 9:17 pm

ComboFix 09-07-29.04 - sperry 07/30/2009 17:09.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.550 [GMT -4:00]
Running from: c:\downloads\FromCDBurn\Combo-Fix.exe
Command switches used :: c:\documents and settings\sperry\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-25 16:13 . 2009-07-25 16:13 -------- d-----w- c:\documents and settings\sperry\Application Data\Malwarebytes
2009-07-25 16:12 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:12 . 2009-07-25 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:12 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 16:12 . 2009-07-25 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:00 . 2009-07-25 16:00 -------- d-----w- c:\program files\Trend Micro
2009-07-18 07:59 . 2009-07-18 07:59 -------- d-----w- c:\documents and settings\sperry\Local Settings\Application Data\Temp
2009-07-16 17:22 . 2009-07-16 17:22 -------- d-----w- c:\program files\MSECache
2009-07-15 14:50 . 2009-07-15 14:50 -------- d-----w- C:\WhitePapers
2009-07-15 13:30 . 2007-12-11 19:36 245760 ----a-w- c:\windows\system32\WlanApp.dll
2009-07-15 13:30 . 2007-11-21 22:36 217088 ----a-w- c:\windows\system32\aIPH.dll
2009-07-15 13:30 . 2007-10-08 23:13 262144 ----a-w- c:\windows\system32\wnicapi.dll
2009-07-15 13:30 . 2008-01-02 14:24 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-07-15 13:30 . 2006-09-26 17:49 45115 ----a-w- c:\windows\system32\ANICtl.dll
2009-07-15 13:30 . 2005-10-27 12:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-07-15 13:30 . 2005-10-19 22:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-07-15 13:30 . 2005-10-19 22:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-07-15 13:29 . 2009-07-15 13:30 -------- d-----w- c:\program files\ANI
2009-07-15 13:29 . 2007-11-21 22:46 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-07-15 13:29 . 2007-05-12 20:39 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-07-15 13:29 . 2007-05-12 20:39 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-07-15 13:29 . 2007-05-12 20:39 11904 ----a-w- c:\windows\system32\anio4.sys
2009-07-15 13:29 . 2009-07-15 13:29 -------- d-----w- c:\program files\Airlink101

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 15:28 . 2009-03-16 19:58 0 ----a-w- c:\documents and settings\sperry\Local Settings\Application Data\prvlcl.dat
2009-07-30 06:39 . 2008-01-11 00:21 -------- d-----w- c:\program files\LogMeIn
2009-07-30 03:40 . 2009-03-24 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-26 02:18 . 2008-06-30 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-07-24 21:32 . 2009-04-30 13:19 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-20 15:18 . 2008-05-09 01:51 -------- d-----w- c:\documents and settings\sperry\Application Data\Skype
2009-07-20 12:56 . 2008-05-09 01:52 -------- d-----w- c:\documents and settings\sperry\Application Data\skypePM
2009-07-19 17:54 . 2008-01-10 22:29 56632 ----a-w- c:\documents and settings\sperry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 13:30 . 2008-01-11 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-24 17:51 . 2008-02-05 18:27 -------- d-----w- c:\program files\Google
2009-06-17 12:58 . 2008-06-30 04:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2006-02-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 00:18 . 2009-06-15 00:18 390664 ----a-w- c:\documents and settings\sperry\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-12 12:09 . 2008-06-30 04:30 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 12:43 . 2008-01-22 16:15 -------- d-----w- c:\program files\Wisdom-soft
2009-06-03 19:27 . 2006-02-28 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 19:39 . 2008-01-23 22:29 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-10 12:56 . 2008-06-30 04:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-07 15:44 . 2006-02-28 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-03-10 11:55 . 2008-09-06 02:43 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-02-05 18:28 . 2008-02-05 18:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2009-07-19 12:50 2215960 ----a-w- c:\program files\Wisdom-soft\tbWis1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 12:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 13:09 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"QuickBooksDB18"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9ac1514b39476"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/25/2009 3:24 PM 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/30/2008 12:30 AM 327688]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/30/2008 12:30 AM 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1/10/2008 8:22 PM 47640]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/31/2009 6:07 PM 1205760]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 9:18 PM 572416]
S4 gupdate1c9ac1514b39476;Google Update Service (gupdate1c9ac1514b39476);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2009 8:11 PM 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-23 00:09]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 00:11]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.makerent.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cafepress.com\www
Trusted Zone: pens.com\www
Trusted Zone: rivhsa.org\www
FF - ProfilePath - c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.makerent.com
FF - component: c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 17:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-30 17:15
ComboFix-quarantined-files.txt 2009-07-30 21:15
ComboFix2.txt 2009-07-29 23:10
ComboFix3.txt 2009-07-29 18:34

Pre-Run: 40,652,718,080 bytes free
Post-Run: 40,619,130,880 bytes free

206 --- E O F --- 2009-07-29 16:10

Re: bump I read "read this" and have IESiteBlocker.NavFilte31st July 2009, 1:37 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: bump I read "read this" and have IESiteBlocker.NavFilte31st July 2009, 6:46 am

Malwarebytes' Anti-Malware 1.39
Database version: 2534
Windows 5.1.2600 Service Pack 2

7/31/2009 2:45:51 AM
mbam-log-2009-07-31 (02-45-51).txt

Scan type: Quick Scan
Objects scanned: 100804
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: bump I read "read this" and have IESiteBlocker.NavFilte31st July 2009, 8:28 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

bump I read "read this" and have IESiteBlocker.NavFilte CF_Cleanup

bump I read "read this" and have IESiteBlocker.NavFilte CF_Cleanup

This will also reset your restore points.

How is the machine running now?

Everything looks good1st August 2009, 2:40 am

Uninstalled combo fix and things look good. Thank you so much for your help.

Re: bump I read "read this" and have IESiteBlocker.NavFilte1st August 2009, 2:52 am

Glad we could help

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

bump I read "read this" and have IESiteBlocker.NavFilte

descriptionbump I read "read this" and have IESiteBlocker.NavFilte25th July 2009, 3:06 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte25th July 2009, 7:40 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte26th July 2009, 12:39 am

descriptionbump - Partial HiJack This LogFile26th July 2009, 9:39 pm

descriptionbump?27th July 2009, 1:46 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte27th July 2009, 3:54 pm

descriptiontyped in the logfile27th July 2009, 5:49 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte27th July 2009, 9:09 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte27th July 2009, 9:22 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte27th July 2009, 9:35 pm

description?? skip what ??27th July 2009, 10:47 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte28th July 2009, 5:05 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte28th July 2009, 7:35 pm

descriptionI have HackTool: App/ForceLib-A *AND* Virus: Mal/Behav-02329th July 2009, 9:19 am

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 3:50 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 4:21 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 4:22 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 4:26 pm

descriptionbump29th July 2009, 4:48 pm

descriptionfeeling vulnerable and forgotten.... snif snif29th July 2009, 5:27 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 6:11 pm

descriptioncombo fix log - part 129th July 2009, 6:43 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 6:43 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte29th July 2009, 6:56 pm

descriptionbump29th July 2009, 11:17 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte30th July 2009, 7:00 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte30th July 2009, 9:17 pm

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte31st July 2009, 1:37 am

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte31st July 2009, 6:46 am

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte31st July 2009, 8:28 pm

descriptionEverything looks good1st August 2009, 2:40 am

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte1st August 2009, 2:52 am

descriptionRe: bump I read "read this" and have IESiteBlocker.NavFilte