IE7 broke...Firefox and anything else are fine.

[oritxu]

Thanks you for this site and for looking at my issue.

I have done some internet searches and seen many posts with this same issue with no resolution for most people.

All of the sudden, today, after many many months without an issue, IE7 will no longer get on the net. Firefox however works fine, so does iTunes and of course WoW =) I can also ping just fine.

I have uninstalled IE7 following Microsoft direction and tried again when it defaults to IE6..still no connection. I then reinstalled IE7 with updates that I downloaded on a CD from my laptop (the laptop is fine on the same wireless network) I changed Internet Options back to defaults, disabled phishing, verified I have proxy checked...everything I saw on numerous other posts. I have used Spybot Search and Destroy, Ad-Aware, Avast, and MS Malicious Software Removal tool.


DDS (Version 1.0) - NTFSx86
Run by Administrator at 13:54:30.04 on Fri 12/05/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1496 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS2\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS2\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS2\system32\RUNDLL32.EXE
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Administrator.LIOX-CHANGEME\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:9090
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows2\system32\NvCpl.dll,NvStartup
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows2\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 ivicd;Ivi CDVD Filter Driver;c:\windows2\system32\drivers\ivicd.sys [2007-5-24 38784]
R1 aswSP;avast! Self Protection;c:\windows2\system32\drivers\aswSP.sys [2008-7-16 110160]
R2 aswFsBlk;aswFsBlk;c:\windows2\system32\drivers\aswFsBlk.sys [2008-7-16 20560]
R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2008-7-16 155160]
R3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-7-16 254040]
R3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-7-16 352920]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows2\system32\drivers\wg111v2.sys [2008-12-5 272128]

=============== Created Last 30 ================

2008-12-05 13:45 <DIR> --d----- c:\program files\Trend Micro
2008-12-05 11:05 1,069,056 a------- c:\windows2\system32\libeay32.dll
2008-12-05 11:05 966,765 a------- c:\windows2\system32\acAuth.dll
2008-12-05 11:05 344,064 a------- c:\windows2\system32\SCMLib.dll
2008-12-05 11:05 272,128 a------- c:\windows2\system32\drivers\wg111v2.sys
2008-12-05 11:05 266,240 a------- c:\windows2\system32\WG1v2lib.dll
2008-12-05 11:05 143,360 a------- c:\windows2\system32\IpLib.dll
2008-12-05 11:05 36,864 a------- c:\windows2\system32\RtlGina2.dll
2008-12-05 11:05 <DIR> --d----- c:\program files\NETGEAR
2008-12-05 10:58 21,035 a------- c:\windows2\system32\drivers\AegisP.sys
2008-12-04 10:35 <DIR> --d----- c:\windows2\system32\351631
2008-12-04 10:35 <DIR> --d----- c:\program files\tinyproxy
2008-11-30 13:24 <DIR> --d----- c:\program files\Ventrilo
2008-11-30 13:24 262 a------- c:\windows2\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-25 11:19 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\Listing Factory 2008
2008-11-25 11:07 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\Listing & Factory 2008
2008-11-25 11:06 <DIR> --d----- c:\program files\Listing Factory 2008
2008-11-12 06:08 455,296 -c------ c:\windows2\system32\dllcache\mrxsmb.sys
2008-11-12 06:07 1,106,944 -c------ c:\windows2\system32\dllcache\msxml3.dll
2008-11-11 13:08 <DIR> --d----- c:\windows2\system32\AGEIA
2008-11-11 13:08 <DIR> --d----- c:\windows2\NV29082416.TMP

==================== Find3M ====================

2008-12-05 11:43 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-05 11:40 <DIR> --d----- c:\program files\Online Services
2008-12-05 11:39 <DIR> --d----- c:\program files\Windows NT
2008-12-05 11:36 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2008-11-30 13:24 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-29 13:55 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\LimeWire
2008-11-13 01:11 <DIR> --d----- c:\program files\World of Warcraft
2008-11-04 08:12 <DIR> --d----- c:\program files\iTunes
2008-11-04 08:12 <DIR> --d----- c:\program files\iPod
2008-11-04 08:12 <DIR> --d----- c:\program files\Bonjour
2008-10-30 12:35 <DIR> --d----- c:\program files\Microsoft Games
2008-10-30 12:35 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\Microsoft Games
2008-10-30 12:32 <DIR> --d----- c:\program files\DirectX Happy Uninstall
2008-10-20 08:25 <DIR> --d----- c:\program files\Curse
2008-10-14 16:45 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2008-10-14 16:27 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Blizzard
2008-10-02 10:07 453,152 a------- c:\windows2\system32\NVUNINST.EXE
2008-09-30 16:43 1,286,152 a------- c:\windows2\system32\msxml4.dll
2008-09-28 07:17 3,066 a------- c:\windows2\system32\ealregsnapshot1.reg
2008-09-20 10:13 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\SPORE
2008-09-15 05:12 1,846,400 a------- c:\windows2\system32\win32k.sys
2008-09-12 12:50 107,888 a------- c:\windows2\system32\CmdLineExt.dll
2008-09-12 06:57 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\Masque
2008-09-11 10:57 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Masque
2008-09-09 18:14 1,307,648 a------- c:\windows2\system32\msxml6.dll
2008-07-22 14:22 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\LightScribe
2008-05-21 19:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Trend Micro
2008-05-21 18:18 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\media center programs
2008-05-21 16:54 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Funcom
2008-03-27 16:04 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\Creative Memories
2008-03-27 16:04 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Creative Memories
2008-02-06 19:53 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\Research In Motion
2008-02-06 19:44 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\Blackberry Desktop
2007-12-16 09:13 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Grisoft
2007-10-24 16:33 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SSScanWizard
2007-10-24 16:33 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SSScanAppDataDir
2007-07-26 15:31 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\WowAceUpdater
2007-07-03 23:28 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PC Tools
2007-06-19 12:34 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Symantec
2007-05-24 13:52 <DIR> --d----- c:\docume~1\admini~1.lio\applic~1\PC Tools
2008-05-27 06:49 32,768 a--sh--- c:\windows2\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052720080528\index.dat

============= FINISH: 13:54:36.92 ===============

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop but don't run it yet
Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:9090

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt.


------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------


In your next post, please include logs from:

1. Online scan
2. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[oritxu]

Thanks for your prompt response, and sorry for my delay..worked all weekend.

I did the steps above, and and some point after running the combo fix etc IE started to work. I had made no changes at all. I continued with the steps you left for me however. The online scan appears to have located a trojan that everything else missed. Here are the results.


ComboFix 08-12-05.06 - Administrator 2008-12-06 8:35:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1604 [GMT -7:00]
Running from: c:\documents and settings\Administrator.LIOX-CHANGEME\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.LIOX-CHANGEME\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\TinyProxy
c:\windows2\Downloaded Program Files\setup.inf
c:\windows2\system32\disk.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-06 08:26 . 2008-12-06 08:26 0 --a------ c:\windows2\LCDMedia.INI
2008-12-05 13:57 . 2008-12-05 13:57 250 --a------ c:\windows2\gmer.ini
2008-12-05 13:45 . 2008-12-05 13:45 <DIR> d-------- c:\program files\Trend Micro
2008-12-05 11:46 . 2008-12-05 11:46 0 --a------ c:\windows2\nsreg.dat
2008-12-05 11:39 . 2008-12-05 12:55 1,374 --a------ c:\windows2\imsins.BAK
2008-12-05 11:05 . 2008-12-05 11:05 <DIR> d-------- c:\program files\NETGEAR
2008-12-05 11:05 . 2007-04-27 06:00 1,069,056 --a------ c:\windows2\system32\libeay32.dll
2008-12-05 11:05 . 2005-07-20 04:53 966,765 --a------ c:\windows2\system32\acAuth.dll
2008-12-05 11:05 . 2007-12-25 11:24 344,064 --a------ c:\windows2\system32\SCMLib.dll
2008-12-05 11:05 . 2007-12-26 10:47 272,128 --a------ c:\windows2\system32\drivers\wg111v2.sys
2008-12-05 11:05 . 2007-12-18 15:46 266,240 --a------ c:\windows2\system32\WG1v2lib.dll
2008-12-05 11:05 . 2005-01-25 14:30 143,360 --a------ c:\windows2\system32\IpLib.dll
2008-12-05 11:05 . 2006-07-27 14:26 36,864 --a------ c:\windows2\system32\RtlGina2.dll
2008-12-05 10:58 . 2008-12-05 10:58 21,035 --a------ c:\windows2\system32\drivers\AegisP.sys
2008-12-04 10:35 . 2008-12-05 07:30 <DIR> d-------- c:\windows2\system32\351631
2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\program files\Ventrilo
2008-11-30 13:24 . 2008-11-30 13:24 262 --a------ c:\windows2\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-25 11:19 . 2008-11-25 11:19 <DIR> d-------- c:\documents and settings\Administrator.LIOX-CHANGEME\Application Data\Listing Factory 2008
2008-11-25 11:07 . 2008-11-25 11:07 <DIR> d-------- c:\documents and settings\Administrator.LIOX-CHANGEME\Application Data\Listing & Factory 2008
2008-11-25 11:06 . 2008-11-25 11:06 <DIR> d-------- c:\program files\Listing Factory 2008
2008-11-12 06:08 . 2008-10-24 04:21 455,296 -----c--- c:\windows2\system32\dllcache\mrxsmb.sys
2008-11-12 06:07 . 2008-09-04 10:15 1,106,944 -----c--- c:\windows2\system32\dllcache\msxml3.dll
2008-11-11 13:08 . 2008-11-11 13:08 <DIR> d-------- c:\windows2\system32\AGEIA
2008-11-11 13:08 . 2008-11-11 13:10 <DIR> d-------- c:\windows2\NV29082416.TMP
2008-11-11 13:08 . 2008-11-11 13:08 <DIR> d-------- c:\program files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 18:43 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-05 18:36 --------- d-----w c:\documents and settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy
2008-12-05 18:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 20:25 --------- d-----w c:\documents and settings\Administrator.LIOX-CHANGEME\Application Data\Ventrilo
2008-11-30 20:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-29 20:55 --------- d-----w c:\documents and settings\Administrator.LIOX-CHANGEME\Application Data\LimeWire
2008-11-13 08:11 --------- d-----w c:\program files\World of Warcraft
2008-11-13 03:14 --------- d-----w c:\documents and settings\Administrator.LIOX-CHANGEME\Application Data\Canon
2008-11-04 15:15 --------- d-----w c:\program files\Apple Software Update
2008-11-04 15:12 --------- d-----w c:\program files\iTunes
2008-11-04 15:12 --------- d-----w c:\program files\iPod
2008-11-04 15:12 --------- d-----w c:\program files\Bonjour
2008-11-04 15:12 --------- d-----w c:\documents and settings\All Users.WINDOWS2\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-04 15:11 --------- d-----w c:\program files\QuickTime
2008-11-04 15:11 --------- d-----w c:\program files\Common Files\Apple
2008-10-30 19:35 --------- d-----w c:\program files\Microsoft Games
2008-10-30 19:35 --------- d-----w c:\documents and settings\Administrator.LIOX-CHANGEME\Application Data\Microsoft Games
2008-10-30 19:32 --------- d-----w c:\program files\DirectX Happy Uninstall
2008-10-24 11:21 455,296 ----a-w c:\windows2\system32\drivers\mrxsmb.sys
2008-10-20 15:25 --------- d-----w c:\program files\Curse
2008-10-16 21:13 202,776 ----a-w c:\windows2\system32\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows2\system32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows2\system32\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows2\system32\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows2\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows2\system32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows2\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows2\system32\wups.dll
2008-10-14 23:45 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-14 23:27 --------- d-----w c:\documents and settings\All Users.WINDOWS2\Application Data\Blizzard
2008-10-02 17:07 453,152 ----a-w c:\windows2\system32\NVUNINST.EXE
2008-09-30 23:43 1,286,152 ----a-w c:\windows2\system32\msxml4.dll
2008-09-28 14:17 3,066 ----a-w c:\windows2\system32\ealregsnapshot1.reg
2008-09-15 12:12 1,846,400 ----a-w c:\windows2\system32\win32k.sys
2008-09-12 19:50 107,888 ----a-w c:\windows2\system32\CmdLineExt.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows2\system32\msxml6.dll
2007-12-31 22:59 0 ----a-w c:\documents and settings\Administrator.LIOX-CHANGEME\WoW-2.0.6.6337-to-2.0.7.6383-enUS-patch.exe
2007-05-24 18:02 65 ----a-w c:\program files\Common Files\appop.log
2005-11-16 06:58 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-05-27 13:49 32,768 --sha-w c:\windows2\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052720080528\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-10-07 13574144]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows2\system32\nwiz.exe]

c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-12-05 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ageofconan.exe]
"Debugger"="c:\program files\Age of Conan Quick Start\aoclaunch.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows2\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows2\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^Color Calibration.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\Color Calibration.lnk
backup=c:\windows2\pss\Color Calibration.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows2\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows2\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows2\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows2\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS2^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows2\pss\NCProTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows2\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-12-02 08:05 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIRECTCD]
--a------ 2005-10-24 21:49 299008 c:\program files\InterVideo\Disc Master 2.5\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-06-09 09:16 2363392 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFaceOnlinePluginsService]
--a------ 2007-02-27 07:36 278528 c:\program files\MediaFaceOnlinePluginsService\dolcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-04-04 13:20 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows2\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 10:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-04-23 11:43 228088 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2007-10-08 06:47 864256 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-10-09 03:02 1036288 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2005-01-20 23:47 270336 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 c:\windows2\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Gameforge4D\AirRivals\Launcher.atm"= c:\program files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
"c:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe"= c:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

R0 ivicd;Ivi CDVD Filter Driver;c:\windows2\system32\drivers\ivicd.sys [2007-05-24 38784]
R1 aswSP;avast! Self Protection;c:\windows2\system32\drivers\aswSP.sys [2008-07-16 110160]
R2 aswFsBlk;aswFsBlk;c:\windows2\system32\DRIVERS\aswFsBlk.sys [2008-07-16 20560]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows2\system32\DRIVERS\wg111v2.sys [2008-12-05 272128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4c44e4f-0a57-11dc-bad2-806d6172696f}]
\Shell\AutoRun\command - d:\.\Bin\ASSETUP.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-06 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AGEIA PhysX SysTray - c:\program files\AGEIA Technologies\TrayIcon.exe
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 2007\pccguide.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>

O16 -: Microsoft XML Parser for Java - file://c:\windows2\Java\classes\xmldso.cab
c:\windows2\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows2\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows2\Downloaded Program Files\SysReqLab3.osd

c:\windows2\Downloaded Program Files\Pixami Upload Control.ocx - c:\windows2\Downloaded Program Files\DragDropUploadUI.ocx
O16 -: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1}
hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
c:\windows2\Downloaded Program Files\DragDropUploader.inf
FireFox -: Profile - c:\documents and settings\Administrator.LIOX-CHANGEME\Application Data\Mozilla\Firefox\Profiles\7h1bxfy9.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\windows2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 08:36:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2008-12-06 8:37:26
ComboFix-quarantined-files.txt 2008-12-06 15:37:07

Pre-Run: 65,827,377,152 bytes free
Post-Run: 65,821,892,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

253 --- E O F --- 2008-12-05 19:56:06


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 09:20:51
Records in database: 1441946
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 179701
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:52:18


File name / Threat name / Threats count
C:\Documents and Settings\Administrator.LIOX-CHANGEME\My Documents\LimeWire\Incomplete\Preview-T-5745425-what child is this third day.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

The selected area was scanned.

[sUBs]

You really should consider uninstalling. While you may think that you're getting free music, you're also getting infected from the 'free malware' that's circulating there. Please delete the file that Kaspersky detected.


Your system is now clean. Kindly follow these simple steps in order to keep your computer clean and secure:

1. Uninstall ComboFix ... do not skip this step
   This process will perform some post cleanup measures.
   Do this by going to to Start > Run & typing in ComboFix /u
   
   
   
2. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
3. Microsoft Windows Update ? http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
4. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[oritxu]

Yes, I will delete that for sure! Thanks for your help!