# Huge worm virus!!!



## sueb_51 (May 13, 2004)

hey all. been a long time since i was here but have a huge problem here. We just moved and my daughter picked up a unsecured wireless internet in the neighbourhood. Well today she woke up to a red screen with a pic of a devil and a msg saying Your privacy has been invaded. The computer has been totally taken over with viruses. Vista anti virus 2008 kept coming up and was unable to do anything. doesn't even detect the C drive. the scanner picked up the following:
Worm.Win32.Netbooster
Blaster/Sasser.variant worm

She has winxp on her computer and the one i am on now is vista. we can't save a hjt to a floppy cause this computer doesn't have one. I tried hooking her computer up to this one and can go into some internet sites, but techguy is not one of them. any help would be greatly appreciated. thanx


----------



## ~Candy~ (Jan 27, 2001)

Hi Sue, thanks for the private message, but, this isn't my area of expertise.

Does she have a cdrom drive? If so, download hijack this to a cd, and transfer it that way.

Also, let her know that using someone else's internet is a no no  Bad for them, and bad for her too.


----------



## sueb_51 (May 13, 2004)

well she didn't realize it at the time. her cdrom isn't working. nothing is. don't look gooood.


----------



## ~Candy~ (Jan 27, 2001)

What's wrong with the cdrom drive? Can you try to start the system in safe mode?

What "IS" working at this point?


----------



## sueb_51 (May 13, 2004)

I tried that and just got a blank screen that says safe mode. there are like 4 icons on the desktop that are all virus related. mostly vista 2008 virus scanners but she has winxp. when i click on start, none of the options for my computer, control panel and others are there. I managed to do a hjt and save it in notepad, but i don't know how to send it to you.


----------



## ~Candy~ (Jan 27, 2001)

Per chance, can you try to burn the log to the cdrom....sometimes they will work in safemode.....


----------



## sueb_51 (May 13, 2004)

she doesn't have a burning program on her computer. i'm gonna try again and c what happens.


----------



## ~Candy~ (Jan 27, 2001)

Windows XP should allow you to copy to the cdrom drive.


----------



## sueb_51 (May 13, 2004)

ok. i can only access my computer through the garbage can lol and the C drive isn't even in there. nothing happens when i put a cd in. that screen with the Vista 2008 virus remover won't go away and just keeps running.


----------



## ~Candy~ (Jan 27, 2001)

Let me see who I can grab to help.


----------



## Cookiegal (Aug 27, 2003)

Can you boot to safe mode with command prompt?


----------



## ~Candy~ (Jan 27, 2001)

Thanks Karen


----------



## Cookiegal (Aug 27, 2003)

Anytime.


----------



## sueb_51 (May 13, 2004)

hey Karen how r ya??? guess u haven't missed me lol. anyways i can boot into safe mode with just a black screen and nothing else. I tried the cdr and it does work, but i can't copy the hjt log.


----------



## sueb_51 (May 13, 2004)

ok i got into safe mode with command prompt


----------



## Cookiegal (Aug 27, 2003)

Type the following at the prompt and then hit Enter:

*%systemroot%\system32\restore\rstrui.exe *

This will start system restore. See if you can restore the system to a date before this happened.


----------



## sueb_51 (May 13, 2004)

now what should i do??


----------



## sueb_51 (May 13, 2004)

ooops sorry just caught that post brb


----------



## sueb_51 (May 13, 2004)

no wouldn't let me restore anymore then 2 days ago which is when it got infected.


----------



## sueb_51 (May 13, 2004)

can only go back 2 days when it first occurred. same thing


----------



## sueb_51 (May 13, 2004)

Karen r u still around??? got the daughters computer on the kitchen table lol


----------



## sueb_51 (May 13, 2004)

could anybody please help me


----------



## ~Candy~ (Jan 27, 2001)

Sue, you need to wait for Karen to return.....once you have a goldshield help, no one else will step in as it gets too confusing.

Of course, if you want to format c:  you have me


----------



## sueb_51 (May 13, 2004)

I already suggested that to my daughter, but she has alot of things on there she doesn't wanna lose including microsoft word. I didn't realize about the gold shield either sorry.


----------



## sueb_51 (May 13, 2004)

how come u don't have a gold shiled lmao


----------



## sueb_51 (May 13, 2004)

shield lol


----------



## ~Candy~ (Jan 27, 2001)

I'm not qualified for malware removal  Which is probably a good thing


----------



## sueb_51 (May 13, 2004)

so can i do a format and save all her stuff or no????


----------



## ~Candy~ (Jan 27, 2001)

At this point, you need to be able to back up anything important first, and it sounds like you can't burn to a cd  So, you should wait to see if Karen has any special secrets up her sleeve


----------



## sueb_51 (May 13, 2004)

ok thanx Candy, i would just like to format myself lol


----------



## sueb_51 (May 13, 2004)

so you got your own business going on now???


----------



## Cookiegal (Aug 27, 2003)

I would like clarification as to what you can and can't do please.

Can you boot to normal mode even if you are missing the sart menu?

Do you have HijackThis already on the computer?

What do you mean when you say " i can only access my computer through the garbage can"?


----------



## sueb_51 (May 13, 2004)

on the start menu there is no control panel, my computer, run all the normal things. but if i go into the trash can i can access my computer from there and the C drive isn't showing. and yes it will boot to normal mode but the Vista 2008 virus scanner won't go away, and the screen is bright red and it says your privacy has been invaded.


----------



## sueb_51 (May 13, 2004)

yes i already have hjt on that computer as well. i did a scan and saved it but don't know how to send it.


----------



## Cookiegal (Aug 27, 2003)

But what are you clicking on in the recycle bin to access the computer?


----------



## Cookiegal (Aug 27, 2003)

I'm signing off for the night but try this.

Boot to normal mode and then open the Task Manager (Ctrl-Alt-Del). Click on *File *and select *New Task (Run...) *then in the box type *explorer.exe* and click OK. This should give you the desktop back. Then see if you can connect to the Internet.


----------



## sueb_51 (May 13, 2004)

ok thanx karen, i'm gonna hit the hay tooo. thanx so much. talk to u tomorrow


----------



## sueb_51 (May 13, 2004)

well that didn't work. says that task mgr has been disabled by your administrator.


----------



## ~Candy~ (Jan 27, 2001)

Are you logging into an account that is indeed an admin account?


----------



## Cookiegal (Aug 27, 2003)

Download the enclosed zipped file and save it to your desktop. Unzip it (extract the file it contains) and then double-click the RatsCheddar.exe file. Enable everything then click on Exit.

Then reboot and let me know how things are and post the HijackThis log if you can.


----------



## sueb_51 (May 13, 2004)

ok sorry i had to step out for a bit. i'll try that if i can. i'm burning to a cd on this computer so i hope it works lol


----------



## Cookiegal (Aug 27, 2003)

Ok.


----------



## sueb_51 (May 13, 2004)

ok i've been fooling around all night on that computer. I think i'm making some progress, but i'm gonna try and connect to the internet shortly so i can post a hjt log. wish me luck lol


----------



## sueb_51 (May 13, 2004)

ok i'm online now on the infected computer. The desktop is stll white with alot of startup menus missing. but at least i can do a hijack now.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25: VIRUS ALERT!, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jamie\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1DBD3F8D-ABC8-4FBA-9CDB-0FEFA3C5AF84} - C:\WINDOWS\system32\cbXnMefD.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {f0e5029c-8776-9b9b-83c4-30710c1657aa} - {aa7561c0-1703-4c38-b9b9-6778c9205e0f} - C:\WINDOWS\system32\mglwyj.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C0A6084C-6007-4A87-84BE-A11B9B2ED1FA} - C:\WINDOWS\system32\vtUlICTN.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [6c9be28b] rundll32.exe "C:\WINDOWS\system32\auocrtxo.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186788502187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: mglwyj.dll
O20 - Winlogon Notify: cbXnMefD - cbXnMefD.dll (file missing)
O21 - SSODL: tfnslopk - {FD03F7FE-E2FA-4F1E-A485-D354669EA1E1} - C:\WINDOWS\tfnslopk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 10411 bytes


----------



## sueb_51 (May 13, 2004)

well it let me change the desktop back to normal now. everything seems fine. gonna send another hjt if u could check it please and thanx.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:51 AM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jamie\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1DBD3F8D-ABC8-4FBA-9CDB-0FEFA3C5AF84} - C:\WINDOWS\system32\cbXnMefD.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C0A6084C-6007-4A87-84BE-A11B9B2ED1FA} - C:\WINDOWS\system32\vtUlICTN.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186788502187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: mglwyj.dll
O20 - Winlogon Notify: cbXnMefD - cbXnMefD.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 9861 bytes


----------



## sueb_51 (May 13, 2004)

well i'm gonna mark this solved. seems to be running smoothly now. but let me know if there is something in the log plse and ty. Also can u recommend a goood wireless router.thanx again for your help.


----------



## ~Candy~ (Jan 27, 2001)

I just picked up this new Linksys router:

http://www.newegg.com/Product/Produ...twork+-+Wireless+Routers-_-LINKSYS-_-33124284

So far so good. The one I had seemed to get hit by a power surge, I think  I've plugged this one into my backup power supply this time


----------



## sueb_51 (May 13, 2004)

ok Candy thanx. hope i don't talk to u soon lmao meaning no more computer problems lol


----------



## Cookiegal (Aug 27, 2003)

That was just a bandaid to get you up and running. We still have more to do.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.

*Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.*


----------



## sueb_51 (May 13, 2004)

no offence or anything Karen but i followed some instructions from another post with the same problem. and it worked perfect. everyting is soooo smooth with no problem.s The combofix was one of the programs i ran and then Kaspersky. i'm sorry if i overstepped my bounds here,but i needed to get the computer off my kitchen table lol.


----------



## sueb_51 (May 13, 2004)

apparently alot of ppl here have the same virus.so it wasn't due to the area internet my daughter clicked on to, which will never happen again.


----------



## sueb_51 (May 13, 2004)

I'm sorry for doing other things here, but we needed the computer outta the kitchen and it was very difficult to work around it. i noticed a thread here that was marked solved which had exactaly the same problem as i was having, so i followed those instructions and things are great now. I understand about waiting for your further instructions, but i guess we are never online at the same time. soooo sorry again.


----------



## Cookiegal (Aug 27, 2003)

There was nothing stopping you from moving the computer to another location. 



> apparently alot of ppl here have the same virus.so it wasn't due to the area internet my daughter clicked on to, which will never happen again.


I have no idea how you arrive at this conclusion. 

In any event, it appears you don't want any further assistance with this.


----------



## sueb_51 (May 13, 2004)

hey Karen. guess i better explain myself here lol. I didn't have the router hooked up yet for the other computer, so I was running back and forth to follow instructions on this computer online. I still do want assistance if you found anything in the hjt log. Also I just assumed that the virus was picked up when my daughter was connected to somebody else's internet connection, then I started reading all the posts here that so many ppl had it. hope that explains it lol


----------



## Cookiegal (Aug 27, 2003)

If you want to continue then I need to see the ComboFix log I asked for.


----------



## sueb_51 (May 13, 2004)

ok i'll get that to you today. thanx


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## sueb_51 (May 13, 2004)

ComboFix 08-09-16.05 - Jamie 2008-09-17 18:53:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.81 [GMT -4:00]
Running from: C:\Documents and Settings\Jamie\Desktop\ComboFix.exe
* Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jamie\Cookies\[email protected][2].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\NTCIlUtv.ini
C:\WINDOWS\system32\NTCIlUtv.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV

((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.

2008-09-17 18:32 . 2008-09-17 18:32 d--------	C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-17 18:31 . 2008-09-17 18:31 d--------	C:\Program Files\Common Files\iS3
2008-09-17 18:30 . 2008-09-17 18:37 d--------	C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-17 10:13 . 2008-09-17 10:14 d--------	C:\WINDOWS\system32\CatRoot_bak
2008-09-16 13:03 . 2008-09-16 13:04 d--------	C:\Program Files\Cake Mania 3
2008-09-11 16:33 . 2008-09-11 16:33 d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 10:54 . 2008-09-09 10:54	32,549	--a------	C:\WINDOWS\king-uninstall.exe
2008-09-09 07:55 . 2004-08-03 23:08	26,496	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-08 16:37 . 2006-01-19 22:10	363,008	--a------	C:\WINDOWS\system32\drivers\rt61.sys
2008-09-08 16:37 . 2008-09-08 16:37	20,747	--a------	C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-05 21:09 . 2008-09-05 21:53 d--------	C:\Documents and Settings\Jamie\Application Data\BFG_JanesRealty
2008-09-05 14:09 . 2008-09-05 14:10 d--------	C:\Program Files\Jane's Realty
2008-09-05 14:07 . 2008-09-16 12:52 d--------	C:\Program Files\bfgclient
2008-09-05 14:07 . 2008-09-05 14:10 d--------	C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-09-04 14:37 . 2008-09-04 15:06 d--------	C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-09-04 14:36 . 2008-09-04 14:36 d--------	C:\WINDOWS\Farm Frenzy 2
2008-09-04 14:36 . 2008-09-04 19:57 d--------	C:\Program Files\Farm Frenzy 2
2008-08-24 14:13 . 2008-08-24 14:13 d--------	C:\Program Files\Big Island Blends

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 18:43	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-16 17:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-11 20:34	---------	d-----w	C:\Program Files\Lavasoft
2008-09-11 20:32	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 20:37	---------	d-----w	C:\Program Files\MSI
2008-09-08 20:37	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-09-04 19:36	---------	d-----w	C:\Documents and Settings\Jamie\Application Data\uTorrent
2008-08-16 03:04	---------	d-----w	C:\Program Files\Sun
2008-08-16 03:03	---------	d-----w	C:\Program Files\Java
2008-08-16 02:39	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 02:39	---------	d-----w	C:\Documents and Settings\Jamie\Application Data\Malwarebytes
2008-08-16 02:39	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 17:59	---------	d-----w	C:\Program Files\LimeWire
2008-08-12 12:15	---------	d-----w	C:\Documents and Settings\Jamie\Application Data\LimeWire
2008-07-31 00:07	38,472	----a-w	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 00:07	17,144	----a-w	C:\WINDOWS\system32\drivers\mbam.sys
2008-07-20 14:13	---------	d-----w	C:\Program Files\Lexmark X1100 Series
2008-07-19 02:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-19 02:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-07-04 11:12	316,672	----a-w	C:\WINDOWS\KingComIE.dll
2008-06-24 22:12	295,936	----a-w	C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-03-11 02:33	0	----a-w	C:\Program Files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-19 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-01-26 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MSI Wireless Utility.lnk - C:\Program Files\MSI\Common\RaUI.exe [2008-09-08 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mglwyj.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1DBD3F8D-ABC8-4FBA-9CDB-0FEFA3C5AF84} - C:\WINDOWS\system32\cbXnMefD.dll
BHO-{C0A6084C-6007-4A87-84BE-A11B9B2ED1FA} - C:\WINDOWS\system32\vtUlICTN.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
ShellExecuteHooks-{1DBD3F8D-ABC8-4FBA-9CDB-0FEFA3C5AF84} - C:\WINDOWS\system32\cbXnMefD.dll
Notify-cbXnMefD - cbXnMefD.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\3eyjd3f5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 18:59:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-09-17 19:04:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 23:04:15

Pre-Run: 210,807,668,736 bytes free
Post-Run: 212,731,080,704 bytes free

153	--- E O F ---	2008-09-10 07:03:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:21 PM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jamie\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186788502187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: mglwyj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8896 bytes


----------



## sueb_51 (May 13, 2004)

sorry took so long to get back to you. we have been away.


----------



## ~Candy~ (Jan 27, 2001)

OMG, who are you???????????

Cookiegal, ALMOST 30 days with no reply 



*inside joke Sue, no worries  *


----------



## sueb_51 (May 13, 2004)

oh aren't we a funny gurl lmao


----------



## Cookiegal (Aug 27, 2003)

Yup, just under the wire.....the key word being "under".


----------



## Cookiegal (Aug 27, 2003)

Sue,

Please do not take so long to reply as a lot can and does change in a month when you have an infection like this.

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\Program Files\temp01
C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\WINDOWS\System32\CSCDLL.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## sueb_51 (May 13, 2004)

ok sorry about that.


----------



## sueb_51 (May 13, 2004)

ComboFix 08-09-16.05 - Jamie 2008-09-18 18:05:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.74 [GMT -4:00]
Running from: C:\Documents and Settings\Jamie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jamie\Desktop\CFScript.txt
* Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jamie\Cookies\[email protected][2].txt

.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.

2008-09-17 20:38 . 2008-09-17 20:38 d--------	C:\Documents and Settings\Jamie\Application Data\FarmerJane
2008-09-17 20:33 . 2008-09-17 20:37 d--------	C:\Program Files\Farmer Jane
2008-09-17 18:32 . 2008-09-17 18:32 d--------	C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-17 18:31 . 2008-09-17 18:31 d--------	C:\Program Files\Common Files\iS3
2008-09-17 18:30 . 2008-09-17 18:37 d--------	C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-17 10:13 . 2008-09-17 10:14 d--------	C:\WINDOWS\system32\CatRoot_bak
2008-09-16 13:03 . 2008-09-16 13:04 d--------	C:\Program Files\Cake Mania 3
2008-09-11 16:33 . 2008-09-11 16:33 d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 10:54 . 2008-09-09 10:54	32,549	--a------	C:\WINDOWS\king-uninstall.exe
2008-09-09 07:55 . 2004-08-03 23:08	26,496	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-08 16:37 . 2006-01-19 22:10	363,008	--a------	C:\WINDOWS\system32\drivers\rt61.sys
2008-09-08 16:37 . 2008-09-08 16:37	20,747	--a------	C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-05 21:09 . 2008-09-05 21:53 d--------	C:\Documents and Settings\Jamie\Application Data\BFG_JanesRealty
2008-09-05 14:09 . 2008-09-05 14:10 d--------	C:\Program Files\Jane's Realty
2008-09-05 14:07 . 2008-09-16 12:52 d--------	C:\Program Files\bfgclient
2008-09-05 14:07 . 2008-09-05 14:10 d--------	C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-09-04 14:37 . 2008-09-04 15:06 d--------	C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-09-04 14:36 . 2008-09-04 14:36 d--------	C:\WINDOWS\Farm Frenzy 2
2008-09-04 14:36 . 2008-09-04 19:57 d--------	C:\Program Files\Farm Frenzy 2
2008-08-24 14:13 . 2008-08-24 14:13 d--------	C:\Program Files\Big Island Blends

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 01:38	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-16 17:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-11 20:34	---------	d-----w	C:\Program Files\Lavasoft
2008-09-11 20:32	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-08 20:37	---------	d-----w	C:\Program Files\MSI
2008-09-08 20:37	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-09-04 19:36	---------	d-----w	C:\Documents and Settings\Jamie\Application Data\uTorrent
2008-08-16 03:04	---------	d-----w	C:\Program Files\Sun
2008-08-16 03:03	---------	d-----w	C:\Program Files\Java
2008-08-16 02:39	---------	d-----w	C:\Documents and Settings\Jamie\Application Data\Malwarebytes
2008-08-16 02:39	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 17:59	---------	d-----w	C:\Program Files\LimeWire
2008-08-12 12:15	---------	d-----w	C:\Documents and Settings\Jamie\Application Data\LimeWire
2008-07-20 14:13	---------	d-----w	C:\Program Files\Lexmark X1100 Series
2008-07-19 02:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-19 02:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-07-04 11:12	316,672	----a-w	C:\WINDOWS\KingComIE.dll
2008-06-24 22:12	295,936	----a-w	C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-03-11 02:33	0	----a-w	C:\Program Files\temp01
.

((((((((((((((((((((((((((((( [email protected]_19.03.32.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-18 01:39:28	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-19 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-01-26 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MSI Wireless Utility.lnk - C:\Program Files\MSI\Common\RaUI.exe [2008-09-08 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mglwyj.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 18:08:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-18 18:11:11
ComboFix-quarantined-files.txt 2008-09-18 22:11:07
ComboFix2.txt 2008-09-17 23:04:26

Pre-Run: 212,045,430,784 bytes free
Post-Run: 212,254,416,896 bytes free

120	--- E O F ---	2008-09-10 07:03:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:03 PM, on 9/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jamie\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186788502187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: mglwyj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8951 bytes


----------



## sueb_51 (May 13, 2004)

just wondered if u have had a chance to look at this yet, not rushing u lol


----------



## ~Candy~ (Jan 27, 2001)

Sue, is someone other than you using this computer?


----------



## sueb_51 (May 13, 2004)

nope just my daughter, and sometimes my grandson. but he is very goood for not doing stuff he aint supposed to. why do u ask that????


----------



## ~Candy~ (Jan 27, 2001)

Because there have been more game stuff installed since we first started working with you........


----------



## sueb_51 (May 13, 2004)

i guess either my daughter or grandson did install games, so now what


----------



## Cookiegal (Aug 27, 2003)

It didn't change anything. I think there's a problem when Avast is on the system so please repeat the procedure in post no. 63 but using the following script in place of the other one:


```
Killall::

File::
C:\Program Files\temp01
C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\WINDOWS\System32\CSCDLL.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
```


----------



## sueb_51 (May 13, 2004)

ok ty


----------



## sueb_51 (May 13, 2004)

unnn tgus ===========================]]]]]]]]]]]]]]]]]]][[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

wewoo


----------



## Cookiegal (Aug 27, 2003)

What the heck is that????


----------



## ~Candy~ (Jan 27, 2001)

The cat is on the keyboard


----------



## sueb_51 (May 13, 2004)

i have noooooo idea. i have been trying to follow your instructions, now i can't get back online again on that machine


----------



## sueb_51 (May 13, 2004)

keeps popping up with avast messages.


----------



## sueb_51 (May 13, 2004)

now what????


----------



## Cookiegal (Aug 27, 2003)

OK, it seems there may have been some corruption in that version of ComboFix that broke the LSP chain, meaning you can't connect to the Internet. It's been fixed in a new version but for now, please do this to restore your Internet connection:

Go to *Start *- *Run *- type in *cmd *and click OK.

At the command prompt type in:

*netsh winsock reset catalog*

Press enter.

then type in:

*netsh int ip reset resetlog.txt*

Press enter.

You will need to reboot afterwards.

Does that get you back on-line?


----------



## sueb_51 (May 13, 2004)

ok thanx, will get back to ya


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## sueb_51 (May 13, 2004)

nope, i tried all morning can't get back online. it shows that I am connected with excellent signal but can't get into anything. Also i noticed now when i go into Connect To, there are other ppls wireless connections there now.


----------



## ~Candy~ (Jan 27, 2001)

Turn off your modem and router. Leave them off for 5 minutes. Then turn on the modem, then the router, then restart your computer.


----------



## sueb_51 (May 13, 2004)

ok thanx Candy i'll give it a shot


----------



## Cookiegal (Aug 27, 2003)

Are you able to do a system restore to just before this happened?


----------



## sueb_51 (May 13, 2004)

my daughter is trying to do that right now


----------



## sueb_51 (May 13, 2004)

yes it let me back online, so now do i do the first thing u said or the second


----------



## sueb_51 (May 13, 2004)

ummmm what should i do now


----------



## Cookiegal (Aug 27, 2003)

Download *OTScanIt.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt* on your desktop.

Close any open browsers.
Disconnect from the Internet.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt.
Open the *OTScanIt* folder and double-click on OTScanIt.exe to start the program.
Check the box that says *Scan All Users*
Under Drivers select the radio button for *All*
Under Rootkit Search select the radio button for *Yes*
Check the Radio buttons for Files/Folders Created Within *60 Days* and Files/Folders Modified Within *60 Days. These are the defaults so don't make any changes.* 
Under Additional Scans check the following:
Reg - BotCheck
Reg - Disabled MS Config Items
Reg - Mountpoints2
Reg - Security Settings
Reg - Software Policy Settings
Evnt - EventViewer Logs (last 10 errors)

Now click the *Run Scan* button on the toolbar.
The program may be scanning large amounts of data so depending on the scans requested and your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it automatically.
Save that Notepad file. Click the *Format* menu and make sure that *Word wrap* is not checked. If it is then click on it to uncheck it.
Use the *Reply* button and upload the Notepad file here as an attachment please.


----------



## sueb_51 (May 13, 2004)

ok thanx will get back to u


----------



## sueb_51 (May 13, 2004)

ok get on that right now


----------



## sueb_51 (May 13, 2004)

i'm not sure how to send it, its toooo big


----------



## sueb_51 (May 13, 2004)

k i'm confused now


----------



## sueb_51 (May 13, 2004)

well i'm gonna hit the hay, i'll check back in the morning


----------



## ~Candy~ (Jan 27, 2001)

Karen's on EST. She's usually out of here way before now  But, you should be able to upload the file as an attachment here.


----------



## sueb_51 (May 13, 2004)

if i can remember how to do it lol


----------



## sueb_51 (May 13, 2004)

I have no clue if i did this right or not. plse let me know as i'm not very experienced at this


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but unfortunately, I won't be able to post further instructions until tomorrow morning. I just wanted to let you know I hadn't forgotten about you.


----------



## sueb_51 (May 13, 2004)

ok no problem talk to u then


----------



## sueb_51 (May 13, 2004)

just wondered if u have a chance to check that yet , or if i did it right


----------



## ~Candy~ (Jan 27, 2001)

You uploaded it correctly. Karen has been swamped lately. She hasn't forgotten you


----------



## sueb_51 (May 13, 2004)

oh ok thanx Candy wasn't sure if i did it right or not. smart chicky eh lol


----------



## sueb_51 (May 13, 2004)

should i tell my daughter and grandson still not to download anything yet??


----------



## Cookiegal (Aug 27, 2003)

sueb_51 said:


> should i tell my daughter and grandson still not to download anything yet??


Never mind yet, how about ever? 

I'll be checking your log soon. They take quite a while to go through so I'll post back with my findings a bit later on.


----------



## sueb_51 (May 13, 2004)

lol ok thanx


----------



## Cookiegal (Aug 27, 2003)

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill Explorer]
[Registry - Non-Microsoft Only]
< Jamie Startup Folder > -> C:\Documents and Settings\Jamie\Start Menu\Programs\Startup
YY -> ~EmptyValue -> %UserProfile%\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
[Files/Folders - Created Within 60 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 60 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 7 C:\Documents and Settings\Jamie\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Jamie\Local Settings\temp\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```
Also, I'm attaching a FixAppinit.zip file. Save it to your desktop. Unzip it and double-click the FixAppinit.reg file and allow it to merge into the registry.

Lastly, please do a search for the file you see bolded at the bottom of this post and let me know if you find it and if so where it's located. You may have to unhide files first:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders".
Click "Apply" then "OK".

Go to Start > Search - All Files and Folders and under "More advanced search options". 
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

*mglwyj.dll*


----------



## sueb_51 (May 13, 2004)

Explorer killed successfully
[Registry - Non-Microsoft Only]
C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe moved successfully.
File ~EmptyValue not found.
[Files/Folders - Created Within 60 days]
[Files/Folders - Modified Within 60 days]
C:\Documents and Settings\Jamie\Local Settings\temp\bye1.tmp\Disk1 folder deleted successfully.
C:\Documents and Settings\Jamie\Local Settings\temp\bye1.tmp folder deleted successfully.
C:\Documents and Settings\Jamie\Local Settings\temp\bye2.tmp\Disk1 folder deleted successfully.
C:\Documents and Settings\Jamie\Local Settings\temp\bye2.tmp folder deleted successfully.
C:\Documents and Settings\Jamie\Local Settings\temp\bye8.tmp\Disk1 folder deleted successfully.
C:\Documents and Settings\Jamie\Local Settings\temp\bye8.tmp folder deleted successfully.
C:\Documents and Settings\Jamie\Local Settings\temp\isp6.tmp folder deleted successfully.
C:\Documents and Settings\Jamie\Local Settings\temp\iss3.tmp folder deleted successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_534.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09232008_193316

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_534.dat moved successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39, on 2008-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\MSI\Common\RaUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jamie\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186788502187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8918 bytes


----------



## ~Candy~ (Jan 27, 2001)

Hey Sue, I noticed that your folder is named Jamie, do you have more than one user account on this computer?

As for the downloading question, I sincerely think that you should NOT allow other people to download ANYTHING to the computer. Cookiegal can probably help you with those restrictions via Windows.

I would use a harsher approach myself and threaten death or great bodily harm to whomever is brave enough to download something on my computer


----------



## sueb_51 (May 13, 2004)

i couldnt find that file


----------



## sueb_51 (May 13, 2004)

lol its my daughters computer Candy and she don't listen to me toooo well lol


----------



## ~Candy~ (Jan 27, 2001)

sueb_51 said:


> lol its my daughters computer Candy and she don't listen to me toooo well lol


Well, I would tell her if she chooses this route again, that you can't use "YOUR" resources to help her fix it. There is a great deal of work involved in these removals, as you can well appreciate.


----------



## sueb_51 (May 13, 2004)

oh trust me i already told her. mine and the hubbys has been running great


----------



## ~Candy~ (Jan 27, 2001)

sueb_51 said:


> oh trust me i already told her. mine and the hubbys has been running great


:up: Hubby is the most important


----------



## sueb_51 (May 13, 2004)

ya thats what he says toooo lol


----------



## Cookiegal (Aug 27, 2003)

Your log looks fine. How are things now?


----------



## sueb_51 (May 13, 2004)

my daughter says it is still sluggish and keeps getting the error msg that ie has to close, i haven't tried it myself but she has been trying different things all day on it.


----------



## ~Candy~ (Jan 27, 2001)

How much ram does it have?


----------



## Cookiegal (Aug 27, 2003)

Also, did you say there was nother user account on the computer?


----------



## sueb_51 (May 13, 2004)

256 ram and my grandson plays sometimes on it but he is really careful. always asks before he touches anything


----------



## sueb_51 (May 13, 2004)

i'm am on her computer right now and 3 times in the past half hour it says internet explorer has encountered a problem and needs to close


----------



## sueb_51 (May 13, 2004)

ok this time i coppied what the error report for microsoft said, well some of it.
ModName flash9f.ocx technical info says the following file is included:
C:\DOCUME 1\Jamie\LOCALS 1\Temp\f368+appcompat.txt don't know if that will help any but its the same msg every time


----------



## Cookiegal (Aug 27, 2003)

No, that is only the text file but not the actual error. I don't think the error will help us but we can take a look. Although this is common when you don't have sufficient resources. Once you add more RAM you likely won't have the problem.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## sueb_51 (May 13, 2004)

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2008-09-26
Time: 15:19
User: N/A
Computer:	JAMIES
Description:
Faulting application iexplore.exe, version 7.0.6000.16705, faulting module mshtml.dll, version 7.0.6000.16705, fault address 0x000b5768.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 37 30 35 00.16705
0030: 20 69 6e 20 6d 73 68 74 in msht
0038: 6d 6c 2e 64 6c 6c 20 37 ml.dll 7
0040: 2e 30 2e 36 30 30 30 2e .0.6000.
0048: 31 36 37 30 35 20 61 74 16705 at
0050: 20 6f 66 66 73 65 74 20 offset 
0058: 30 30 30 62 35 37 36 38 000b5768
0060: 0d 0a .. 
Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2008-09-24
Time: 17:41
User: N/A
Computer:	JAMIES
Description:
Faulting application iexplore.exe, version 7.0.6000.16705, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x001a8081.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 37 30 35 00.16705
0030: 20 69 6e 20 66 6c 61 73 in flas
0038: 68 39 66 2e 6f 63 78 20 h9f.ocx 
0040: 39 2e 30 2e 31 32 34 2e 9.0.124.
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 31 61 set 001a
0058: 38 30 38 31 0d 0a 8081.. 
Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2008-09-24
Time: 15:54
User: N/A
Computer:	JAMIES
Description:
Faulting application iexplore.exe, version 7.0.6000.16705, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x0008b03e.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 37 30 35 00.16705
0030: 20 69 6e 20 66 6c 61 73 in flas
0038: 68 39 66 2e 6f 63 78 20 h9f.ocx 
0040: 39 2e 30 2e 31 32 34 2e 9.0.124.
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 38 set 0008
0058: 62 30 33 65 0d 0a b03e.. 
Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2008-09-23
Time: 07:42
User: N/A
Computer:	JAMIES
Description:
Faulting application iexplore.exe, version 7.0.6000.16705, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x00096a4b.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 37 30 35 00.16705
0030: 20 69 6e 20 66 6c 61 73 in flas
0038: 68 39 66 2e 6f 63 78 20 h9f.ocx 
0040: 39 2e 30 2e 31 32 34 2e 9.0.124.
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 39 set 0009
0058: 36 61 34 62 0d 0a 6a4b.. 
Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2008-09-23
Time: 07:34
User: N/A
Computer:	JAMIES
Description:
Faulting application iexplore.exe, version 7.0.6000.16705, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x00096a4b.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 37 30 35 00.16705
0030: 20 69 6e 20 66 6c 61 73 in flas
0038: 68 39 66 2e 6f 63 78 20 h9f.ocx 
0040: 39 2e 30 2e 31 32 34 2e 9.0.124.
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 39 set 0009
0058: 36 61 34 62 0d 0a 6a4b.. 
hope i did this right


----------



## Cookiegal (Aug 27, 2003)

Try uninstalling the Adobe Flash Player following the instructions here:

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14157

Then reinstall it from the Adobe website.


----------



## sueb_51 (May 13, 2004)

ok i'll give it a shot and get back to u thanx


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## sueb_51 (May 13, 2004)

still no better. My daughter deleted a huge amout of things off her computer and is still having a problem with IE closing. she just started a homeschool course so its important that we get it going properly. It appears the problem is with IE.


----------



## Cookiegal (Aug 27, 2003)

Please check the Event Viewer again and see what new errors are showing since you uninstalled and reinstalled Adobe Flash Player.


----------



## ~Candy~ (Jan 27, 2001)

I'll just add this, she'd be happier if she installed more ram.

At LEAST another 256.


----------



## sueb_51 (May 13, 2004)

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2008-09-29
Time: 04:39
User: N/A
Computer:	JAMIES
Description:
Faulting application iexplore.exe, version 7.0.6000.16705, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x0019405f.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 37 30 35 00.16705
0030: 20 69 6e 20 66 6c 61 73 in flas
0038: 68 39 66 2e 6f 63 78 20 h9f.ocx 
0040: 39 2e 30 2e 31 32 34 2e 9.0.124.
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 31 39 set 0019
0058: 34 30 35 66 0d 0a 405f.. 
Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2008-09-28
Time: 21:41
User: N/A
Computer:	JAMIES
Description:
Faulting application iexplore.exe, version 7.0.6000.16705, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x00089512.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 37 30 35 00.16705
0030: 20 69 6e 20 66 6c 61 73 in flas
0038: 68 39 66 2e 6f 63 78 20 h9f.ocx 
0040: 39 2e 30 2e 31 32 34 2e 9.0.124.
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 38 set 0008
0058: 39 35 31 32 0d 0a 9512.. 
Event Type:	Error
Event Source:	Cdrom
Event Category:	None
Event ID:	7
Date: 2008-09-29
Time: 05:19
User: N/A
Computer:	JAMIES
Description:
The device, \Device\CdRom1, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 3e 40 02 00 ....>@..
0020: 00 00 00 00 00 00 00 00 ........
0028: 51 f2 50 00 00 00 00 00 QòP.....
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 01 00 @..Ä....
0040: 00 00 0c 12 48 00 00 00 ....H...
0048: 00 00 00 00 0a 00 00 00 ........
0050: 90 6e da 03 10 0d da f9 nÚ...Úù
0058: 00 00 00 00 18 c9 67 fe .....Égþ
0060: 00 00 00 00 00 00 00 00 ........
0068: be 04 00 02 b7 19 00 00 ¾...·...
0070: 10 f0 00 00 00 00 00 00 .ð......
0078: f0 00 03 00 02 b7 1e 0a ð....·..
0080: 00 00 00 00 11 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
Event Type:	Error
Event Source:	Cdrom
Event Category:	None
Event ID:	7
Date: 2008-09-29
Time: 05:01
User: N/A
Computer:	JAMIES
Description:
The device, \Device\CdRom1, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 3e 40 02 00 ....>@..
0020: 00 00 00 00 00 00 00 00 ........
0028: 69 eb 4f 00 00 00 00 00 iëO.....
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 01 00 @..Ä....
0040: 00 00 0c 12 48 00 00 00 ....H...
0048: 00 00 00 00 0a 00 00 00 ........
0050: 60 c3 d9 03 70 61 10 fa `ÃÙ.pa.ú
0058: 00 00 00 00 70 de 5a fe ....pÞZþ
0060: 00 00 00 00 00 00 00 00 ........
0068: be 04 00 01 86 87 00 00 ¾.....
0070: 10 f0 00 00 00 00 00 00 .ð......
0078: f0 00 03 00 01 86 90 0a ð.....
0080: 00 00 00 00 11 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
Event Type:	Error
Event Source:	Cdrom
Event Category:	None
Event ID:	7
Date: 2008-09-28
Time: 22:56
User: N/A
Computer:	JAMIES
Description:
The device, \Device\CdRom1, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 68 00 01 00 b8 00 ..h...¸.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 3e 40 02 00 ....>@..
0020: 00 00 00 00 00 00 00 00 ........
0028: a6 86 3a 00 00 00 00 00 ¦:.....
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 01 00 @..Ä....
0040: 00 00 0c 12 48 00 00 00 ....H...
0048: 00 00 00 00 0a 00 00 00 ........
0050: c8 b0 34 01 c0 8c b4 ff È°4.À´ÿ
0058: 00 00 00 00 78 f2 4c fe ....xòLþ
0060: 00 00 00 00 00 00 00 00 ........
0068: be 04 00 05 07 5c 00 00 ¾....\..
0070: 10 f0 00 00 00 00 00 00 .ð......
0078: f0 00 03 00 05 07 5e 0a ð.....^.
0080: 00 00 00 00 11 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
i'm not sure what she was doing when this happened.


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


Also, are you having problems with your CD Drive?


----------



## sueb_51 (May 13, 2004)

okie dokie


----------



## sueb_51 (May 13, 2004)

yes she said it was making a rubbing noise


----------



## ~Candy~ (Jan 27, 2001)

Is there a disk in the drive?


----------



## sueb_51 (May 13, 2004)

no she hasn't used the cd player for a long time


----------



## sueb_51 (May 13, 2004)

Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI Soft Modem
avast! Antivirus
Bejeweled 2 Deluxe
Big Fish Games Client
Build-a-lot
Build-a-lot 2 - Town of the Year [h33t] [oi812heet]
Cake Mania 2-in-1
C-Media WDM Audio Driver
DivX Content Uploader
DivX Player
DivX Web Player
Escape from Paradise
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Jane's Realty
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
king.com (remove only)
Lexmark X1100 Series
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Reader
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
MSI Wireless LAN Card
MSXML 4.0 SP2 (KB936181)
neroxml
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shockwave
The Sims Deluxe Edition
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VCRedistSetup
Wheel of Fortune 2003
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.2
XviD MPEG-4 Video Codec


----------



## sueb_51 (May 13, 2004)

just wondered if u have had a chance to look at this yet?


----------



## ~Candy~ (Jan 27, 2001)

Java(TM) 6 Update 2
Java(TM) 6 Update 3


You can uninstall those. I'm not sure what Karen's looking for


----------



## Cookiegal (Aug 27, 2003)

Thanks Candy.

I'm very busy with work for a good while yet but I was looking to see what version of the Flash player you had installed but it doesn't give it.

If you disable everyting except your anti-virus via msconfig, do you still have problems?


----------



## sueb_51 (May 13, 2004)

thanx Candy. I'll try that Cookiegal and let u know.


----------



## Cookiegal (Aug 27, 2003)

OK, sounds good.


----------



## sueb_51 (May 13, 2004)

sorry which heading do I click on in msconfig


----------



## Cookiegal (Aug 27, 2003)

The startup tab.


----------



## sueb_51 (May 13, 2004)

ive been on her computer for about an hour with no problems so far lol


----------



## sueb_51 (May 13, 2004)

spoke toooo soooon lol same error


----------



## ~Candy~ (Jan 27, 2001)

Time to replace the cdrom.

To get rid of the error, unplug it.


----------



## sueb_51 (May 13, 2004)

oh really??? would that cause the problem with IE??


----------



## sueb_51 (May 13, 2004)

i have another one around here i could throw in lol


----------



## ~Candy~ (Jan 27, 2001)

I saw the cdrom error message in your event viewer post. I thought that was the issue. If the issue is IE, post that error message.


----------



## sueb_51 (May 13, 2004)

no its with the flash player i think. keep getting a error msg. flash9f,ocx


----------



## sueb_51 (May 13, 2004)

the cd rom msg came up later lol


----------



## sueb_51 (May 13, 2004)

just says IE has to close


----------



## Cookiegal (Aug 27, 2003)

I think I've found the problem. What are your computer specs? If it's Pentium II or lower, the problem is with the latest version of Flash Player.


----------



## sueb_51 (May 13, 2004)

i just uninstalled the flash player and reinstalled it from Adobe again. for some reason it seems alot faster. its only been a few min though.Its a Pentium IV


----------



## sueb_51 (May 13, 2004)

i was gonna do some surfing in some of the sites my daughter goes into and see if it makes a difference.


----------



## Cookiegal (Aug 27, 2003)

Try it out. If it keeps happening there's a debugger that can be installed that might fix it.


----------



## sueb_51 (May 13, 2004)

spoke toooo sooon again lol


----------



## Cookiegal (Aug 27, 2003)

Try this, it can't hurt:

Download the Windows Flash Player 9 ActiveX control content debugger (for IE) (EXE, 1.55 MB)

http://www.adobe.com/support/flashplayer/downloads.html


----------



## sueb_51 (May 13, 2004)

k i did that


----------



## Cookiegal (Aug 27, 2003)

Let's see how it goes then.


----------



## sueb_51 (May 13, 2004)

still the same as before


----------



## Cookiegal (Aug 27, 2003)

Did you reboot after installing the debugger?


----------



## sueb_51 (May 13, 2004)

yes I did


----------



## ~Candy~ (Jan 27, 2001)

Format C: time yet?


----------



## sueb_51 (May 13, 2004)

not quite yet candy lol


----------



## Cookiegal (Aug 27, 2003)

I would say so. I'm out of ideas.


----------

