1. Please let me know if you have posted this log on another forum, and if you have run any tools to address this problem. You mention "numerous antispyware programs". Which ones?
2. Please let me know if you are an employee and this system is owned by your employer. If so, do you have permission to make changes to it?
3. Please understand it is very important that you follow the instructions given to you during the cleaning of malware. This can sometimes be a tricky process and often requires things be done in a certain sequence to be effective. Please do not wait days between steps in this process. It is requested you respond at least within 48 hours. Any longer and it becomes necessary to update all information and start over.
4. Please print or copy this page to Notepad in order to assist you when carrying out the following instructions.
5. If your reply does fit in one post, please reply to yourself until all text is submitted. It may take several posts.
You have several issues showing in your log.
Please post an updated HijackThis log and an uninstall list.
To obtain the uninstall list, open HijackThis and click on the "Open the Misc Tools section" button.
Click on the "Open Uninstall Manager" button.
Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Select a place to save it. The list should open in notepad.
Copy and paste that list here.
Ace Utilities
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Astaro Secure Client
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
AVS Disc Creator version 2.1
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
Burn4Free Toolbar
CCleaner (remove only)
Click'N Design 3D (V5)
Conexant D480 MDC V.92 Modem
Dell AIO Printer A920
Dell Bluetooth Software
Dell ResourceCD
Dell Solution Center
Digital Line Detect
DivX
DVDSentry
Easy CD Creator 5 Basic
Error Nuker
eTrust EZ Armor
Exl-Plan Free
Express Burn
Express Rip
FaxTools
Golden Records Uninstall
Google Toolbar for Internet Explorer
Google Video Player
Hallmark Card Studio 2006 Deluxe
Harry Potter
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV2000
Hauppauge WinTV-PVR USB 2 Drivers
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
I/OMagic DataBank
Icatch(V) Camera Driver
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo FilterSDK for Hauppauge
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Kingdom Hospital Screensaver
K-Lite Codec Pack 2.34 Full
LiveUpdate
Maxell CreateIt
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Live OneCare Resources v1.6.2111.30
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v1.6.2111.30
Microsoft Windows OneCare Live v1.6.2111.30 Idcrl Install
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.5.0.12)
mPfMgr
mPfWiz
mProSafe
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
mWlsSafe
mXML
My DSC
MyDSC2
mZConfig
NetWaiting
Online Manuals for WinTV (English)
OpenOffice.org 2.0
Parker Brothers Classic Card Games
PCShowBuzz and PureRadio
PowerDVD 5.1
Print Server Driver
PX Engine
Q-Point
QuickSet
QuickTime
RealArcade
RealPlayer
Roxio Easy Media Creator 8 Suite
Sandlot Games Client Services
Scratches
Secure Delivery
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
SoundTap Uninstall
Spyware Doctor 5.0
SUPERAntiSpyware Free Edition
Switch
SY-DSC
Symantec Procomm Plus
TextBridge Pro Millennium
Ulead DVD MovieFactory 3 SE
Uniblue SpeedUpMyPC 3
Uniblue System Tweaker
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Video Poker
WavePad Uninstall
WebCyberCoach 3.2 Dell
Webshots Desktop
Westward Free Trial
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
QUOTE:
I was instructed to run ComboFix, which I did.
As a new member at these forums, it was not your fault. The person who instructed you to run ComboFix in a general forum should have known that we use those advanced tools only on the HijackThis board where complete instructions are given by a trained analyst.
Because of this the developers of these tools do not approve their use on general forums. That may have contributed to your problems, and I cannot guarantee that we can fix all the problems that you are having after running the tool unsupervised, but we will do our best to get you cleaned up.
Please post your report from ComboFix and we'll try to see what was done. You will find the report here: C:\ComboFix.txt
I originally posted this in the regular area in error. I was instructed to run ComboFix, which I did. It appeared to fix my problem as I did not receive the warning popup anymore and had access again to ?all of my functions.
However, there is obviously still problems as I am now getting application errors every time I open my system and it is so painfully slow that it is absolute torture.
I ran AVG-Antivirus, AVG Anti-Rootkit, PC Tools Spyware Doctor, SUPERAntiSpyware, and Windows Live OneCare.
This is my personal computer, not a company one.
Here is my current logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:44 AM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
ComboFix 07-09-07 - "Shelley S" 2007-09-06 17:12:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.148 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Please disable
Spyware Doctor and
AVG Anti-Spyware Guard while we are working so they do not interfere.
To disable
Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.
Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
[To enable
Spyware Doctor when you are finished, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
Exit. Reboot.]
Open
AVG Anti-Spyware. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right-click on AVG AS in the system tray and uncheck "Start with Windows".
Go to Start > Run and type: services.msc
Press "OK".
In Services, click the "Extended tab" and scroll down the list to find AVG Anti-Spyware Guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window.
After we are finished with all your fixes, please disable your realtime monitoring in AVG AS and Spyware Doctor again.
If you still have
SpywareBot installed, it is a spyware remover of somewhat dubious repute.
More here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm I do not see it listed in Add/Remove Programs, so we will remove remnants of the program another way.
Open
Notepad and copy/paste the following bold text between the dotted lines into it. Do not copy the dotted lines.
Referring to the picture above, drag CFScript into ComboFix.exe
You will be prompted to run Combofix again. Follow the same instructions you did before for running ComboFix.
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
When finished, a log is produced here: C:\ComboFix.txt
Please provide the contents of the new ComboFix log in your next reply along with a new HijackThis log, and let me know how things are running.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:28 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
ComboFix 07-09-07 - "Shelley S" 2007-09-08 12:59:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.210 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Shelley S\Desktop\CFScript.txt
* Created a new restore point
ComboFix 07-09-07 - "Shelley S" 2007-09-08 12:59:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.210 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Shelley S\Desktop\CFScript.txt
* Created a new restore point
Please launch HijackThis and place a checkmark next to these:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1694eebf6650ad299803/netzip/RdxIE601.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
Close all windows except HijackThis and click "Fix Checked". Close HijackThis and reboot.
Run
Disk Cleanup in each user's profile:
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.
Please let me know how things are running after that. Thanks.
Okay, I have done everything as directed and things
seem to be running a lot smoother now.
Can I just say that you are absolutely amazing!!??!! This all is extremely scary for someone like myself who has had no computer training whatsoever. All I know is what I have learned by using my system with trial and error. You make this experience so much less frightening and you have no idea how important and appreciated that is.
I have not restarted the AVG Anti-spyware or the PC Tools Spyware Doctor yet. What I would like to know if you would tell me is, do I really need all of the anti-apyware that I currently have (most downloaded after noticing the warning popup).
I used to just have AVG Anti-virus and the dreaded SpywareBot. When the SpywareBot subscription ended (very recently), I chose not to renew it and went over to AVG. (??Maybe this is what started it all since I didn't renew SpywareBot.)
Anyway, I currently have the following:
SUPERAntiSpyware
AVG Anti-Spyware
PC Tools Spyware Doctor
Windows Live OneCare.
If not, can you tell me which you recommend I keep and which I delete? Or, if you have better options for me to choose, then I am certainly open to your suggestions.
Once again, thank you very much for all of your help and let me know if there is anything else I need to do to complete this process.
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 7th, 2007 18:00
1. Please let me know if you have posted this log on another forum, and if you have run any tools to address this problem. You mention "numerous antispyware programs". Which ones?
2. Please let me know if you are an employee and this system is owned by your employer. If so, do you have permission to make changes to it?
3. Please understand it is very important that you follow the instructions given to you during the cleaning of malware. This can sometimes be a tricky process and often requires things be done in a certain sequence to be effective. Please do not wait days between steps in this process. It is requested you respond at least within 48 hours. Any longer and it becomes necessary to update all information and start over.
4. Please print or copy this page to Notepad in order to assist you when carrying out the following instructions.
5. If your reply does fit in one post, please reply to yourself until all text is submitted. It may take several posts.
You have several issues showing in your log.
Please post an updated HijackThis log and an uninstall list.
To obtain the uninstall list, open HijackThis and click on the "Open the Misc Tools section" button.
Click on the "Open Uninstall Manager" button.
Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Select a place to save it. The list should open in notepad.
Copy and paste that list here.
woodwitch
14 Posts
0
September 8th, 2007 15:00
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Astaro Secure Client
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
AVS Disc Creator version 2.1
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
Burn4Free Toolbar
CCleaner (remove only)
Click'N Design 3D (V5)
Conexant D480 MDC V.92 Modem
Dell AIO Printer A920
Dell Bluetooth Software
Dell ResourceCD
Dell Solution Center
Digital Line Detect
DivX
DVDSentry
Easy CD Creator 5 Basic
Error Nuker
eTrust EZ Armor
Exl-Plan Free
Express Burn
Express Rip
FaxTools
Golden Records Uninstall
Google Toolbar for Internet Explorer
Google Video Player
Hallmark Card Studio 2006 Deluxe
Harry Potter
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV2000
Hauppauge WinTV-PVR USB 2 Drivers
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
I/OMagic DataBank
Icatch(V) Camera Driver
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo FilterSDK for Hauppauge
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Kingdom Hospital Screensaver
K-Lite Codec Pack 2.34 Full
LiveUpdate
Maxell CreateIt
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Live OneCare Resources v1.6.2111.30
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v1.6.2111.30
Microsoft Windows OneCare Live v1.6.2111.30 Idcrl Install
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.5.0.12)
mPfMgr
mPfWiz
mProSafe
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
mWlsSafe
mXML
My DSC
MyDSC2
mZConfig
NetWaiting
Online Manuals for WinTV (English)
OpenOffice.org 2.0
Parker Brothers Classic Card Games
PCShowBuzz and PureRadio
PowerDVD 5.1
Print Server Driver
PX Engine
Q-Point
QuickSet
QuickTime
RealArcade
RealPlayer
Roxio Easy Media Creator 8 Suite
Sandlot Games Client Services
Scratches
Secure Delivery
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
SoundTap Uninstall
Spyware Doctor 5.0
SUPERAntiSpyware Free Edition
Switch
SY-DSC
Symantec Procomm Plus
TextBridge Pro Millennium
Ulead DVD MovieFactory 3 SE
Uniblue SpeedUpMyPC 3
Uniblue System Tweaker
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Video Poker
WavePad Uninstall
WebCyberCoach 3.2 Dell
Webshots Desktop
Westward Free Trial
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 8th, 2007 15:00
I was instructed to run ComboFix, which I did.
As a new member at these forums, it was not your fault. The person who instructed you to run ComboFix in a general forum should have known that we use those advanced tools only on the HijackThis board where complete instructions are given by a trained analyst.
Because of this the developers of these tools do not approve their use on general forums. That may have contributed to your problems, and I cannot guarantee that we can fix all the problems that you are having after running the tool unsupervised, but we will do our best to get you cleaned up.
Please post your report from ComboFix and we'll try to see what was done. You will find the report here: C:\ComboFix.txt
woodwitch
14 Posts
0
September 8th, 2007 15:00
Scan saved at 8:49:44 AM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ncple\ncprwsnt.exe
C:\WINDOWS\ncple\ncpsec.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ncple\rwsrsu.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\ncple\ncpbudgt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [NcpBudget] "C:\WINDOWS\ncple\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\WINDOWS\ncple\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1694eebf6650ad299803/netzip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188962190909
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ncprwsnt - Unknown owner - C:\WINDOWS\ncple\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\WINDOWS\ncple\ncpsec.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\WINDOWS\ncple\rwsrsu.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://online.tvguide.com/images/logoTVGuide.gif
End of file - 12511 bytes
woodwitch
14 Posts
0
September 8th, 2007 16:00
*Note* empty entries & legit default entries are not shown
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 13:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 18:59]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 08:18]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 11:25]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 18:09]
"NcpBudget"="C:\WINDOWS\ncple\ncpbudgt.exe" [2005-01-05 09:32]
"NcpPopup"="C:\WINDOWS\ncple\ncppopup.exe" [2005-02-23 12:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-21 21:47]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-22 09:34]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-02 10:47]
C:\ComboFix\temp00
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 13:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 18:59]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 08:18]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 11:25]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 18:09]
"NcpBudget"="C:\WINDOWS\ncple\ncpbudgt.exe" [2005-01-05 09:32]
"NcpPopup"="C:\WINDOWS\ncple\ncppopup.exe" [2005-02-23 12:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-21 21:47]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-22 09:34]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-02 10:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"SpyZooka"="C:\Program Files\SpyZooka\SpyZookaLdr.exe" [2007-04-06 21:12]
DESKTOP.INI [2004-03-20 10:58:38]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-06-24 22:02:49]
Event Planner Reminder.lnk - C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe [2005-08-30 18:18:30]
DESKTOP.INI [2004-03-20 10:58:38]
DESKTOP.INI [2004-03-20 10:58:38]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2004-08-07 19:29:12]
"DisableRegistryTools"=0 (0x0)
"NoAutoUpdate"=0 (0x0)
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= C:\PROGRA~1\SpyZooka\spyguard.dll [2005-05-07 23:25 173568]
"System"=" "
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
@="Service"
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 ncprwsnt;ncprwsnt;C:\WINDOWS\ncple\ncprwsnt.exe
R2 NcpSec;NcpSec;C:\WINDOWS\ncple\ncpsec.exe
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R2 rwsrsu;RwsRsu;C:\WINDOWS\ncple\rwsrsu.exe
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
R3 ncplentp;ASTARO Secure Client Adapter Driver;C:\WINDOWS\system32\DRIVERS\ncplentp.sys
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S2 Ca50xav;Icatch(V) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca50xav.sys
S3 iComp;Hauppauge WinTV PVR USB2 Encoder;C:\WINDOWS\system32\DRIVERS\HCWUSB2.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 USBCamera;Icatch(V) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk50x.sys
S3 UsbFltr;WayTech USB Filter Driver;C:\WINDOWS\system32\Drivers\UsbFltr.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8173d921-ceb0-11d8-9f1f-806d6172696f}]
AutoRun\command- D:\launch.exe +consumerdell
Contents of the 'Scheduled Tasks' folder
"2007-09-03 17:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-05 14:34:29 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.exe
"2007-08-18 19:23:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-29 19:22:09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
"2007-09-06 23:52:31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A49CB25B-81A4-40F8-84C3-E302044DE3CA}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-09-06 04:58:01 C:\WINDOWS\Tasks\WebReg 20050721215825.job"
- c:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
Rootkit scan 2007-09-06 17:36:44
Windows 5.1.2600 Service Pack 2 NTFS
ZwClose
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 2007-09-06 17:48
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 8th, 2007 16:00
woodwitch
14 Posts
0
September 8th, 2007 16:00
Folder PATH listing
Volume serial number is 08E9-B8AC
C:\QOOBOX
| snapshot_2007-09-06_174518.41.cf
|
+---BackEnv
| APPDATA.folder.cf
| CACHE.folder.cf
| DESKTOP.folder.cf
| FAVORITES.folder.cf
| LOCAL APPDATA.folder.cf
| LOCAL SETTINGS.folder.cf
| MY PICTURES.folder.cf
| PERSONAL.folder.cf
| profiles.folder.cf
| PROGRAMS.folder.cf
| setpath.bat
| START MENU.folder.cf
| STARTUP.folder.cf
| TEMPLATES.folder.cf
|
\---Quarantine
+---C
| +---ComboFix
| | FProps.vbs.vir
| |
| +---DOCUME~1
| | +---ALLUSE~1
| | | \---STARTM~1
| | | \---Programs
| | | \---Startup
| | | autorun.exe.vir
| | |
| | \---SHELLE~1
| | \---STARTM~1
| | \---Programs
| | \---Startup
| | system.exe.vir
| |
| \---WINDOWS
| \---SYSTEM32
| model.dat.vir
| printer.exe.vir
| WinAvXX.exe.vir
|
\---Registry_backups
hklm_windowsNT_windows.reg.cf
woodwitch
14 Posts
0
September 8th, 2007 16:00
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.148 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\SHELLE~1\STARTM~1\Programs\Startup\system.exe
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe
((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))
2007-09-06 17:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-06 15:26
2007-09-06 14:54
2007-09-06 12:24
2007-09-06 00:09 81,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwdrv.sys
2007-09-06 00:09 105,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwhlpr.sys
2007-09-06 00:05 67,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys
2007-09-05 23:15
2007-09-05 18:37 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2007-09-05 13:22 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-09-05 11:53
2007-09-05 11:51
2007-09-05 11:51
2007-09-05 11:50
2007-09-05 10:49
2007-09-04 22:09 82,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2007-09-04 22:09 57,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2007-09-04 22:09 40,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2007-09-04 22:09 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2007-09-04 22:09
2007-09-04 22:09
2007-09-04 22:08 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-09-04 20:33
2007-09-04 20:10
2007-09-03 15:45
2007-09-03 15:45
2007-09-03 10:44
2007-09-03 10:44
2007-09-03 10:41
2007-09-03 10:41
2007-09-02 08:22
2007-08-31 21:11
2007-08-27 17:57 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-08-26 14:49
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-05 10:59 --------- d-------- C:\Program Files\Click'N Design 3D (V5)
2007-09-04 22:31 --------- d-------- C:\Program Files\Games
2007-09-04 18:52 --------- d-------- C:\Program Files\wyvern
2007-08-31 20:27 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\OpenOffice.org2
2007-08-09 11:31 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-08-05 00:25 --------- d-------- C:\Program Files\CyberLink
2007-08-05 00:17 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-05 00:16 --------- d-------- C:\Program Files\Roxio
2007-08-05 00:16 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-05 00:14 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-04 22:09 206464 --a------ C:\WINDOWS\system32\drivers\udfreadr_xp.sys
2007-08-04 22:09 --------- d-------- C:\Program Files\Common Files\Adaptec Shared
2007-08-04 22:01 --------- d-------- C:\Program Files\ACW
2007-08-04 21:58 --------- d-------- C:\Program Files\Astonsoft
2007-08-02 19:41 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Mysteryville2
2007-08-02 18:58 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\gemsweeperextractedgfx
2007-08-02 18:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-29 19:42 --------- d-------- C:\Program Files\Uniblue
2007-07-29 19:42 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\System Tweaker
2007-07-29 14:19 --------- d-------- C:\Program Files\Sonic
2007-07-29 14:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-07-29 12:22 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Uniblue
2007-07-20 07:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 09:41 --------- d-------- C:\Program Files\QuickTime
2007-07-15 09:37 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 09:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-14 14:39 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-14 14:39 --------- d-------- C:\Program Files\EA Games
2007-07-14 14:10 28624 --a------ C:\WINDOWS\system32\drivers\SECDRV.SYS
2007-07-13 18:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-08 12:38 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Sonic
2007-07-07 23:16 --------- d-------- C:\Program Files\CCleaner
2007-07-06 23:19 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\My Games
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-04-09 20:09 87608 --a------ C:\DOCUME~1\SHELLE~1\APPLIC~1\ezpinst.exe
2007-04-09 20:09 47360 --a------ C:\DOCUME~1\SHELLE~1\APPLIC~1\pcouffin.sys
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 8th, 2007 17:00
To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.
Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
[To enable Spyware Doctor when you are finished, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
Exit. Reboot.]
Open AVG Anti-Spyware. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right-click on AVG AS in the system tray and uncheck "Start with Windows".
Go to Start > Run and type: services.msc
Press "OK".
In Services, click the "Extended tab" and scroll down the list to find AVG Anti-Spyware Guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window.
After we are finished with all your fixes, please disable your realtime monitoring in AVG AS and Spyware Doctor again.
If you still have SpywareBot installed, it is a spyware remover of somewhat dubious repute.
More here: http://www.spywarewarrior.com/rogue_anti-spyware.htm
I do not see it listed in Add/Remove Programs, so we will remove remnants of the program another way.
Open Notepad and copy/paste the following bold text between the dotted lines into it. Do not copy the dotted lines.
-----------------------------------------------------------------------------------------------
File::
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
Folder::
C:\Program Files\SpyZooka
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyZooka"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"=-
--------------------------------------------------------------------------------------------------------
Save this as CFScript.txt
Referring to the picture above, drag CFScript into ComboFix.exe
You will be prompted to run Combofix again. Follow the same instructions you did before for running ComboFix.
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
When finished, a log is produced here: C:\ComboFix.txt
Please provide the contents of the new ComboFix log in your next reply along with a new HijackThis log, and let me know how things are running.
woodwitch
14 Posts
0
September 8th, 2007 19:00
Scan saved at 1:24:28 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ncple\ncprwsnt.exe
C:\WINDOWS\ncple\ncpsec.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ncple\rwsrsu.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\ncple\ncpbudgt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [NcpBudget] "C:\WINDOWS\ncple\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\WINDOWS\ncple\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1694eebf6650ad299803/netzip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188962190909
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ncprwsnt - Unknown owner - C:\WINDOWS\ncple\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\WINDOWS\ncple\ncpsec.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\WINDOWS\ncple\rwsrsu.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://online.tvguide.com/images/logoTVGuide.gif
End of file - 12044 bytes
woodwitch
14 Posts
0
September 8th, 2007 19:00
*Note* empty entries & legit default entries are not shown
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 13:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 22:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 18:59]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 08:18]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 11:25]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 18:09]
"NcpBudget"="C:\WINDOWS\ncple\ncpbudgt.exe" [2005-01-05 09:32]
"NcpPopup"="C:\WINDOWS\ncple\ncppopup.exe" [2005-02-23 12:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-21 21:47]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-22 09:34]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-02 10:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
DESKTOP.INI [2004-03-20 10:58:38]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-06-24 22:02:49]
Event Planner Reminder.lnk - C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe [2005-08-30 18:18:30]
DESKTOP.INI [2004-03-20 10:58:38]
DESKTOP.INI [2004-03-20 10:58:38]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2004-08-07 19:29:12]
"NoAutoUpdate"=0 (0x0)
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"System"=" "
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
@="Service"
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 ncprwsnt;ncprwsnt;C:\WINDOWS\ncple\ncprwsnt.exe
R2 NcpSec;NcpSec;C:\WINDOWS\ncple\ncpsec.exe
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R2 rwsrsu;RwsRsu;C:\WINDOWS\ncple\rwsrsu.exe
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
R3 ncplentp;ASTARO Secure Client Adapter Driver;C:\WINDOWS\system32\DRIVERS\ncplentp.sys
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S2 Ca50xav;Icatch(V) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca50xav.sys
S3 iComp;Hauppauge WinTV PVR USB2 Encoder;C:\WINDOWS\system32\DRIVERS\HCWUSB2.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 USBCamera;Icatch(V) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk50x.sys
S3 UsbFltr;WayTech USB Filter Driver;C:\WINDOWS\system32\Drivers\UsbFltr.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8173d921-ceb0-11d8-9f1f-806d6172696f}]
AutoRun\command- D:\launch.exe +consumerdell
Contents of the 'Scheduled Tasks' folder
"2007-09-03 17:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-07 19:38:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-29 19:22:09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
"2007-09-08 00:34:29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A49CB25B-81A4-40F8-84C3-E302044DE3CA}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-09-08 04:58:01 C:\WINDOWS\Tasks\WebReg 20050721215825.job"
- c:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
Rootkit scan 2007-09-08 13:18:49
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 2007-09-08 13:20
C:\ComboFix2.txt ... 2007-09-06 17:48
woodwitch
14 Posts
0
September 8th, 2007 19:00
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.210 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Shelley S\Desktop\CFScript.txt
* Created a new restore point
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\DataBase.ref
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Log\2007 Sep 05 - 07_34_24 AM_377.log
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\rs.dat
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\CustomScan.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\IgnoreList.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\ScanInfo.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\ScanResults.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\SelectedFolders.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\Settings.stg
C:\Program Files\SpyZooka
C:\Program Files\SpyZooka\bugreport.txt
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
2007-09-06 17:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-06 15:26
2007-09-06 12:24
2007-09-06 00:09 81,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwdrv.sys
2007-09-06 00:09 105,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwhlpr.sys
2007-09-06 00:05 67,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys
2007-09-05 23:15
2007-09-05 18:37 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2007-09-05 13:22 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-09-05 11:53
2007-09-05 11:51
2007-09-05 11:51
2007-09-05 11:50
2007-09-05 10:49
2007-09-04 22:09 82,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2007-09-04 22:09 57,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2007-09-04 22:09 40,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2007-09-04 22:09 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2007-09-04 22:09
2007-09-04 22:09
2007-09-04 22:08 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-09-04 20:33
2007-09-04 20:10
2007-09-03 15:45
2007-09-03 15:45
2007-09-03 10:44
2007-09-03 10:44
2007-09-03 10:41
2007-09-03 10:41
2007-09-02 08:22
2007-08-31 21:11
2007-08-27 17:57 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-06 14:53 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-09-05 10:59 --------- d-------- C:\Program Files\Click'N Design 3D (V5)
2007-09-04 22:31 --------- d-------- C:\Program Files\Games
2007-09-04 18:52 --------- d-------- C:\Program Files\wyvern
2007-08-09 11:31 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-08-05 00:25 --------- d-------- C:\Program Files\CyberLink
2007-08-05 00:17 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-05 00:16 --------- d-------- C:\Program Files\Roxio
2007-08-05 00:16 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-05 00:14 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-04 22:09 206464 --a------ C:\WINDOWS\system32\drivers\udfreadr_xp.sys
2007-08-04 22:09 --------- d-------- C:\Program Files\Common Files\Adaptec Shared
2007-08-04 22:01 --------- d-------- C:\Program Files\ACW
2007-08-04 21:58 --------- d-------- C:\Program Files\Astonsoft
2007-08-02 19:41 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Mysteryville2
2007-08-02 18:58 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\gemsweeperextractedgfx
2007-08-02 18:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-29 19:42 --------- d-------- C:\Program Files\Uniblue
2007-07-29 19:42 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\System Tweaker
2007-07-29 14:19 --------- d-------- C:\Program Files\Sonic
2007-07-29 14:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-07-29 12:22 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Uniblue
2007-07-20 07:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 09:41 --------- d-------- C:\Program Files\QuickTime
2007-07-15 09:37 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 09:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-14 14:39 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-14 14:39 --------- d-------- C:\Program Files\EA Games
2007-07-14 14:10 28624 --a------ C:\WINDOWS\system32\drivers\SECDRV.SYS
2007-07-13 18:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-08 12:38 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Sonic
2007-07-07 23:16 --------- d-------- C:\Program Files\CCleaner
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-04-09 20:09 87608 --a------ C:\DOCUME~1\SHELLE~1\APPLIC~1\ezpinst.exe
2007-04-09 20:09 47360 --a------ C:\DOCUME~1\SHELLE~1\APPLIC~1\pcouffin.sys
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
woodwitch
14 Posts
0
September 8th, 2007 19:00
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.210 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Shelley S\Desktop\CFScript.txt
* Created a new restore point
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\DataBase.ref
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Log\2007 Sep 05 - 07_34_24 AM_377.log
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\rs.dat
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\CustomScan.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\IgnoreList.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\ScanInfo.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\ScanResults.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\SelectedFolders.stg
C:\DOCUME~1\SHELLE~1\APPLICATION DATA\SpywareBot\Settings\Settings.stg
C:\Program Files\SpyZooka
C:\Program Files\SpyZooka\bugreport.txt
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
2007-09-06 17:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-06 15:26
2007-09-06 12:24
2007-09-06 00:09 81,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwdrv.sys
2007-09-06 00:09 105,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwhlpr.sys
2007-09-06 00:05 67,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys
2007-09-05 23:15
2007-09-05 18:37 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2007-09-05 13:22 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-09-05 11:53
2007-09-05 11:51
2007-09-05 11:51
2007-09-05 11:50
2007-09-05 10:49
2007-09-04 22:09 82,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2007-09-04 22:09 57,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2007-09-04 22:09 40,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2007-09-04 22:09 29,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2007-09-04 22:09
2007-09-04 22:09
2007-09-04 22:08 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-09-04 20:33
2007-09-04 20:10
2007-09-03 15:45
2007-09-03 15:45
2007-09-03 10:44
2007-09-03 10:44
2007-09-03 10:41
2007-09-03 10:41
2007-09-02 08:22
2007-08-31 21:11
2007-08-27 17:57 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-06 14:53 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-09-05 10:59 --------- d-------- C:\Program Files\Click'N Design 3D (V5)
2007-09-04 22:31 --------- d-------- C:\Program Files\Games
2007-09-04 18:52 --------- d-------- C:\Program Files\wyvern
2007-08-09 11:31 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-08-05 00:25 --------- d-------- C:\Program Files\CyberLink
2007-08-05 00:17 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-05 00:16 --------- d-------- C:\Program Files\Roxio
2007-08-05 00:16 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-05 00:14 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-04 22:09 206464 --a------ C:\WINDOWS\system32\drivers\udfreadr_xp.sys
2007-08-04 22:09 --------- d-------- C:\Program Files\Common Files\Adaptec Shared
2007-08-04 22:01 --------- d-------- C:\Program Files\ACW
2007-08-04 21:58 --------- d-------- C:\Program Files\Astonsoft
2007-08-02 19:41 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Mysteryville2
2007-08-02 18:58 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\gemsweeperextractedgfx
2007-08-02 18:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-29 19:42 --------- d-------- C:\Program Files\Uniblue
2007-07-29 19:42 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\System Tweaker
2007-07-29 14:19 --------- d-------- C:\Program Files\Sonic
2007-07-29 14:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-07-29 12:22 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Uniblue
2007-07-20 07:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 09:41 --------- d-------- C:\Program Files\QuickTime
2007-07-15 09:37 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 09:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-14 14:39 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-14 14:39 --------- d-------- C:\Program Files\EA Games
2007-07-14 14:10 28624 --a------ C:\WINDOWS\system32\drivers\SECDRV.SYS
2007-07-13 18:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-08 12:38 --------- d-------- C:\DOCUME~1\SHELLE~1\APPLIC~1\Sonic
2007-07-07 23:16 --------- d-------- C:\Program Files\CCleaner
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-04-09 20:09 87608 --a------ C:\DOCUME~1\SHELLE~1\APPLIC~1\ezpinst.exe
2007-04-09 20:09 47360 --a------ C:\DOCUME~1\SHELLE~1\APPLIC~1\pcouffin.sys
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
Bugbatter
3 Apprentice
•
20.5K Posts
0
September 8th, 2007 20:00
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1694eebf6650ad299803/netzip/RdxIE601.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
Close all windows except HijackThis and click "Fix Checked". Close HijackThis and reboot.
Run Disk Cleanup in each user's profile:
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.
Please let me know how things are running after that. Thanks.
woodwitch
14 Posts
0
September 8th, 2007 20:00