Computer Hope
Software => Computer viruses and spyware => Topic started by: jonnyD on March 18, 2009, 05:40:16 PM
-
You may recognize the instructions below from your malware preparation bulletin.
Step 6: HijackThis
Please run HijackThis only after the above steps have been completed
Download and rename HijackThis.exe (HJT)
* Double-click on HJTInstall.
* Click on the Install button.
* It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
* Upon install, HijackThis should open for you.
* Close HijackThis and rename it.
* Go to C:\Program Files\Trend Micro\HijackThis.exe
* Right click on HijackThis.exe and select Rename.
* Type in sniper.exe and press Enter.
* Right-click on sniper.exe and select Send To > Desktop (create shortcut)
I already had HijackThis installed but I re-installed it. Stilll, inside the Trend Micro folder, there was no HijackThis.exe file, only a Backups folder, hijackthis text document and a HijackThis icon which opens the program when you double-click it. I did a search and the HijackThis.exe file did not show up. Is it necessary to rename this file to sniper.exe (and why do you do that, anyway)?
I have initiated this malware removal process because I started getting this error when starting up: "Error loading dll32 The specified module could not be found." I cannot open my web browser (Firefox) now on my user account. I'm assuming the error message relates to the browser problem. So I now have to go into my daughter's user account to get online and begin this process of communicating with you. By the way, I have given her account administrator rights so I can proceed. I have done all the steps in your prepatory bulletin up to the "HijackThis - rename to sniper" step and now am hitting this snag of not finding the HijackThis.exe file. What do you propose?
-
and a HijackThis icon which opens the program when you double-click it.
That's what you need to rename.
-
OK, I changed the icon name to sniper.exe and put it on the desktop.
Once again, currently, the main problem is that I get the following error message when I log on to my user account: "Error Loading dll32 The specified module could not be found". And then I cannot open my Firefox browser. I get this error mesage: "Proxy Server Refused Connection. Firefox is configured to use a proxy server that is refusing connections."(I'm assuming the dll32 file has something to do with that). I even tried inserting my Windows XP disc to have that file repaired but it did not seem to work. I have to switch user accounts so that I can get on the internet.
Here are the logs: (I've also included and AVG report at the end to show you what it detected)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/18/2009 at 05:57 PM
Application Version : 4.25.1014
Core Rules Database Version : 3803
Trace Rules Database Version: 1758
Scan type : Complete Scan
Total Scan Time : 02:39:48
Memory items scanned : 428
Memory threats detected : 0
Registry items scanned : 6176
Registry threats detected : 112
File items scanned : 95255
File threats detected : 56
Adware.MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1960408961-448539723-725345543-1006\SOFTWARE\MyWebSearch
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#NextInstance
Adware.Tracking Cookie
www3.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.videoegg.adbureau.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
tracker.mediatracker.co.nz [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.gaiainteractive.112.2o7.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.stats.adbrite.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.earthlinkfinder.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.aaotracker.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.aaotracker.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
www8.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
www7.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
ads.gamesbannernet.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
ads.gamesbannernet.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
C:\Documents and Settings\David\Cookies\david@smileycentral[1].txt
C:\Documents and Settings\Leanne\Cookies\[email protected][1].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
C:\Documents and Settings\user pc\Cookies\user pc@apmebf[2].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
C:\Documents and Settings\user pc\Cookies\user pc@collective-media[2].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt
C:\Documents and Settings\user pc\Cookies\user pc@earthlinkfinder[1].txt
C:\Documents and Settings\user pc\Cookies\user pc@insightexpressai[1].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
Malwarebytes' Anti-Malware 1.34
Database version: 1866
Windows 5.1.2600 Service Pack 3
3/18/2009 6:58:30 PM
mbam-log-2009-03-18 (18-58-30).txt
Scan type: Quick Scan
Objects scanned: 93990
Time elapsed: 10 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:54 PM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'user pc')
O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [dll] rundll32 dll32,sm (User 'user pc')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175397160937
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9028 bytes
AVG Anti-Virus free edition "scan whole computer" report:
8.0.238
"C:\Documents and Settings\user pc\Local Settings\Temp\tt_1237291175.exe";"Trojan horse SHeur2.WHB";"Moved to Virus Vault"
"C:\Documents and Settings\user pc\Local Settings\Temp\tt_1237294987.exe";"Trojan horse SHeur2.WHB";"Moved to Virus Vault"
"C:\Documents and Settings\user pc\Local Settings\Temp\wJQs.exe";"Trojan horse SHeur2.QVU";"Moved to Virus Vault"
"C:\windows\ld02.exe";"Trojan horse SHeur2.WGW";"Moved to Virus Vault"
"C:\windows\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault"
"C:\windows\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault"
"C:\WINDOWS\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault"
"C:\WINDOWS\pp03.exe (172)";"Trojan horse SHeur2.WHP";"Reboot is required to finish the action"
"C:\WINDOWS\system32\dll32.dll";"Trojan horse Pakes.CTG";"Moved to Virus Vault"
"C:\WINDOWS\system32\dll32.dll";"Trojan horse Pakes.CTG";"Infected"
"C:\WINDOWS\system32\rundll32.exe (208)";"Trojan horse Pakes.CTG";"Reboot is required to finish the action"
-
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search
- O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [dll] rundll32 dll32,sm (User \'user pc\')
.
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
For some reason, I am unable to disable the Anti-Virus and Anti-Spyware components of the AVG free edition. There's nothing to uncheck ???
-
Just right click the AVG tray icon and choose to stop or exit. Run ComboFix and if anything tries to stop it from running then just allow it instead of blocking it.
-
ComboFix 09-03-18.01 - Becky 2009-03-19 0:49:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1182 [GMT -4:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\notepad.exe
c:\documents and settings\Becky\Desktop\notepad.exe
c:\documents and settings\user pc\Desktop\notepad.exe
c:\documents and settings\user pc\Desktop\Shared\b.bking\desktop_.ini
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\mdm.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-18 19:09 . 2009-03-18 19:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-18 18:42 . 2009-03-18 18:42 <DIR> d-------- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-03-18 18:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 . 2009-03-18 18:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 . 2009-03-18 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 18:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
2009-03-18 15:04 . 2009-03-18 15:04 <DIR> d-------- c:\program files\CCleaner
2009-03-17 16:44 . 2009-03-17 16:44 <DIR> d--hs---- C:\found.000
2009-03-17 15:50 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:50 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 15:47 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-17 15:46 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 15:45 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-03-17 15:44 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 15:43 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-17 15:42 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 15:41 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 15:40 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 15:33 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 15:32 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 15:31 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-03-17 15:30 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-17 15:30 . 2008-04-13 14:46 53,376 --a--c--- c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys
2009-03-17 00:05 . 2009-03-17 00:05 0 --a------ c:\windows\system32\nfr.gpref
2009-03-17 00:05 . 2009-03-17 00:05 0 --a------ c:\windows\system32\nfr.assembly
2009-03-16 23:50 . 2009-03-16 23:50 1 --a------ c:\windows\9g234sdfdfgjf23
2009-03-16 22:24 . 2009-03-16 22:24 2 ---h----- c:\windows\t55ft2807f44.dat
2009-03-11 21:16 . 2009-03-11 21:16 <DIR> d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 04:11 --------- d-----w c:\documents and settings\user pc\Application Data\WTablet
2009-03-18 23:12 --------- d-----w c:\program files\Java
2009-03-18 19:00 --------- d-----w c:\program files\Lavasoft
2009-03-18 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-17 09:26 --------- d-----w c:\documents and settings\user pc\Application Data\uTorrent
2009-03-15 21:35 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 21:34 202,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-15 04:15 --------- d-----w c:\documents and settings\user pc\Application Data\DVD Flick
2009-03-15 01:38 --------- d-----w c:\documents and settings\user pc\Application Data\dvdcss
2009-03-07 17:20 --------- d-----w c:\program files\Ahead
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\ZoomBrowser EX
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\CameraWindowDC
2009-02-25 15:41 --------- d-----w c:\documents and settings\user pc\Application Data\AVGTOOLBAR
2009-02-12 16:12 --------- d-----w c:\program files\Google
2009-02-11 02:24 34 ----a-w c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-10 04:35 --------- d-----w c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
2009-02-10 04:19 --------- d-----w c:\documents and settings\Leanne\Application Data\vlc
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 03:08 --------- d-----w c:\documents and settings\Leanne\Application Data\Apple Computer
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\WTablet
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\Network Associates
2009-02-09 02:42 --------- d-----w c:\documents and settings\Becky\Application Data\AVGTOOLBAR
2009-02-09 02:38 --------- d-----w c:\documents and settings\Becky\Application Data\vlc
2009-02-05 18:37 --------- d-----w c:\documents and settings\user pc\Application Data\vlc
2009-02-05 18:16 --------- d-----w c:\program files\VideoLAN
2009-02-03 19:16 --------- d-----w c:\program files\Improvisation
2009-01-27 15:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-27 15:56 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-27 15:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-25 05:54 --------- d-----w c:\documents and settings\user pc\Application Data\Any Video Converter
2009-01-24 22:06 --------- d-----w c:\program files\AVG
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-27 02:22 24 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
--a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:dll32
"7171:TCP"= 7171:TCP:dll32
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-DT Task - c:\program files\Gateway\EzTune\DTHtml.exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 00:52:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus]
@DACL=(02 0000)
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID]
@DACL=(02 0000)
@="MyWebSearchToolBar.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib]
@DACL=(02 0000)
@="{07B18EA0-A523-4961-B6BB-170DE4475CCA}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version]
@DACL=(02 0000)
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyWebSearchToolBar.SettingsPlugin"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\shdocvw.dll"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance]
@DACL=(02 0000)
"CLSID"="{4D5C8C2A-D075-11d0-B416-00C04FB90376}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID]
@DACL=(02 0000)
@="MyWebSearchToolBar.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib]
@DACL=(02 0000)
@="{07B18EA0-A523-4961-B6BB-170DE4475CCA}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyWebSearchToolBar.ToolbarPlugin"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
@DACL=(02 0000)
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
@DACL=(02 0000)
@="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
@DACL=(02 0000)
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
@DACL=(02 0000)
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID]
@DACL=(02 0000)
@="MyWebSearch.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
@DACL=(02 0000)
@="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
@DACL=(02 0000)
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyWebSearch.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
@DACL=(02 0000)
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
@DACL=(02 0000)
@="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
@DACL=(02 0000)
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs]
@DACL=(02 0000)
@="{A9571378-68A1-443d-B082-284F960C6D17}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3OUTLCN.DLL"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID]
@DACL=(02 0000)
@="MyWebSearch.OutlookAddin.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyWebSearch.OutlookAddin"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]
@DACL=(02 0000)
@="{D518921A-4A03-425E-9873-B9A71756821E}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]
@DACL=(02 0000)
@="HtmldocPlugin 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550]
@DACL=(02 0000)
"Analog 0.700,0.300Caps"="vcp(02 04 05 06 08 0E 10 12 14(01 05 08 0B) 16 18 1A 1E 20 30 3E 52 60(01 03) 68 AC AE B2 B6 C0 C6 C8 C9 CA D6(01 04) DF FA FB FC FD FE AA(01 04)) vcp_p2(37 38 39 3B) type(LCD) mccs_ver(2.0) asset_eep(64) mpu(0.04)"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-19 0:54:11
ComboFix-quarantined-files.txt 2009-03-19 04:54:07
Pre-Run: 31,787,245,568 bytes free
Post-Run: 32,360,882,176 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
376 --- E O F --- 2009-03-13 22:12:01
-
I just did a search about the original error I received: "error loading dll32". I saw somebody's response to their browser not being able to access the internet (like my problem). Apparently changed the proxy settings (which I had no idea what that was, but Googled and found how to change them on firefox). I looked at the proxy settings on an uncorrupted user account and saw how they were set "No Proxy". My corrupted user account was set for manual with a particular port. When I changed it to "No Proxy", voila, internet access.
-
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
RegLock::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID]
[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]
[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]
[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]
Folder::
C:\found.000
c:\windows\system32\nfr.gpref
c:\windows\system32\nfr.assembly
c:\windows\9g234sdfdfgjf23
File::
c:\windows\system32\nfr.assembly
C:\found.000
c:\windows\t55ft2807f44.dat
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"=-
"7171:TCP"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
ComboFix 09-03-18.01 - Becky 2009-03-19 11:37:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1092 [GMT -4:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
FILE ::
C:\found.000
c:\windows\system32\nfr.assembly
c:\windows\t55ft2807f44.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Becky\Desktop\notepad.exe
C:\found.000
c:\found.000\file0000.chk
c:\windows\9g234sdfdfgjf23\
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref\
c:\windows\t55ft2807f44.dat
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-18 19:09 . 2009-03-18 19:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-18 18:42 . 2009-03-18 18:42 <DIR> d-------- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-03-18 18:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 . 2009-03-18 18:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 . 2009-03-18 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 18:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
2009-03-18 15:04 . 2009-03-18 15:04 <DIR> d-------- c:\program files\CCleaner
2009-03-17 15:50 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:50 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 15:47 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-17 15:46 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 15:45 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-03-17 15:44 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 15:43 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-17 15:42 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 15:41 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 15:40 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 15:33 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 15:32 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 15:31 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-03-17 15:30 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-17 15:30 . 2008-04-13 14:46 53,376 --a--c--- c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys
2009-03-17 00:05 . 2009-03-17 00:05 0 --a------ c:\windows\system32\nfr.gpref
2009-03-16 23:50 . 2009-03-16 23:50 1 --a------ c:\windows\9g234sdfdfgjf23
2009-03-11 21:16 . 2009-03-11 21:16 <DIR> d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 15:29 --------- d-----w c:\documents and settings\user pc\Application Data\WTablet
2009-03-18 23:12 --------- d-----w c:\program files\Java
2009-03-18 19:00 --------- d-----w c:\program files\Lavasoft
2009-03-18 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-17 09:26 --------- d-----w c:\documents and settings\user pc\Application Data\uTorrent
2009-03-15 21:35 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 04:15 --------- d-----w c:\documents and settings\user pc\Application Data\DVD Flick
2009-03-15 01:38 --------- d-----w c:\documents and settings\user pc\Application Data\dvdcss
2009-03-07 17:20 --------- d-----w c:\program files\Ahead
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\ZoomBrowser EX
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\CameraWindowDC
2009-02-25 15:41 --------- d-----w c:\documents and settings\user pc\Application Data\AVGTOOLBAR
2009-02-12 16:12 --------- d-----w c:\program files\Google
2009-02-11 02:24 34 ----a-w c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-10 04:35 --------- d-----w c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
2009-02-10 04:19 --------- d-----w c:\documents and settings\Leanne\Application Data\vlc
2009-02-09 03:08 --------- d-----w c:\documents and settings\Leanne\Application Data\Apple Computer
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\WTablet
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\Network Associates
2009-02-09 02:42 --------- d-----w c:\documents and settings\Becky\Application Data\AVGTOOLBAR
2009-02-09 02:38 --------- d-----w c:\documents and settings\Becky\Application Data\vlc
2009-02-05 18:37 --------- d-----w c:\documents and settings\user pc\Application Data\vlc
2009-02-05 18:16 --------- d-----w c:\program files\VideoLAN
2009-02-03 19:16 --------- d-----w c:\program files\Improvisation
2009-01-27 15:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-27 15:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-25 05:54 --------- d-----w c:\documents and settings\user pc\Application Data\Any Video Converter
2009-01-24 22:06 --------- d-----w c:\program files\AVG
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-27 02:22 24 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-19_ 0.53.12.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\admxprox.dll
+ 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\admxprox.dll
- 2002-08-29 12:00:00 49,664 -c--a-w c:\windows\system32\dllcache\adrot.dll
+ 2004-08-04 01:07:00 49,664 -c--a-w c:\windows\system32\dllcache\adrot.dll
- 2002-08-29 12:00:00 10,240 -c--a-w c:\windows\system32\dllcache\aspperf.dll
+ 2004-08-04 01:07:00 10,240 -c--a-w c:\windows\system32\dllcache\aspperf.dll
- 2002-08-29 12:00:00 29,184 -c--a-w c:\windows\system32\dllcache\asptxn.dll
+ 2004-08-04 01:07:00 29,184 -c--a-w c:\windows\system32\dllcache\asptxn.dll
- 2002-08-29 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\authfilt.dll
+ 2004-08-04 01:07:00 9,216 -c--a-w c:\windows\system32\dllcache\authfilt.dll
- 2002-08-29 12:00:00 45,568 -c--a-w c:\windows\system32\dllcache\browscap.dll
+ 2004-08-04 01:07:00 45,568 -c--a-w c:\windows\system32\dllcache\browscap.dll
- 2002-08-29 12:00:00 6,656 -c--a-w c:\windows\system32\dllcache\c_is2022.dll
+ 2004-08-04 01:07:00 6,656 -c--a-w c:\windows\system32\dllcache\c_is2022.dll
- 2002-08-29 12:00:00 10,752 -c--a-w c:\windows\system32\dllcache\c_iscii.dll
+ 2004-08-04 01:07:00 10,752 -c--a-w c:\windows\system32\dllcache\c_iscii.dll
- 2002-08-29 12:00:00 54,528 -c--a-w c:\windows\system32\dllcache\cap7146.sys
+ 2004-08-04 01:07:00 54,528 -c--a-w c:\windows\system32\dllcache\cap7146.sys
- 2002-08-29 12:00:00 9,728 -c--a-w c:\windows\system32\dllcache\change.exe
+ 2004-08-04 01:07:00 9,728 -c--a-w c:\windows\system32\dllcache\change.exe
- 2002-08-29 12:00:00 13,312 -c--a-w c:\windows\system32\dllcache\chglogon.exe
+ 2004-08-04 01:07:00 13,312 -c--a-w c:\windows\system32\dllcache\chglogon.exe
- 2002-08-29 12:00:00 15,872 -c--a-w c:\windows\system32\dllcache\chgport.exe
+ 2004-08-04 01:07:00 15,872 -c--a-w c:\windows\system32\dllcache\chgport.exe
- 2002-08-29 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\chgusr.exe
+ 2004-08-04 01:07:00 14,336 -c--a-w c:\windows\system32\dllcache\chgusr.exe
- 2002-08-29 12:00:00 1,677,824 -c--a-w c:\windows\system32\dllcache\chsbrkr.dll
+ 2004-08-04 01:07:00 1,677,824 -c--a-w c:\windows\system32\dllcache\chsbrkr.dll
- 2002-08-29 12:00:00 838,144 -c--a-w c:\windows\system32\dllcache\chtbrkr.dll
+ 2004-08-04 01:07:00 838,144 -c--a-w c:\windows\system32\dllcache\chtbrkr.dll
- 2002-08-29 12:00:00 33,792 -c--a-w c:\windows\system32\dllcache\controt.dll
+ 2004-08-04 01:07:00 33,792 -c--a-w c:\windows\system32\dllcache\controt.dll
- 2002-08-29 12:00:00 56,320 -c--a-w c:\windows\system32\dllcache\convlog.exe
+ 2004-08-04 01:07:00 56,320 -c--a-w c:\windows\system32\dllcache\convlog.exe
- 2002-08-29 12:00:00 20,480 -c--a-w c:\windows\system32\dllcache\counters.dll
+ 2004-08-04 01:07:00 20,480 -c--a-w c:\windows\system32\dllcache\counters.dll
- 2002-08-29 12:00:00 18,944 -c--a-w c:\windows\system32\dllcache\cprofile.exe
+ 2004-08-04 01:07:00 18,944 -c--a-w c:\windows\system32\dllcache\cprofile.exe
- 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\esucmd.dll
+ 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\esucmd.dll
- 2002-08-29 12:00:00 57,856 -c--a-w c:\windows\system32\dllcache\esuimgd.dll
+ 2004-08-04 01:07:00 57,856 -c--a-w c:\windows\system32\dllcache\esuimgd.dll
- 2002-08-29 12:00:00 45,056 -c--a-w c:\windows\system32\dllcache\esunid.dll
+ 2004-08-04 01:07:00 45,056 -c--a-w c:\windows\system32\dllcache\esunid.dll
- 2002-08-29 12:00:00 25,856 -c--a-w c:\windows\system32\dllcache\et4000.sys
+ 2004-08-04 01:07:00 25,856 -c--a-w c:\windows\system32\dllcache\et4000.sys
- 2002-08-29 12:00:00 14,848 -c--a-w c:\windows\system32\dllcache\flattemp.exe
+ 2004-08-04 01:07:00 14,848 -c--a-w c:\windows\system32\dllcache\flattemp.exe
- 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\ftlx041e.dll
+ 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\ftlx041e.dll
- 2002-08-29 12:00:00 7,680 -c--a-w c:\windows\system32\dllcache\ftpctrs2.dll
+ 2004-08-04 01:07:00 7,680 -c--a-w c:\windows\system32\dllcache\ftpctrs2.dll
- 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll
+ 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll
- 2002-08-29 12:00:00 111,104 -c--a-w c:\windows\system32\dllcache\fxscfgwz.dll
+ 2004-08-04 01:07:00 111,104 -c--a-w c:\windows\system32\dllcache\fxscfgwz.dll
- 2002-08-29 12:00:00 132,608 -c--a-w c:\windows\system32\dllcache\fxsclntr.dll
+ 2004-08-04 01:07:00 132,608 -c--a-w c:\windows\system32\dllcache\fxsclntr.dll
- 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\fxsroute.dll
+ 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\fxsroute.dll
- 2002-08-29 12:00:00 11,264 -c--a-w c:\windows\system32\dllcache\fxssend.exe
+ 2004-08-04 01:07:00 11,264 -c--a-w c:\windows\system32\dllcache\fxssend.exe
- 2002-08-29 12:00:00 36,864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
+ 2004-08-04 01:07:00 36,864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
- 2002-08-29 12:00:00 10,096,640 -c--a-w c:\windows\system32\dllcache\hwxcht.dll
+ 2004-08-04 01:07:00 10,096,640 -c--a-w c:\windows\system32\dllcache\hwxcht.dll
- 2002-08-29 12:00:00 10,129,408 -c--a-w c:\windows\system32\dllcache\hwxkor.dll
+ 2004-08-04 01:07:00 10,129,408 -c--a-w c:\windows\system32\dllcache\hwxkor.dll
- 2002-08-29 12:00:00 60,928 -c--a-w c:\windows\system32\dllcache\iisclex4.dll
+ 2004-08-04 01:07:00 60,928 -c--a-w c:\windows\system32\dllcache\iisclex4.dll
- 2002-08-29 12:00:00 19,456 -c--a-w c:\windows\system32\dllcache\iiscrmap.dll
+ 2004-08-04 01:07:00 19,456 -c--a-w c:\windows\system32\dllcache\iiscrmap.dll
- 2002-08-29 12:00:00 3,584 -c--a-w c:\windows\system32\dllcache\iismui.dll
+ 2004-08-04 01:07:00 3,584 -c--a-w c:\windows\system32\dllcache\iismui.dll
- 2002-08-29 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\iisreset.exe
+ 2004-08-04 01:07:00 14,336 -c--a-w c:\windows\system32\dllcache\iisreset.exe
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll
- 2002-08-29 12:00:00 6,656 -c--a-w c:\windows\system32\dllcache\iissync.exe
+ 2004-08-04 01:07:00 6,656 -c--a-w c:\windows\system32\dllcache\iissync.exe
- 2002-08-29 12:00:00 169,984 -c--a-w c:\windows\system32\dllcache\iisui.dll
+ 2004-08-04 01:07:00 169,984 -c--a-w c:\windows\system32\dllcache\iisui.dll
- 2002-08-29 12:00:00 44,032 -c--a-w c:\windows\system32\dllcache\imekrmig.exe
+ 2004-08-04 01:07:00 44,032 -c--a-w c:\windows\system32\dllcache\imekrmig.exe
- 2002-08-29 12:00:00 102,463 -c--a-w c:\windows\system32\dllcache\imepadsm.dll
+ 2004-08-04 01:07:00 102,463 -c--a-w c:\windows\system32\dllcache\imepadsm.dll
- 2002-08-29 12:00:00 311,359 -c--a-w c:\windows\system32\dllcache\imepadsv.exe
+ 2004-08-04 01:07:00 311,359 -c--a-w c:\windows\system32\dllcache\imepadsv.exe
- 2002-08-29 12:00:00 57,398 -c--a-w c:\windows\system32\dllcache\imjpdadm.exe
+ 2004-08-04 01:07:00 57,398 -c--a-w c:\windows\system32\dllcache\imjpdadm.exe
- 2002-08-29 12:00:00 45,109 -c--a-w c:\windows\system32\dllcache\imjpuex.exe
+ 2004-08-04 01:07:00 45,109 -c--a-w c:\windows\system32\dllcache\imjpuex.exe
- 2002-08-29 12:00:00 59,904 -c--a-w c:\windows\system32\dllcache\imkrinst.exe
+ 2004-08-04 01:07:00 59,904 -c--a-w c:\windows\system32\dllcache\imkrinst.exe
- 2002-08-29 12:00:00 471,102 -c--a-w c:\windows\system32\dllcache\imskdic.dll
+ 2004-08-04 01:07:00 471,102 -c--a-w c:\windows\system32\dllcache\imskdic.dll
- 2002-08-29 12:00:00 7,680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
+ 2004-08-04 01:07:00 7,680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
- 2002-08-29 12:00:00 19,968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll
+ 2004-08-04 01:07:00 19,968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll
- 2002-08-29 12:00:00 8,704 -c--a-w c:\windows\system32\dllcache\infoctrs.dll
+ 2004-08-04 01:07:00 8,704 -c--a-w c:\windows\system32\dllcache\infoctrs.dll
- 2002-08-29 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\isapips.dll
+ 2004-08-04 01:07:00 7,168 -c--a-w c:\windows\system32\dllcache\isapips.dll
- 2002-08-29 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\iwrps.dll
+ 2004-08-04 01:07:00 9,216 -c--a-w c:\windows\system32\dllcache\iwrps.dll
- 2002-08-29 12:00:00 18,432 -c--a-w c:\windows\system32\dllcache\jupiw.dll
+ 2004-08-04 01:07:00 18,432 -c--a-w c:\windows\system32\dllcache\jupiw.dll
- 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbd101a.dll
+ 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\kbd101a.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda1.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda1.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda2.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda2.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda3.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda3.dll
- 2002-08-29 12:00:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdarme.dll
+ 2004-08-04 01:07:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdarme.dll
- 2002-08-29 12:00:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdarmw.dll
+ 2004-08-04 01:07:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdarmw.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbddiv1.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbddiv1.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbddiv2.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbddiv2.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdfa.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdfa.dll
- 2002-08-29 12:00:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdgeo.dll
+ 2004-08-04 01:07:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdgeo.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdheb.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdheb.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdindev.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdindev.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinguj.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinguj.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinhin.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinhin.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinkan.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinkan.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinmar.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinmar.dll
- 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdinpun.dll
+ 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdinpun.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdintam.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdintam.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdintel.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdintel.dll
- 2002-08-29 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\kbdnec95.dll
+ 2004-08-04 01:07:00 7,168 -c--a-w c:\windows\system32\dllcache\kbdnec95.dll
- 2002-08-29 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll
+ 2004-08-04 01:07:00 9,216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll
- 2002-08-29 12:00:00 7,680 -c--a-w c:\windows\system32\dllcache\kbdnecnt.dll
+ 2004-08-04 01:07:00 7,680 -c--a-w c:\windows\system32\dllcache\kbdnecnt.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdsyr1.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdsyr1.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdsyr2.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdsyr2.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdth0.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdth0.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdth1.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdth1.dll
- 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdth2.dll
+ 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdth2.dll
- 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdth3.dll
+ 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdth3.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdurdu.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdurdu.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdusa.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdusa.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdvntc.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdvntc.dll
- 2002-08-29 12:00:00 70,656 -c--a-w c:\windows\system32\dllcache\korwbrkr.dll
+ 2004-08-04 01:07:00 70,656 -c--a-w c:\windows\system32\dllcache\korwbrkr.dll
- 2002-08-29 12:00:00 22,016 -c--a-w c:\windows\system32\dllcache\logscrpt.dll
+ 2004-08-04 01:07:00 22,016 -c--a-w c:\windows\system32\dllcache\logscrpt.dll
- 2002-08-29 12:00:00 26,624 -c--a-w c:\windows\system32\dllcache\mdsync.dll
+ 2004-08-04 01:07:00 26,624 -c--a-w c:\windows\system32\dllcache\mdsync.dll
- 2002-08-29 12:00:00 92,032 -c--a-w c:\windows\system32\dllcache\mga.dll
+ 2004-08-04 01:07:00 92,032 -c--a-w c:\windows\system32\dllcache\mga.dll
- 2002-08-29 12:00:00 92,416 -c--a-w c:\windows\system32\dllcache\mga.sys
+ 2004-08-04 01:07:00 92,416 -c--a-w c:\windows\system32\dllcache\mga.sys
- 2002-08-29 12:00:00 34,304 -c--a-w c:\windows\system32\dllcache\migisol.exe
+ 2004-08-04 01:07:00 34,304 -c--a-w c:\windows\system32\dllcache\migisol.exe
- 2002-08-29 12:00:00 98,304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll
+ 2004-08-04 01:07:00 98,304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll
- 2002-08-29 12:00:00 229,439 -c--a-w c:\windows\system32\dllcache\multibox.dll
+ 2004-08-04 01:07:00 229,439 -c--a-w c:\windows\system32\dllcache\multibox.dll
- 2002-08-29 12:00:00 53,248 -c--a-w c:\windows\system32\dllcache\nextlink.dll
+ 2004-08-04 01:07:00 53,248 -c--a-w c:\windows\system32\dllcache\nextlink.dll
- 2002-08-29 12:00:00 36,927 -c--a-w c:\windows\system32\dllcache\padrs411.dll
+ 2004-08-04 01:07:00 36,927 -c--a-w c:\windows\system32\dllcache\padrs411.dll
- 2002-08-29 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\padrs412.dll
+ 2004-08-04 01:07:00 14,336 -c--a-w c:\windows\system32\dllcache\padrs412.dll
- 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\pagecnt.dll
+ 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\pagecnt.dll
- 2002-08-29 12:00:00 20,992 -c--a-w c:\windows\system32\dllcache\permchk.dll
+ 2004-08-04 01:07:00 20,992 -c--a-w c:\windows\system32\dllcache\permchk.dll
- 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\pmxgl.dll
+ 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\pmxgl.dll
- 2002-08-29 12:00:00 11,264 -c--a-w c:\windows\system32\dllcache\pmxmcro.dll
+ 2004-08-04 01:07:00 11,264 -c--a-w c:\windows\system32\dllcache\pmxmcro.dll
- 2002-08-29 12:00:00 131,584 -c--a-w c:\windows\system32\dllcache\pmxviceo.dll
+ 2004-08-04 01:07:00 131,584 -c--a-w c:\windows\system32\dllcache\pmxviceo.dll
- 2002-08-29 12:00:00 9,728 -c--a-w c:\windows\system32\dllcache\query.exe
+ 2004-08-04 01:07:00 9,728 -c--a-w c:\windows\system32\dllcache\query.exe
- 2002-08-29 12:00:00 16,384 -c--a-w c:\windows\system32\dllcache\quser.exe
+ 2004-08-04 01:07:00 16,384 -c--a-w c:\windows\system32\dllcache\quser.exe
- 2002-08-29 12:00:00 14,848 -c--a-w c:\windows\system32\dllcache\register.exe
+ 2004-08-04 01:07:00 14,848 -c--a-w c:\windows\system32\dllcache\register.exe
- 2002-08-29 12:00:00 79,872 -c--a-w c:\windows\system32\dllcache\rwia001.dll
+ 2004-08-04 01:07:00 79,872 -c--a-w c:\windows\system32\dllcache\rwia001.dll
- 2002-08-29 12:00:00 79,872 -c--a-w c:\windows\system32\dllcache\rwia330.dll
+ 2004-08-04 01:07:00 79,872 -c--a-w c:\windows\system32\dllcache\rwia330.dll
- 2002-08-29 12:00:00 18,944 -c--a-w c:\windows\system32\dllcache\simptcp.dll
+ 2004-08-04 01:07:00 18,944 -c--a-w c:\windows\system32\dllcache\simptcp.dll
- 2002-08-29 12:00:00 25,088 -c--a-w c:\windows\system32\dllcache\sm59w.dll
+ 2004-08-04 01:07:00 25,088 -c--a-w c:\windows\system32\dllcache\sm59w.dll
- 2002-08-29 12:00:00 30,208 -c--a-w c:\windows\system32\dllcache\sm81w.dll
+ 2004-08-04 01:07:00 30,208 -c--a-w c:\windows\system32\dllcache\sm81w.dll
- 2002-08-29 12:00:00 30,208 -c--a-w c:\windows\system32\dllcache\sm87w.dll
+ 2004-08-04 01:07:00 30,208 -c--a-w c:\windows\system32\dllcache\sm87w.dll
- 2002-08-29 12:00:00 26,112 -c--a-w c:\windows\system32\dllcache\sm89w.dll
+ 2004-08-04 01:07:00 26,112 -c--a-w c:\windows\system32\dllcache\sm89w.dll
- 2002-08-29 12:00:00 26,112 -c--a-w c:\windows\system32\dllcache\sm8aw.dll
+ 2004-08-04 01:07:00 26,112 -c--a-w c:\windows\system32\dllcache\sm8aw.dll
- 2002-08-29 12:00:00 29,184 -c--a-w c:\windows\system32\dllcache\sm8cw.dll
+ 2004-08-04 01:07:00 29,184 -c--a-w c:\windows\system32\dllcache\sm8cw.dll
- 2002-08-29 12:00:00 26,112 -c--a-w c:\windows\system32\dllcache\sm8dw.dll
+ 2004-08-04 01:07:00 26,112 -c--a-w c:\windows\system32\dllcache\sm8dw.dll
- 2002-08-29 12:00:00 26,112 -c--a-w c:\windows\system32\dllcache\sm90w.dll
+ 2004-08-04 01:07:00 26,112 -c--a-w c:\windows\system32\dllcache\sm90w.dll
- 2002-08-29 12:00:00 26,624 -c--a-w c:\windows\system32\dllcache\sm92w.dll
+ 2004-08-04 01:07:00 26,624 -c--a-w c:\windows\system32\dllcache\sm92w.dll
- 2002-08-29 12:00:00 26,624 -c--a-w c:\windows\system32\dllcache\sm93w.dll
+ 2004-08-04 01:07:00 26,624 -c--a-w c:\windows\system32\dllcache\sm93w.dll
- 2002-08-29 12:00:00 38,912 -c--a-w c:\windows\system32\dllcache\sm9aw.dll
+ 2004-08-04 01:07:00 38,912 -c--a-w c:\windows\system32\dllcache\sm9aw.dll
- 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\sma3w.dll
+ 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\sma3w.dll
- 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\smb6w.dll
+ 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\smb6w.dll
- 2002-08-29 12:00:00 15,872 -c--a-w c:\windows\system32\dllcache\smierrsm.dll
+ 2004-08-04 01:07:00 15,872 -c--a-w c:\windows\system32\dllcache\smierrsm.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\smierrsy.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\smierrsy.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\smimsgif.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\smimsgif.dll
- 2002-08-29 12:00:00 10,240 -c--a-w c:\windows\system32\dllcache\snmpstup.dll
+ 2004-08-04 01:07:00 10,240 -c--a-w c:\windows\system32\dllcache\snmpstup.dll
- 2002-08-29 12:00:00 143,422 -c--a-w c:\windows\system32\dllcache\softkey.dll
+ 2004-08-04 01:07:00 143,422 -c--a-w c:\windows\system32\dllcache\softkey.dll
- 2002-08-29 12:00:00 101,376 -c--a-w c:\windows\system32\dllcache\srusbusd.dll
+ 2004-08-04 01:07:00 101,376 -c--a-w c:\windows\system32\dllcache\srusbusd.dll
- 2002-08-29 12:00:00 16,896 -c--a-w c:\windows\system32\dllcache\status.dll
+ 2004-08-04 01:07:00 16,896 -c--a-w c:\windows\system32\dllcache\status.dll
- 2002-08-29 12:00:00 13,192 -c--a-w c:\windows\system32\dllcache\tdasync.sys
+ 2004-08-04 01:07:00 13,192 -c--a-w c:\windows\system32\dllcache\tdasync.sys
- 2002-08-29 12:00:00 21,896 -c--a-w c:\windows\system32\dllcache\tdipx.sys
+ 2004-08-04 01:07:00 21,896 -c--a-w c:\windows\system32\dllcache\tdipx.sys
- 2002-08-29 12:00:00 19,464 -c--a-w c:\windows\system32\dllcache\tdspx.sys
+ 2004-08-04 01:07:00 19,464 -c--a-w c:\windows\system32\dllcache\tdspx.sys
- 2002-08-29 12:00:00 185,344 -c--a-w c:\windows\system32\dllcache\thawbrkr.dll
+ 2004-08-04 01:07:00 185,344 -c--a-w c:\windows\system32\dllcache\thawbrkr.dll
- 2002-08-29 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\tsprof.exe
+ 2004-08-04 01:07:00 14,336 -c--a-w c:\windows\system32\dllcache\tsprof.exe
- 2002-08-29 12:00:00 48,256 -c--a-w c:\windows\system32\dllcache\w32.dll
+ 2004-08-04 01:07:00 48,256 -c--a-w c:\windows\system32\dllcache\w32.dll
- 2002-08-29 12:00:00 4,608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll
+ 2004-08-04 01:07:00 4,608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll
- 2002-08-29 12:00:00 73,728 -c--a-w c:\windows\system32\dllcache\w3ext.dll
+ 2004-08-04 01:07:00 73,728 -c--a-w c:\windows\system32\dllcache\w3ext.dll
- 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll
+ 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll
- 2002-08-29 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\wamps51.dll
+ 2004-08-04 01:07:00 9,216 -c--a-w c:\windows\system32\dllcache\wamps51.dll
- 2002-08-29 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\wamregps.dll
+ 2004-08-04 01:07:00 7,168 -c--a-w c:\windows\system32\dllcache\wamregps.dll
- 2002-08-29 12:00:00 41,600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll
+ 2004-08-04 01:07:00 41,600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll
- 2002-08-29 12:00:00 31,232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
+ 2004-08-04 01:07:00 31,232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
+ 2009-03-19 15:41:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
--a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 11:42:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]
@DACL=(02 0000)
@="HtmldocPlugin 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550]
@DACL=(02 0000)
"Analog 0.700,0.300Caps"="vcp(02 04 05 06 08 0E 10 12 14(01 05 08 0B) 16 18 1A 1E 20 30 3E 52 60(01 03) 68 AC AE B2 B6 C0 C6 C8 C9 CA D6(01 04) DF FA FB FC FD FE AA(01 04)) vcp_p2(37 38 39 3B) type(LCD) mccs_ver(2.0) asset_eep(64) mpu(0.04)"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\Tablet.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-19 11:45:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 15:44:58
ComboFix2.txt 2009-03-19 04:54:14
Pre-Run: 32,409,468,928 bytes free
Post-Run: 32,390,303,744 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
534 --- E O F --- 2009-03-13 22:12:01
-
Were getting closer.
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Folder::
c:\windows\system32\nfr.gpref
c:\windows\9g234sdfdfgjf23
File::
c:\windows\system32\nfr.gpref
c:\windows\9g234sdfdfgjf23
RegLock::
[-HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]
[-HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
ComboFix 09-03-18.01 - Becky 2009-03-19 14:09:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1096 [GMT -4:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\9g234sdfdfgjf23
c:\windows\system32\nfr.gpref
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\9g234sdfdfgjf23
c:\windows\system32\nfr.gpref
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-18 19:09 . 2009-03-18 19:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-18 18:42 . 2009-03-18 18:42 <DIR> d-------- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-03-18 18:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 . 2009-03-18 18:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 . 2009-03-18 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 18:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
2009-03-18 15:04 . 2009-03-18 15:04 <DIR> d-------- c:\program files\CCleaner
2009-03-17 15:50 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:50 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 15:47 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-17 15:46 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 15:45 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-03-17 15:44 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 15:43 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-17 15:42 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 15:41 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 15:40 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 15:33 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 15:32 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 15:31 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-03-17 15:30 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-17 15:30 . 2008-04-13 14:46 53,376 --a--c--- c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys
2009-03-11 21:16 . 2009-03-11 21:16 <DIR> d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 18:03 --------- d-----w c:\documents and settings\user pc\Application Data\WTablet
2009-03-18 23:12 --------- d-----w c:\program files\Java
2009-03-18 19:00 --------- d-----w c:\program files\Lavasoft
2009-03-18 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-17 09:26 --------- d-----w c:\documents and settings\user pc\Application Data\uTorrent
2009-03-15 21:35 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 04:15 --------- d-----w c:\documents and settings\user pc\Application Data\DVD Flick
2009-03-15 01:38 --------- d-----w c:\documents and settings\user pc\Application Data\dvdcss
2009-03-07 17:20 --------- d-----w c:\program files\Ahead
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\ZoomBrowser EX
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\CameraWindowDC
2009-02-25 15:41 --------- d-----w c:\documents and settings\user pc\Application Data\AVGTOOLBAR
2009-02-12 16:12 --------- d-----w c:\program files\Google
2009-02-11 02:24 34 ----a-w c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-10 04:35 --------- d-----w c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
2009-02-10 04:19 --------- d-----w c:\documents and settings\Leanne\Application Data\vlc
2009-02-09 03:08 --------- d-----w c:\documents and settings\Leanne\Application Data\Apple Computer
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\WTablet
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\Network Associates
2009-02-09 02:42 --------- d-----w c:\documents and settings\Becky\Application Data\AVGTOOLBAR
2009-02-09 02:38 --------- d-----w c:\documents and settings\Becky\Application Data\vlc
2009-02-05 18:37 --------- d-----w c:\documents and settings\user pc\Application Data\vlc
2009-02-05 18:16 --------- d-----w c:\program files\VideoLAN
2009-02-03 19:16 --------- d-----w c:\program files\Improvisation
2009-01-27 15:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-27 15:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-25 05:54 --------- d-----w c:\documents and settings\user pc\Application Data\Any Video Converter
2009-01-24 22:06 --------- d-----w c:\program files\AVG
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-27 02:22 24 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-03-19_11.44.11.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 18:13:52 16,384 ----atw c:\windows\temp\Perflib_Perfdata_780.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
--a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 14:14:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3REPROX.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\Tablet.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-19 14:17:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 18:17:01
ComboFix2.txt 2009-03-19 15:45:04
ComboFix3.txt 2009-03-19 04:54:14
Pre-Run: 32,374,824,960 bytes free
Post-Run: 32,355,348,480 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
243 --- E O F --- 2009-03-13 22:12:01
-
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Go to:
- Start
- Run
- type: CLEANMGR.EXE
- Press Enter.
When prompted select the
C: drive and click OK.
Check the boxes for:- Temporary Internet Files
- Downloaded Program Files
- Recycle Bin
- Temporary Files
.
Click OK or Enter
----------
How is the computer running now?
-
Thanks so far for all of your help. The computer seems to be running fine.
I still get this error message on my user account (not the other ones) when I log on to it: "Error Loading dll32 The specified module could not be found". I am assuming dll32 is important. I tried doing
START>RUN> sfc /scannow and then inserting my WinXP disc to repair the dll32 file. Nada, didn't work. Is there somewhere to get this file?
Also, what was the problem(s) you saw with all of the logs I sent you? It seems Notepad had something to do with it.
And I'm still wondering why we re-named HijackThis to Sniper?
-
And I'm still wondering why we re-named HijackThis to Sniper?
Some malware can "hide" from the hijackthis.exe. Renaming it ensures this won't happen.
Also, what was the problem(s) you saw with all of the logs I sent you? It seems Notepad had something to do with it.
I'm not sure what the deal was with the Notepad entries. It shouldn't be running from the locations it was found in so might have been exploited by the malware. The biggest problem was adware, MyWebSearch.
Error Loading dll32 The specified module could not be found
Sounds like something wasn't completely removed, probably part of the MyWebSearch.
Let's have a closer look at where the error is coming from.
Please download from DDS by sUBs (http://www.forospyware.com/sUBs/dds) and save it to your Desktop.
Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
- Double click on dds to run it.
- When done, DDS.txt will open.
- You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
- When done, Attach.txt will open.
- Please copy and paste the contents of DDS.txt and Attach.txt in your next reply.
-
DDS (Ver_09-03-16.01) - NTFSx86
Run by user pc at 15:16:53.00 on Thu 03/19/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1056 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
svchost.exe
C:\Documents and Settings\user pc\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/puccini/start
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [dll] rundll32 dll32,sm
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [McAfeeFireTray] c:\progra~1\networ~1\mcafee~1\Firetray.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175397160937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15033/CTPID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\userpc~1\applic~1\mozilla\firefox\profiles\y7jwtw3n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\user pc\application data\mozilla\firefox\profiles\y7jwtw3n.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-24 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-24 298264]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2004-5-16 102463]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
=============== Created Last 30 ================
2009-03-19 15:15 <DIR> --d-h--- c:\windows\PIF
2009-03-19 14:26 <DIR> --d----- C:\ComboFix
2009-03-19 00:45 <DIR> --d----- C:\cmdcons
2009-03-18 19:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-18 18:42 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 18:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-18 15:11 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-18 15:11 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-18 15:04 <DIR> --d----- c:\program files\CCleaner
2009-03-17 15:50 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:50 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:48 11,520 ac------ c:\windows\system32\dllcache\twotrack.sys
2009-03-17 15:47 58,368 ac------ c:\windows\system32\dllcache\smiminib.sys
2009-03-17 15:46 79,104 ac------ c:\windows\system32\dllcache\rocket.sys
2009-03-17 15:45 61,696 ac------ c:\windows\system32\dllcache\ohci1394.sys
2009-03-17 15:44 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-03-17 15:43 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-03-17 15:42 19,456 ac------ c:\windows\system32\dllcache\hr1w.dll
2009-03-17 15:41 45,568 ac------ c:\windows\system32\dllcache\esunib.dll
2009-03-17 15:40 49,792 ac------ c:\windows\system32\dllcache\cyzport.sys
2009-03-17 15:33 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-03-17 15:32 342,336 ac------ c:\windows\system32\dllcache\banshee.dll
2009-03-17 15:31 97,354 ac------ c:\windows\system32\dllcache\aspndis3.sys
2009-03-17 15:30 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 689,216 ac------ c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 53,376 ac------ c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2009-03-17 15:30 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
==================== Find3M ====================
2009-03-15 17:35 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 17:34 202,352 a------- c:\windows\system32\PnkBstrB.exe
2009-02-10 22:24 34 a------- c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-27 11:56 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-27 11:56 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-27 11:55 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-24 17:59 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 17:59 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
============= FINISH: 15:17:26.68 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2007 10:28:28 PM
System Uptime: 3/19/2009 3:05:54 PM (0 hours ago)
Motherboard: | | KM266-8235
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 1990/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 32.746 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 33.606 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP311: 3/19/2009 2:26:58 PM - System Checkpoint
==== Installed Programs ======================
µTorrent
7-Zip 4.53 beta
Abexo Free Registry Cleaner
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.1.0
Adobe Shockwave Player
Amazing Slow Downer (remove only)
America's Army Deploy Client
America's Army Server Manager
America Online (Choose which version to remove)
Any Video Converter 2.6.7
Apple Software Update
As Simple As Photoshop 5.2
Audacity 1.2.6
AVG Free 8.0
Belarc Advisor 7.2
BUM
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Creative Media Lite
Creative ZEN Stone User's Guide
DVD Decrypter (Remove Only)
DVD Flick
DVD Shrink 3.2
DVDStyler v1.7.1
EphPod
Google Toolbar for Internet Explorer
Google Video Player
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
hp LaserJet 1150 / 1300
ImgBurn
Improvisation
iPod for Windows 2005-10-12
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 7
KODAK EASYSHARE Gallery Easy Upload, v2.0
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 15
McAfee Desktop Firewall 8.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta Reference Library 2003
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 SR-1 Premium
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 2000
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.7)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero OEM
NVIDIA Drivers
PowerDVD
QuickTime
RealPlayer
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Shockwave
SoulSeek 157 NS 13c
SUPERAntiSpyware Free Edition
Switch Uninstall
TablEdit 2.64
Tablet
Torrent Harvester
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Audio Driver Setup Program
VIA Rhine-Family Fast-Ethernet Adapter
Videora iPod Converter 0.91
Viewpoint Media Player
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Windward Studios Page 2 Stage 1.02
WinRAR archiver
Yahoo! Customizations
Yahoo! Internet Mail
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
3/14/2009 10:02:48 AM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
3/15/2009 11:38:47 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TabletService service.
3/17/2009 12:21:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'pp03.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/17/2009 4:09:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
3/18/2009 7:04:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: viaagp
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The TabletService service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The CT Device Query service service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7034] - The McAfee Desktop Firewall Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:00 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/19/2009 11:37:01 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/19/2009 11:37:01 AM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).
3/17/2009 3:29:19 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
3/17/2009 3:32:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\authfilt.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:33:15 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\big5.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:35:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_1047.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:35:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_1140.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:35:10 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_1141.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:35:13 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_1142.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:35:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_1143.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:36:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_20108.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:37:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_20269.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:37:34 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_20273.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:37:43 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_20277.nls could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
3/17/2009 3:50:46 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
3/18/2009 10:22:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
==== End Of File ===========================
-
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
DDS::
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [dll] rundll32 dll32,sm
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
Upon restart the error should not happen again.
----------
Go to Add or Remove Programs and uninstall:
-
ComboFix 09-03-18.01 - user pc 2009-03-19 18:12:52.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1083 [GMT -4:00]
Running from: c:\documents and settings\user pc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user pc\Desktop\CFScript..txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user pc\Desktop\notepad.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-19 15:15 . 2009-03-19 15:15 <DIR> d--h----- c:\windows\PIF
2009-03-18 19:09 . 2009-03-18 19:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-18 18:42 . 2009-03-18 18:42 <DIR> d-------- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-03-18 18:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 . 2009-03-18 18:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 . 2009-03-18 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 18:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
2009-03-18 15:04 . 2009-03-18 15:04 <DIR> d-------- c:\program files\CCleaner
2009-03-17 15:50 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:50 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 15:47 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-17 15:46 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 15:45 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-03-17 15:44 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 15:43 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-17 15:42 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 15:41 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 15:40 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 15:33 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 15:32 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 15:31 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-03-17 15:30 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-17 15:30 . 2008-04-13 14:46 53,376 --a--c--- c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys
2009-03-11 21:16 . 2009-03-11 21:16 <DIR> d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 22:18 --------- d-----w c:\documents and settings\user pc\Application Data\WTablet
2009-03-18 23:12 --------- d-----w c:\program files\Java
2009-03-18 19:00 --------- d-----w c:\program files\Lavasoft
2009-03-18 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-17 09:26 --------- d-----w c:\documents and settings\user pc\Application Data\uTorrent
2009-03-15 21:35 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 04:15 --------- d-----w c:\documents and settings\user pc\Application Data\DVD Flick
2009-03-15 01:38 --------- d-----w c:\documents and settings\user pc\Application Data\dvdcss
2009-03-07 17:20 --------- d-----w c:\program files\Ahead
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\ZoomBrowser EX
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\CameraWindowDC
2009-02-25 15:41 --------- d-----w c:\documents and settings\user pc\Application Data\AVGTOOLBAR
2009-02-12 16:12 --------- d-----w c:\program files\Google
2009-02-11 02:24 34 ----a-w c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-10 04:35 --------- d-----w c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
2009-02-10 04:19 --------- d-----w c:\documents and settings\Leanne\Application Data\vlc
2009-02-09 03:08 --------- d-----w c:\documents and settings\Leanne\Application Data\Apple Computer
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\WTablet
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\Network Associates
2009-02-09 02:42 --------- d-----w c:\documents and settings\Becky\Application Data\AVGTOOLBAR
2009-02-09 02:38 --------- d-----w c:\documents and settings\Becky\Application Data\vlc
2009-02-05 18:37 --------- d-----w c:\documents and settings\user pc\Application Data\vlc
2009-02-05 18:16 --------- d-----w c:\program files\VideoLAN
2009-02-03 19:16 --------- d-----w c:\program files\Improvisation
2009-01-27 15:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-27 15:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-25 05:54 --------- d-----w c:\documents and settings\user pc\Application Data\Any Video Converter
2009-01-24 22:06 --------- d-----w c:\program files\AVG
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-27 02:22 24 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
--a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/puccini/start
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user pc\Application Data\Mozilla\Firefox\Profiles\y7jwtw3n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\user pc\Application Data\Mozilla\Firefox\Profiles\y7jwtw3n.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 18:18:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3REPROX.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\Tablet.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-19 18:22:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 22:21:13
ComboFix2.txt 2009-03-19 18:17:07
Pre-Run: 35,068,616,704 bytes free
Post-Run: 35,049,369,600 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
245 --- E O F --- 2009-03-13 22:12:01
-
Are you still getting the dll error?
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
RegLock::
[-HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
The dll error message has not been appearing now when I start up. Thank you very much. What was it's cause?
ComboFix 09-03-19.01 - user pc 2009-03-20 9:58:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1066 [GMT -4:00]
Running from: c:\documents and settings\user pc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user pc\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user pc\Desktop\notepad.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.
2009-03-19 15:15 . 2009-03-19 15:15 <DIR> d--h----- c:\windows\PIF
2009-03-18 19:09 . 2009-03-18 19:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-18 18:42 . 2009-03-18 18:42 <DIR> d-------- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-03-18 18:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 . 2009-03-18 18:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 . 2009-03-18 18:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 18:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
2009-03-18 15:04 . 2009-03-18 15:04 <DIR> d-------- c:\program files\CCleaner
2009-03-17 15:50 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:50 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 15:47 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-17 15:46 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 15:45 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-03-17 15:44 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 15:43 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-17 15:42 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 15:41 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 15:40 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 15:33 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 15:32 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 15:31 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-03-17 15:30 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-17 15:30 . 2008-04-13 14:46 53,376 --a--c--- c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys
2009-03-11 21:16 . 2009-03-11 21:16 <DIR> d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 14:05 --------- d-----w c:\documents and settings\user pc\Application Data\WTablet
2009-03-18 23:12 --------- d-----w c:\program files\Java
2009-03-18 19:00 --------- d-----w c:\program files\Lavasoft
2009-03-18 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-17 09:26 --------- d-----w c:\documents and settings\user pc\Application Data\uTorrent
2009-03-15 21:35 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 04:15 --------- d-----w c:\documents and settings\user pc\Application Data\DVD Flick
2009-03-15 01:38 --------- d-----w c:\documents and settings\user pc\Application Data\dvdcss
2009-03-07 17:20 --------- d-----w c:\program files\Ahead
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\ZoomBrowser EX
2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\CameraWindowDC
2009-02-25 15:41 --------- d-----w c:\documents and settings\user pc\Application Data\AVGTOOLBAR
2009-02-12 16:12 --------- d-----w c:\program files\Google
2009-02-11 02:24 34 ----a-w c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-10 04:35 --------- d-----w c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
2009-02-10 04:19 --------- d-----w c:\documents and settings\Leanne\Application Data\vlc
2009-02-09 03:08 --------- d-----w c:\documents and settings\Leanne\Application Data\Apple Computer
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\WTablet
2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\Network Associates
2009-02-09 02:42 --------- d-----w c:\documents and settings\Becky\Application Data\AVGTOOLBAR
2009-02-09 02:38 --------- d-----w c:\documents and settings\Becky\Application Data\vlc
2009-02-05 18:37 --------- d-----w c:\documents and settings\user pc\Application Data\vlc
2009-02-05 18:16 --------- d-----w c:\program files\VideoLAN
2009-02-03 19:16 --------- d-----w c:\program files\Improvisation
2009-01-27 15:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-27 15:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-25 05:54 --------- d-----w c:\documents and settings\user pc\Application Data\Any Video Converter
2009-01-24 22:06 --------- d-----w c:\program files\AVG
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-27 02:22 24 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-19_18.20.12.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-20 14:02:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_61c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
--a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/puccini/start
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user pc\Application Data\Mozilla\Firefox\Profiles\y7jwtw3n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\user pc\Application Data\Mozilla\Firefox\Profiles\y7jwtw3n.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 10:07:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\Tablet.exe
c:\windows\wanmpsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-20 10:10:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-20 14:10:14
ComboFix2.txt 2009-03-19 22:22:06
ComboFix3.txt 2009-03-19 18:17:07
Pre-Run: 34,987,728,896 bytes free
Post-Run: 34,974,998,528 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
244 --- E O F --- 2009-03-13 22:12:01
-
The cause was this: uRun: [dll] rundll32 dll32,sm. It is part of the adware that wasn't completely removed so was causing the error.
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.