Registry help

[evilfantasy]

Are you able to log in now?

If so please see if the last ComboFix log was created and post it. It can be found in C:\combofix.txt

[msu715]

I am able to log in now finally. However, I tried to open internet explorer and it said "The procedure entry point SHRegGetValueW could not be located in the dynamic link library SHLWAPI.dll" What does this mean? Also, it won't let me find the last combo fix log.

[evilfantasy]

OK part of the repair didn't work.

Put the XP CD in the drive and follow the instructions below:

• Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
  • Let this run undisturbed until the window with the blue  progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file

[msu715]

I ran the scan, nothing popped up but the Internet still doesn't work...

[msu715]

Let me correct myself, my AOL Instant Messenger works fine, but Internet Explorer is unable to open, not sure if you knew that already.

[evilfantasy]

Lets start here.

Try Dial-a-fix.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

.
Is the problem fixed? If not...

Open Dial-a-fix and click the hammer icon.
Locate, Repair/reinstall IE and click Go

If at any time you are prompted for the XP CD, insert it
Make note of any error messages and post them here
Reboot when complete and let me know if there's any change.

----------

If that didn't work try this.

1. Download IEFix.zip and run it.
2. Click the Apply button.
3. You'll be prompted for the Operating System CD or the Service Pack Files location.
4. Once finished Restart Windows.

[msu715]

Error: while trying to locate the unregistration entry point for C:\WINDOWS\system32\qmgr.dll. File version:6.0.2600.0

Error 0 was encountered while calling LoadLibrary(C:\WINDOWS\system32\inetcomm.dll)

Just restarted the computer

[msu715]

Ok after doing the 2nd step of reinstalling IE, I can reopen Internet Explorer and it seems to be working fine, there's just no address bar.

[evilfantasy]

You should be able to right-click in an empty space up there and select address bar. If that doesn't work it may be the malware interfering.

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the contents of both logs in the next reply.

[msu715]

Actually, as I go from page to page, IE encounters a problem and shuts down the little box shows up, but I'll download this thing and send you the logs

[msu715]

info.txt logfile of random's system information tool 1.05 2009-02-03 21:52:05

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8C E.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Contextual Tool Adsoftinc-->C:\WINDOWS\system32\cont_adsoftinc-remove.exe
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanelAnyText
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RegCure 1.5.2.7-->C:\Program Files\RegCure\uninst.exe
RegSweep-->MsiExec.exe /X{F33C7AAA-717E-4C6D-A7A7-18D36AE37F54}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

System event log

Computer Name: HOME-22NHO73DT0
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 6776
Source Name: Service Control Manager
Time Written: 20090112003347.000000-300
Event Type: information
User:

Computer Name: HOME-22NHO73DT0
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 6775
Source Name: Service Control Manager
Time Written: 20090112003347.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-22NHO73DT0
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 6774
Source Name: Service Control Manager
Time Written: 20090112003338.000000-300
Event Type: information
User:

Computer Name: HOME-22NHO73DT0
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 6773
Source Name: Service Control Manager
Time Written: 20090112003331.000000-300
Event Type: information
User:

Computer Name: HOME-22NHO73DT0
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 6772
Source Name: Service Control Manager
Time Written: 20090112003331.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: HOME-22NHO73DT0
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 747
Source Name: SecurityCenter
Time Written: 20081024030718.000000-240
Event Type: information
User:

Computer Name: HOME-22NHO73DT0
Event Code: 0
Message:
Record Number: 746
Source Name: Viewpoint Manager Service
Time Written: 20081024030718.000000-240
Event Type: information
User:

Computer Name: HOME-22NHO73DT0
Event Code: 1
Message:
Record Number: 745
Source Name: Bonjour Service
Time Written: 20081024030718.000000-240
Event Type: information
User:

Computer Name: HOME-22NHO73DT0
Event Code: 1517
Message: Windows saved user HOME-22NHO73DT0\Bob registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 744
Source Name: Userenv
Time Written: 20081024030630.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-22NHO73DT0
Event Code: 7
Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 743
Source Name: crypt32
Time Written: 20081021212136.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

[msu715]

Logfile of random's system information tool 1.05 (written by random/random)
Run by Bob at 2009-02-03 21:51:47
Microsoft Windows XP Home Edition
System drive C: has 123 GB (94%) free of 131 GB
Total RAM: 503 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52, on 2009-02-03
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
E:\RSIT.exe
C:\Program Files\trend micro\Bob.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF4083.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--End of file - 7575 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-01 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-01 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-06 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-06 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-06 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-01 1968920]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-06 251504]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\system32\msdxm.ocx [2002-06-25 843804]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-01 1601304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"combofix"=C:\WINDOWS\system32\CF4083.exe [2009-02-02 389120]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-06 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-06 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-06 118784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-06-25 13312]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2007-08-29 1347584]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-13 68856]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Adobe Media Player.lnk]
C:\PROGRA~1\ADOBEM~1\ADOBEM~1.EXE [2008-08-30 260096]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-01 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-06 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[msu715]

======List of files/folders created in the last 1 months======

2009-02-03 21:51:49 ----D---- C:\Program Files\trend micro
2009-02-03 21:51:47 ----D---- C:\rsit
2009-02-03 21:31:46 ----D---- C:\WINDOWS\System32\CatRoot2
2009-02-03 21:29:46 ----D---- C:\WINDOWS\temp
2009-02-03 20:21:29 ----A---- C:\WINDOWS\System32\igfxres.dll
2009-02-03 20:17:25 ----D---- C:\WINDOWS\Prefetch
2009-02-03 20:09:30 ----D---- C:\WINDOWS\LastGood
2009-02-03 20:06:18 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest
2009-02-03 20:01:07 ----A---- C:\WINDOWS\pnplog.txt
2009-02-03 19:47:24 ----A---- C:\WINDOWS\System32\spxcoins.dll
2009-02-03 19:47:24 ----A---- C:\WINDOWS\System32\irclass.dll
2009-02-03 19:47:19 ----RA---- C:\WINDOWS\SET7F.tmp
2009-02-03 19:47:15 ----RA---- C:\WINDOWS\SET6F.tmp
2009-02-03 19:47:14 ----RA---- C:\WINDOWS\SET5D.tmp
2009-02-03 19:47:12 ----RA---- C:\WINDOWS\SET51.tmp
2009-02-03 19:17:23 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-03 19:15:25 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2009-02-03 19:15:25 ----A---- C:\WINDOWS\System32\qmgr.dll
2009-02-03 19:15:19 ----A---- C:\WINDOWS\System32\safrslv.dll
2009-02-03 19:15:19 ----A---- C:\WINDOWS\System32\safrdm.dll
2009-02-03 19:15:19 ----A---- C:\WINDOWS\System32\safrcdlg.dll
2009-02-03 19:15:19 ----A---- C:\WINDOWS\System32\racpldlg.dll
2009-02-03 19:15:16 ----A---- C:\WINDOWS\System32\srsvc.dll
2009-02-03 19:15:16 ----A---- C:\WINDOWS\System32\srrstr.dll
2009-02-03 19:15:16 ----A---- C:\WINDOWS\System32\srclient.dll
2009-02-03 19:15:15 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2009-02-03 19:15:15 ----A---- C:\WINDOWS\System32\msconf.dll
2009-02-03 19:15:15 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
2009-02-03 19:15:15 ----A---- C:\WINDOWS\System32\mnmdd.dll
2009-02-03 19:15:15 ----A---- C:\WINDOWS\System32\isrdbg32.dll
2009-02-03 19:15:15 ----A---- C:\WINDOWS\System32\ils.dll
2009-02-03 19:15:11 ----A---- C:\WINDOWS\System32\msoert2.dll
2009-02-03 19:15:11 ----A---- C:\WINDOWS\System32\msoeacct.dll
2009-02-03 19:15:10 ----A---- C:\WINDOWS\System32\inetres.dll
2009-02-03 19:15:08 ----A---- C:\WINDOWS\System32\schedsvc.dll
2009-02-03 19:15:08 ----A---- C:\WINDOWS\System32\mstinit.exe
2009-02-03 19:15:08 ----A---- C:\WINDOWS\System32\mstask.dll
2009-02-03 19:15:07 ----A---- C:\WINDOWS\System32\isign32.dll
2009-02-03 19:15:07 ----A---- C:\WINDOWS\System32\inetcfg.dll
2009-02-03 19:15:07 ----A---- C:\WINDOWS\System32\icwphbk.dll
2009-02-03 19:15:07 ----A---- C:\WINDOWS\System32\icwdial.dll
2009-02-03 19:13:57 ----A---- C:\WINDOWS\System32\sndrec32.exe
2009-02-03 19:13:57 ----A---- C:\WINDOWS\System32\mplay32.exe
2009-02-03 19:13:57 ----A---- C:\WINDOWS\System32\accwiz.exe
2009-02-03 19:13:56 ----A---- C:\WINDOWS\System32\mspaint.exe
2009-02-03 19:13:56 ----A---- C:\WINDOWS\System32\hypertrm.dll
2009-02-03 19:13:56 ----A---- C:\WINDOWS\System32\clipbrd.exe
2009-02-03 19:13:55 ----A---- C:\WINDOWS\System32\wuauserv.dll
2009-02-03 19:13:55 ----A---- C:\WINDOWS\System32\wuaueng.dll
2009-02-03 19:13:55 ----A---- C:\WINDOWS\System32\wuauclt.exe
2009-02-03 19:13:55 ----A---- C:\WINDOWS\System32\spider.exe
2009-02-03 19:13:54 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2009-02-03 19:13:54 ----A---- C:\WINDOWS\System32\mstscax.dll
2009-02-03 19:13:53 ----RA---- C:\WINDOWS\System32\termsrv.dll
2009-02-03 19:13:53 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2009-02-03 19:13:53 ----A---- C:\WINDOWS\System32\sessmgr.exe
2009-02-03 19:13:53 ----A---- C:\WINDOWS\System32\remotepg.dll
2009-02-03 19:13:53 ----A---- C:\WINDOWS\System32\rdshost.exe
2009-02-03 19:13:53 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2009-02-03 19:13:53 ----A---- C:\WINDOWS\System32\rdchost.dll
2009-02-03 19:13:53 ----A---- C:\WINDOWS\System32\mstsc.exe
2009-02-03 19:13:52 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2009-02-03 19:13:52 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2009-02-03 19:13:52 ----A---- C:\WINDOWS\System32\rdpclip.exe
2009-02-03 19:13:52 ----A---- C:\WINDOWS\System32\qprocess.exe
2009-02-03 19:13:52 ----A---- C:\WINDOWS\System32\mtxoci.dll
2009-02-03 19:13:52 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
2009-02-03 19:13:52 ----A---- C:\WINDOWS\System32\icaapi.dll
2009-02-03 19:13:52 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2009-02-03 19:13:51 ----A---- C:\WINDOWS\System32\xolehlp.dll
2009-02-03 19:13:51 ----A---- C:\WINDOWS\System32\msdtctm.dll
2009-02-03 19:13:51 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2009-02-03 19:13:51 ----A---- C:\WINDOWS\System32\msdtclog.dll
2009-02-03 19:13:51 ----A---- C:\WINDOWS\System32\msdtc.exe
2009-02-03 19:13:50 ----A---- C:\WINDOWS\System32\mtxlegih.dll
2009-02-03 19:13:50 ----A---- C:\WINDOWS\System32\mtxex.dll
2009-02-03 19:13:50 ----A---- C:\WINDOWS\System32\mtxdm.dll
2009-02-03 19:13:50 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
2009-02-03 19:13:49 ----A---- C:\WINDOWS\System32\stclient.dll
2009-02-03 19:13:49 ----A---- C:\WINDOWS\System32\comrepl.dll
2009-02-03 19:13:49 ----A---- C:\WINDOWS\System32\comaddin.dll
2009-02-03 19:13:49 ----A---- C:\WINDOWS\System32\colbact.dll
2009-02-03 19:13:49 ----A---- C:\WINDOWS\System32\clbcatex.dll
2009-02-03 19:13:49 ----A---- C:\WINDOWS\System32\catsrvps.dll
2009-02-03 19:13:48 ----A---- C:\WINDOWS\System32\comuid.dll
2009-02-03 19:13:48 ----A---- C:\WINDOWS\System32\comsvcs.dll
2009-02-03 19:13:48 ----A---- C:\WINDOWS\System32\catsrvut.dll
2009-02-03 19:13:48 ----A---- C:\WINDOWS\System32\catsrv.dll
2009-02-03 19:13:47 ----A---- C:\WINDOWS\System32\comsnap.dll
2009-02-03 19:13:47 ----A---- C:\WINDOWS\System32\clbcatq.dll
2009-02-03 19:13:41 ----A---- C:\WINDOWS\System32\servdeps.dll
2009-02-03 19:13:41 ----A---- C:\WINDOWS\System32\mmfutil.dll
2009-02-03 19:13:41 ----A---- C:\WINDOWS\System32\licwmi.dll
2009-02-03 19:13:40 ----A---- C:\WINDOWS\System32\cmprops.dll
2009-02-03 19:09:33 ----A---- C:\WINDOWS\System32\ksuser.dll
2009-02-03 18:55:04 ----A---- C:\WINDOWS\imsins.BAK
2009-02-03 18:54:56 ----D---- C:\WINDOWS\LastGood.Tmp
2009-02-03 18:54:47 ----A---- C:\WINDOWS\System32\storprop.dll
2009-02-03 18:54:35 ----RA---- C:\WINDOWS\SET80.tmp
2009-02-03 18:54:33 ----RA---- C:\WINDOWS\SET70.tmp
2009-02-03 18:54:32 ----RA---- C:\WINDOWS\SET5E.tmp
2009-02-03 18:54:30 ----RA---- C:\WINDOWS\SET52.tmp
2009-02-03 18:52:34 ----A---- C:\WINDOWS\setuplog.txt
2009-02-02 23:35:46 ----A---- C:\WINDOWS\PSEXESVC.EXE
2009-02-02 23:33:37 ----SHD---- C:\RECYCLER
2009-02-02 23:33:08 ----D---- C:\ComboFix
2009-02-02 23:33:07 ----A---- C:\WINDOWS\System32\CF4083.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\zip.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\VFIND.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\SWSC.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\SWREG.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\sed.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\grep.exe
2009-02-02 22:40:37 ----A---- C:\WINDOWS\fdsv.exe
2009-02-02 22:38:04 ----D---- C:\WINDOWS\ERDNT
2009-02-02 22:38:04 ----D---- C:\Qoobox
2009-02-02 21:59:40 ----D---- C:\WINDOWS\ERUNT
2009-02-02 21:55:51 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-02 21:53:49 ----D---- C:\SDFix
2009-02-02 17:06:48 ----D---- C:\Program Files\CCleaner
2009-01-27 00:53:08 ----D---- C:\Program Files\NBA Jam Tournament Edition
2009-01-16 00:10:20 ----D---- C:\Documents and Settings\Bob\Application Data\Viewpoint
2009-01-13 20:32:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-13 20:32:24 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-13 20:32:24 ----D---- C:\Documents and Settings\Bob\Application Data\SUPERAntiSpyware.com
2009-01-13 20:18:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-11 19:46:42 ----A---- C:\WINDOWS\wininit.ini
2009-01-11 18:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-04 02:25:23 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2009-02-03 21:51:49 ----RD---- C:\Program Files
2009-02-03 21:40:13 ----D---- C:\WINDOWS
2009-02-03 21:39:54 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-02-03 21:39:46 ----D---- C:\WINDOWS\security
2009-02-03 21:39:46 ----D---- C:\Program Files\Internet Explorer
2009-02-03 21:36:25 ----D---- C:\WINDOWS\Debug
2009-02-03 21:33:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-03 21:33:14 ----RD---- C:\WINDOWS\Web
2009-02-03 21:33:10 ----SHD---- C:\WINDOWS\Installer
2009-02-03 21:32:10 ----D---- C:\WINDOWS\system32
2009-02-03 21:32:01 ----D---- C:\WINDOWS\System32\CatRoot
2009-02-03 21:31:23 ----HD---- C:\Program Files\WindowsUpdate
2009-02-03 21:00:34 ----D---- C:\WINDOWS\Registration
2009-02-03 20:22:03 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2009-02-03 20:21:41 ----HD---- C:\WINDOWS\inf
2009-02-03 20:18:02 ----SHD---- C:\System Volume Information
2009-02-03 20:18:02 ----D---- C:\WINDOWS\System32\Restore
2009-02-03 20:15:22 ----D---- C:\WINDOWS\System32\config
2009-02-03 20:10:18 ----D---- C:\Temp
2009-02-03 20:09:48 ----D---- C:\WINDOWS\AppPatch
2009-02-03 20:09:42 ----D---- C:\WINDOWS\System32\drivers
2009-02-03 20:09:23 ----D---- C:\Program Files\Windows Media Player
2009-02-03 20:07:32 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-03 20:06:12 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest
2009-02-03 20:06:03 ----A---- C:\WINDOWS\win.ini
2009-02-03 20:05:55 ----D---- C:\WINDOWS\System32\oobe
2009-02-03 20:05:37 ----D---- C:\WINDOWS\System32\Com
2009-02-03 20:05:01 ----D---- C:\Program Files\MSN
2009-02-03 20:04:45 ----SH---- C:\boot.ini
2009-02-03 19:47:30 ----A---- C:\WINDOWS\system.ini
2009-02-03 19:47:20 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-03 19:15:31 ----D---- C:\WINDOWS\srchasst
2009-02-03 19:15:24 ----D---- C:\Program Files\Movie Maker
2009-02-03 19:15:15 ----D---- C:\Program Files\NetMeeting
2009-02-03 19:15:11 ----D---- C:\Program Files\Outlook Express
2009-02-03 19:15:11 ----D---- C:\Program Files\Common Files\System
2009-02-03 19:13:56 ----D---- C:\Program Files\Windows NT
2009-02-03 14:43:30 ----D---- C:\WINDOWS\System32\Setup
2009-02-03 14:43:30 ----D---- C:\WINDOWS\system
2009-02-03 14:43:24 ----D---- C:\WINDOWS\System32\usmt
2009-02-03 14:43:24 ----D---- C:\WINDOWS\Help
2009-02-03 14:43:01 ----RSD---- C:\WINDOWS\Fonts
2009-02-03 14:42:58 ----D---- C:\WINDOWS\ime
2009-02-03 14:42:56 ----D---- C:\WINDOWS\Media
2009-02-03 14:42:48 ----D---- C:\WINDOWS\twain_32
2009-02-03 14:42:47 ----D---- C:\WINDOWS\System32\wbem
2009-02-03 14:42:22 ----D---- C:\WINDOWS\System32\icsxml
2009-02-03 14:42:06 ----D---- C:\WINDOWS\System32\npp
2009-02-03 14:41:57 ----D---- C:\WINDOWS\msagent
2009-02-03 14:41:33 ----D---- C:\WINDOWS\System32\ias
2009-02-03 14:41:23 ----D---- C:\WINDOWS\System32\1033
2009-02-03 14:38:51 ----D---- C:\WINDOWS\WinSxS
2009-02-03 14:38:51 ----D---- C:\WINDOWS\Driver Cache
2009-02-02 23:35:17 ----D---- C:\Program Files\Common Files
2009-02-02 23:34:41 ----SD---- C:\WINDOWS\Tasks
2009-02-02 12:52:05 ----D---- C:\Documents and Settings\Bob\Application Data\MSN6
2009-02-02 02:30:01 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-02 02:25:51 ----HD---- C:\$AVG8.VAULT$
2009-02-01 13:57:18 ----A---- C:\WINDOWS\System32\avgrsstx.dll
2009-01-15 03:01:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-12 22:03:41 ----A---- C:\WINDOWS\System32\9bbc377b-.txt
2009-01-11 15:41:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-09 20:35:28 ----A---- C:\WINDOWS\System32\MRT.exe
2009-01-06 18:14:24 ----D---- C:\Program Files\Google
2009-01-06 17:29:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-05 00:26:47 ----D---- C:\Documents and Settings\Bob\Application Data\AVGTOOLBAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-01 325128]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-01 107272]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-06-25 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2002-06-25 13056]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-06 1168860]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-06-25 50688]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-06-25 21760]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-06-25 18944]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-01 27656]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\System32\drivers\UIUSys.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2001-08-17 24832]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-01 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-06 137200]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[msu715]

Sorry, it wouldn't let me fit it all in one post so I broke it up.

[evilfantasy]

Try running the first set of Dial-a-fix instructions again, or can you install another browser like Firefox until we are done so this will be easier for you?

Go to Add/Remove Programs and uninstall:

• RegCure
• RegSweep
• Viewpoint Media Player

.
----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF4083.exe /c C:\ComboFix\Combobatch.bat

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Now download The Avenger by Swandog46 and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your Desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
  
• Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]

Comment:

Files to delete:
C:\WINDOWS\SET7F.tmp
C:\WINDOWS\SET6F.tmp
C:\WINDOWS\SET5D.tmp
C:\WINDOWS\SET51.tmp
C:\WINDOWS\SET80.tmp
C:\WINDOWS\SET70.tmp
C:\WINDOWS\SET5E.tmp
C:\WINDOWS\SET52.tmp
C:\WINDOWS\System32\CF4083.exe
C:\WINDOWS\zip.exe
C:\WINDOWS\VFIND.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\fdsv.exe

Folders to delete:
C:\ComboFix


• Now click the Execute button.
  
• Click Yes to the prompt to confirm you want to execute.
  
• Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
  
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

.

• Add the Avenger log in your next post.

----------

Download Malwarebytes' Anti-Malware (MBAM)

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.