# PC Problems, flashmute(?), low virtual memory



## desertluver (Sep 11, 2008)

Hi,

I've noticed a few things going on with my PC and I'm not sure how to fix or even where to begin, being that I'm not a real computer whiz, I know how to search, email and few other things that's what lead me here.

On to problems: 
1. I notice that a pop-up comes up near my system tray stating, "Virtual Memory Too Low....." atleast once or twice while on computer.

2. On some video's I have no sound but I do on others and this just started about a month ago. I would get an error message regarding Flashmute not being able to open or something like that when I would be turning off my computer. I have no idea what flashmute or how it got installed. I searched for flashmute on this site and a few other help sites and I saw that others were having the same audio problem. I searched for the flashmute program in Add/Remove but I could not find it, nor is there an icon for it in my system tray so that I can mute/unmute as the website states I should be able to do. I'm not sure but I think the problem started after I did a defrag but I could be wrong.

3. When I shut / turn off my PC for a brief moment, 3 - 5 seconds I hear people talking or music as if I were listening to a radio show, but my computer is shutting down.

4. On occassion, while I would be reading my email, without my browser open, I would hear music in the background and I have no idea where that was coming from. That hasn't happened in awhile but I wanted to mention it.

I researched a program called Revo Uninstaller and say that it got great reviews for fixing registry problems and cleaning up the junk and I was going to install Revo Uninstaller and CCleaner to catch what Revo did not, BUT I decided to join here before installing anything else.

I did uncheck a few items that were in my start-up and that seemed to help with the speed a little but I think my computer was still a little faster than what it is now. I tried not to mess with it too much, because I was afraid I would only cause more problems, or do something that I wouldn't be able to fix. I'm sure there are other items in start up that could be turned off or even deleted but not really knowing which for sure I didn't play around with it.

A friend of mine suggested that I download HiJackThis, which I did about a month ago. After running the scan and seeing that I had no idea what it found nor what I could delete or keep, I did nothing until now. My friend neglected to tell me that HiJackThis was meant to be used by experienced computer techs.  However I did run a scan and posted it below.

I've been researching online on how to fix the above problems but I just don't have the knowledge to take any steps on my own, in fear of making things worse.

I'm using Avast free home version for anti-virus, Super Anti-spyware for adware, malware and so on and Windows Defender. My OS is Windows XP, using Microsoft Outlook, and IE and sometimes Firefox. 

I hope you can help figure out and fix whatever is going on with my PC. I appreciate you taking the time to read and review the report below and specially taking the time to help and walk me through what needs to be done to get my computer working properly again. What you tech guys do for us NON-tech people is great, we'd be lost w/o your support and knowledge. 

I look forward to hearing back from you!

Thanks again for the help! 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:37 AM, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\flashmute.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SxS1\iexplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [BluetoothAuthAgent] C:\WINDOWS\BluetoothAuthAgent.exe
O4 - HKLM\..\Run: [FlashMute] C:\WINDOWS\flashmute.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [1igeFX] C:\WINDOWS\1igeFX.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\WINDOWS\SxS1\iexplore.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSUpdater] C:\WINDOWS\msupdater.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! ¤u¨ã¦C) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9769 bytes


----------



## Cookiegal (Aug 27, 2003)

As a favour would you please just use the default font rather than changing it as it's easier to view the logs. 

Please download Malwarebytes Anti-Malware form *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*


----------



## desertluver (Sep 11, 2008)

Hi Cookiegal,

Thanks for responding and taking the time to help me get my PC back to proper working order. I apologize for using the wrong font, sorry! 
I did as you insturcted and below is both the MBAM report and the HJT report. I tried to listen to a video on MySpace after MBAM removed a few itmes and I still have no sound on certain video players. Also, as of yesterday I'm still getting the pop-up, low virtual memory. 
If you can, can you please point out to me the bad items on my HJT report because I have no idea of what I'm looking at or what I need to be looking for. 
Thank you so much for your help, I greatly appreciate you taking time to help me figure out what's causing the problems.

Good Day!
Desertluver

Malwarebytes' Anti-Malware 1.28
Database version: 1179
Windows 5.1.2600 Service Pack 3
9/19/2008 2:56:47 PM
mbam-log-2008-09-19 (14-56-47).txt
Scan type: Quick Scan
Objects scanned: 52564
Time elapsed: 7 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msupdater (Worm.Zhelatin) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\msupdater.exe (Worm.Zhelatin) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:36 PM, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\BluetoothAuthAgent.exe
C:\WINDOWS\flashmute.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SxS1\iexplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MICROS~1\OFFICE\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [BluetoothAuthAgent] C:\WINDOWS\BluetoothAuthAgent.exe
O4 - HKLM\..\Run: [FlashMute] C:\WINDOWS\flashmute.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [1igeFX] C:\WINDOWS\1igeFX.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\WINDOWS\SxS1\iexplore.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! ¤u¨ã¦C) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9898 bytes


----------



## Cookiegal (Aug 27, 2003)

Since you have Avast!, in addition to turning it off you will have to do the following to disable the Self-Defense module which still runs or it will interfere with the next tool we are going to use.

Open Avast! and go to Settings and the on the Troubleshooting page disable the Avast! self-defense module please.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.


----------



## desertluver (Sep 11, 2008)

Hi Cookiegal,

I apologize for it taking me so long to get back to you I've been away from my computer. I read over your previous instructions and before downloading the microsoft windows recovery console, I wanted to make sure that I was downloading the correct microsoft product. I went here http://support.microsoft.com/kb/310994 because I do not have the Windows CD, then I went here Windows XP Professional SP2
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=en which took me to another page titled: *Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install.*
Is this the correct page to install the windows recovery console?

I'm far from being experienced when it comes to fixing PC problems but it sounds like this Combofix could wipe out my operating software and that's the reason for installing the recovery console. Being that I'm not experienced I'm wondering if there is another was to fix my PC problems without having to use the combofix and possibly wiping out my OS?

If there is no other way, please let me know if this is the page I need to go in order to download the recovery console. *Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install.*

Thank you,
Desertluver


----------



## Cookiegal (Aug 27, 2003)

Yes, that's the correct download if you're running XP Pro version (not Home).

Installing the recovery console is only a precaution as it's hard to predict how systems will react when some deeply embedded infections are removed. With the recovery console most systems can be recovered.

However, it's recommended that you back up any important data, pictures, music etc. to CDs or an external drive.

You really should run ComboFix though.


----------



## desertluver (Sep 11, 2008)

Hi,

I noticed on the Combo-fix log that it states that I DO NOT have the recovery console installed. I'm not sure why that did not install, I printed and followed all the directions. I have the icon showing on my desktop and then I dragged that icon over to combo-fix. How can I tell if the recovery console is actually installed?
Prior to running the combo-fix scan I was noticing that I would get a message pop-up saying that there was a script error on a page. This error message would pop-up even tho I had not been online but I would be checking my email and when I would close or minimize my email to go online, there that message would be.

Below is the log from combo-fix, I'm going to send the HJT this log in another reply so that I can close out this program. 
Please let me know how do I tell if I did install the recovery console or not. HJT this report will be sent in separate reply.
Thanks again for your help, I really appreciate you taking the time to read the reports and then replying. I'd be totally lost if I were on my own.

Thanks.....Desertluver

ComboFix 08-10-01.02 - Kelly Dayton 2008-10-01 20:11:41.1 - *FAT32*x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.274 [GMT -7:00]
Running from: C:\Documents and Settings\Kelly Dayton\Desktop\Combo-Fix.exe
*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\start.exe
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV

((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.
2008-09-19 19:44 . 2008-09-19 19:44 d-------- C:\Documents and Settings\Kelly Dayton\Application Data\PC-FAX TX
2008-09-19 19:28 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\SYSTEM32\BroSNMP.dll
2008-09-19 19:28 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\SYSTEM32\BrDctF2.dll
2008-09-19 19:28 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\SYSTEM32\BrDctF2S.dll
2008-09-19 19:28 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\SYSTEM32\BrDctF2L.dll
2008-09-19 19:27 . 2006-01-17 01:03 126,976 --------- C:\WINDOWS\SYSTEM32\BrfxD05a.dll
2008-09-19 19:27 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.BMP
2008-09-19 19:27 . 2008-09-19 19:47 0 --a------ C:\WINDOWS\brdfxspd.dat
2008-09-19 18:51 . 2008-09-19 18:51 d-------- C:\Program Files\Reallusion
2008-09-19 18:10 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys
2008-09-19 18:10 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\SYSTEM32\dllcache\serscan.sys
2008-09-19 18:10 . 2008-09-19 19:50 1,020 --a------ C:\WINDOWS\Brpfx04a.ini
2008-09-19 18:10 . 2008-09-19 19:30 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-19 18:10 . 2008-09-19 19:44 153 --a------ C:\WINDOWS\brpcfx.ini
2008-09-19 18:10 . 2008-09-19 19:29 50 --a------ C:\WINDOWS\SYSTEM32\bridf07a.dat
2008-09-19 18:10 . 2008-09-19 19:30 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-19 18:08 . 2008-09-19 18:08 d-------- C:\Program Files\Brother
2008-09-19 18:04 . 2008-09-19 18:04 d-------- C:\Program Files\Nuance
2008-09-19 17:19 . 2008-09-19 17:19 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-19 14:34 . 2008-09-19 14:34 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 14:34 . 2008-09-19 14:35 d-------- C:\Documents and Settings\Kelly Dayton\Application Data\Malwarebytes
2008-09-19 14:34 . 2008-09-19 14:34 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 14:34 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-09-19 14:34 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-15 00:09 . 2008-09-15 00:09 369 --a------ C:\WINDOWS\capture.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 01:00 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-27 01:00 --------- d-----w C:\Documents and Settings\Kelly Dayton\Application Data\SUPERAntiSpyware.com
2008-08-27 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-27 00:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 13:23 --------- d-----w C:\Program Files\TechSmith
2008-08-26 13:23 --------- d-----w C:\Program Files\LimeWire
2008-08-26 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-08-12 21:46 602,472 ----a-w C:\WINDOWS\installer3.exe
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-16 19:26 601,412 ----a-w C:\WINDOWS\instalator.exe
2008-07-11 23:54 594,792 ----a-w C:\WINDOWS\mtraffic2.exe
2008-07-11 00:29 394,587 ----a-w C:\WINDOWS\1igeFX.exe
2008-07-09 18:57 595,518 ----a-w C:\WINDOWS\mtraffic1.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2007-08-03 20:57 56,912 ----a-w C:\Documents and Settings\Kelly Dayton\g2mdlhlpx.exe
2001-01-08 23:03 266 --sh--w C:\Program Files\desktop.ini
2001-01-08 23:03 11,079 ---h--w C:\Program Files\folder.htt
2008-06-19 01:49 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061820080619\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-13 17:12 8461312 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 43008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 5058560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"InstantAccess"="C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe" [2000-01-19 49152]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"BluetoothAuthAgent"="C:\WINDOWS\BluetoothAuthAgent.exe" [2008-05-26 203797]
"FlashMute"="C:\WINDOWS\flashmute.exe" [2006-03-11 221184]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 185896]
"1igeFX"="C:\WINDOWS\1igeFX.exe" [2008-07-10 394587]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 385024]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
"SM56ACL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"LoadPowerProfile"="powrprof.dll" [2008-04-13 C:\WINDOWS\SYSTEM32\powrprof.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]
C:\Documents and Settings\Kelly Dayton\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-30 118784]
CheckIt 86.lnk - C:\Program Files\CheckIt\86\CheckIt86.exe [2004-03-25 339968]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AttuneClientEngine]
--a------ 2000-07-24 23:47 356728 C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"BookmarkCentral"=C:\PROGRA~1\BMCENT~1\BMLauncher.exe
"OneTouch Monitor"=C:\PROGRA~1\VISION~1\ONETOU~2.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"Hotbar"=C:\PROGRAM FILES\HOTBAR\BIN\4.4.2.0\HBINST.EXE /Upgrade
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ontrack\\SystemSuite\\SSuite.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 36224]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kelly Dayton\Application Data\Mozilla\Firefox\Profiles\ckm11rp6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 20:20:10
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\mutelib.dll
-> C:\Program Files\TextBridge Pro Millennium\Bin\TBMHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHQUICK.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-01 20:30:49 - machine was rebooted [Kelly Dayton]
ComboFix-quarantined-files.txt 2008-10-02 03:30:08
Pre-Run: 11,904,319,488 bytes free
Post-Run: 12,410,339,328 bytes free
224 --- E O F --- 2008-09-26 05:47:05


----------



## desertluver (Sep 11, 2008)

Hi,

Below is the log from HJT. Also, prior to logging in here I tried to listen to a video on myspace and I still have no sound there and on other video players but not all video players. Since my last HJT log I've installed a new Brother fax/printer, which you'll see on the logs.

Besides the audio problem with certain players, are you seeing anything bad or that shouldn't be running in my PC on theses logs?

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:06 PM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\flashmute.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [BluetoothAuthAgent] C:\WINDOWS\BluetoothAuthAgent.exe
O4 - HKLM\..\Run: [FlashMute] C:\WINDOWS\flashmute.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [1igeFX] C:\WINDOWS\1igeFX.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! ¤u¨ã¦C) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9133 bytes


----------



## Cookiegal (Aug 27, 2003)

Go to *Start* - *Search* - *All Files and Folders* and under *More advanced search options*. 
Make sure there is a check by *Search System Folders* and *Search hidden files and folders* and *Search system subfolders*.

Next click on *My Computer*. Go to *Tools* - *Folder Options*. Click on the View tab and make sure that *Show hidden files and folders* is checked. Also uncheck *Hide protected operating system files* and *Hide extensions for known file types*. Now click *Apply to all folders*. Click *Apply* then *OK*.

Go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\WINDOWS\installer3.exe
C:\WINDOWS\instalator.exe
C:\WINDOWS\mtraffic2.exe
C:\WINDOWS\1igeFX.exe
C:\WINDOWS\mtraffic1.exe


----------



## desertluver (Sep 11, 2008)

I did the scan as instructed and below is the results for each file.
Thank you!

Below is the result for the scan of C:\WINDOWS\installer3.exe

Scan taken on 07 Oct 2008 05:20:18 (GMT) A-Squared Found Trojan-Spy.Win32.Agent.bbg!IK 
AntiVir Found TR/Spy.Mute.395302 
ArcaVir Found Trojan.Agent.Aehd 
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.Spy.W32.Agent.btl 
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found Trojan-Spy.Win32.Agent.bbg 
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found Trojan.Agent.EPAO 
VBA32 Found nothing

Scan results for C:\WINDOWS\instalator.exe

Scan taken on 07 Oct 2008 05:25:01 (GMT) A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found Trojan.Agent.Aehd 
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.Spy.W32.Agent.btl 
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found Trojan.Agent.EPAO 
VBA32 Found nothing

Results for C:\WINDOWS\mtraffic2.exe

Scan taken on 07 Oct 2008 05:27:55 (GMT) A-Squared Found nothing
AntiVir Found TR/Drop.Agen.595518 
ArcaVir Found Trojan.Agent.Aehd 
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.Spy.W32.Agent.btl 
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found Trojan.Agent.EPAO 
VBA32 Found nothing

Results for C:\WINDOWS\1igeFX.exe

Scan taken on 07 Oct 2008 05:30:57 (GMT) A-Squared Found nothing
AntiVir Found TR/Spy.Mute.395302 
ArcaVir Found Trojan.Agent.Aehd 
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.Spy.W32.Agent.btl 
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found Trojan.Agent.EPAO 
VBA32 Found nothing

Results for C:\WINDOWS\mtraffic1.exe

Scan taken on 07 Oct 2008 05:33:42 (GMT) A-Squared Found nothing
AntiVir Found TR/Drop.Agen.595518 
ArcaVir Found Trojan.Agent.Aehd 
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.Spy.W32.Agent.btl 
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found Trojan.Agent.EPAO 
VBA32 Found nothing


----------



## Cookiegal (Aug 27, 2003)

I think those are inconclusive so please do the following so someone can take a closer look at those files.

Download Suspicious File Packer from http://www.safer-networking.org/en/tools/index.html and unzip it to desktop, open it and paste in this list of files and when it has created the archive on your desktop please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

*C:\WINDOWS\installer3.exe
C:\WINDOWS\instalator.exe
C:\WINDOWS\mtraffic2.exe
C:\WINDOWS\1igeFX.exe
C:\WINDOWS\mtraffic1.exe *

Please add a link to your post here so we know where the files came from. Thanks.


----------



## desertluver (Sep 11, 2008)

How do I unzip it to my desktop?

Thanks!


----------



## desertluver (Sep 11, 2008)

I posted the uploaded files as instructed (I think I did it right) and below is the link where the post is located. Please let me know if I did it wrong.

http://thespykiller.co.uk/index.php...ew?PHPSESSID=dfce3db594ada0cc8321dae5c07397ca

OR try the link below.

http://thespykiller.co.uk/index.php/topic,7135.0.html


----------



## Cookiegal (Aug 27, 2003)

Yes, the files are there. We just need to sit tight now until we hear some news about them.


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add/Remove programs and remove any of these you see there:

*Viewpoint
Viewpoint Manager
Viewpoint Media Player*

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\WINDOWS\installer3.exe
C:\WINDOWS\instalator.exe
C:\WINDOWS\mtraffic2.exe
C:\WINDOWS\1igeFX.exe
C:\WINDOWS\mtraffic1.exe
C:\WINDOWS\mutelib.dll
C:\WINDOWS\flashmute.exe
C:\WINDOWS\BluetoothAuthAgent.exe

Folder::
C:\PROGRAM FILES\HOTBAR
C:\Program Files\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthAgent"=- 
"FlashMute"=-
"1igeFX"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabled runkeys]
"Hotbar"=-
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## desertluver (Sep 11, 2008)

Sorry for just now replying, I've been down with the flu the past 2 weeks and am just now checking the tech support site for replies.
I looked in ADD/REMOVE for the files you said to look for and I did not see any of them there. Before logging onto this site and after doing what you instructed me to do I checked to see if I had sound with the Adobe Flash Player, and yes I have sound! Thanks for helping to fix the sound problem, I greatly appreciate you taking the time to help with this!

Please let me know if you see anything in either of the below logs that could be causing the slow down of my PC or any other problems you see from the logs.

Thanks so much for the help, this site and the people who help are awesome! :up::up:

P.S. I am posting the HJT log on a separate reply because I got an error message saying this reply was to long.

Below is the post for the first part of COMBOFIX, last part will be on another reply, too long to post all here.

ComboFix 08-10-29.04 - Kelly Dayton 2008-10-29 1:37:14.2 - *FAT32*x86
Running from: C:\Documents and Settings\Kelly Dayton\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Kelly Dayton\Desktop\CFScript.txt
FILE ::
C:\WINDOWS\1igeFX.exe
C:\WINDOWS\BluetoothAuthAgent.exe
C:\WINDOWS\flashmute.exe
C:\WINDOWS\instalator.exe
C:\WINDOWS\installer3.exe
C:\WINDOWS\mtraffic1.exe
C:\WINDOWS\mtraffic2.exe
C:\WINDOWS\mutelib.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0303001D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\atmosphere.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\BlueStreak.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts2Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AtmoHWConfig.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AvatarsDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\BookmarksDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultAvatarIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultWorldIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\InternetChatHelp.url
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AtmoHWConfig.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AvatarsDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\BookmarksDefault.prf
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultAvatarIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultWorldIcon.jpg
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\InternetChatHelp.url
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
C:\WINDOWS\1igeFX.exe
C:\WINDOWS\BluetoothAuthAgent.exe
C:\WINDOWS\flashmute.exe
C:\WINDOWS\instalator.exe
C:\WINDOWS\installer3.exe
C:\WINDOWS\mtraffic1.exe
C:\WINDOWS\mtraffic2.exe
C:\WINDOWS\mutelib.dll
C:\WINDOWS\TABCTL32.OCX
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.
2008-10-24 02:30 . 2008-10-24 02:30 410,976 --a------ C:\WINDOWS\SYSTEM32\deploytk.dll
2008-10-24 02:30 . 2008-10-24 02:30 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-23 15:33 . 2008-10-15 09:34 337,408 --------- C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
2008-10-15 18:33 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-10-15 18:33 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\SYSTEM32\dllcache\srv.sys
2008-10-15 18:32 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-10-15 18:32 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-10-15 18:32 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-10-15 18:32 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-10-13 18:02 . 2008-10-13 18:02 dr------- C:\Documents and Settings\Kelly Dayton\Application Data\Brother
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-09-20 02:44 --------- d-----w C:\Documents and Settings\Kelly Dayton\Application Data\PC-FAX TX
2008-09-20 01:51 --------- d-----w C:\Program Files\Reallusion
2008-09-20 01:08 --------- d-----w C:\Program Files\Brother
2008-09-20 01:04 --------- d-----w C:\Program Files\Nuance
2008-09-20 00:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother
2008-09-19 21:35 --------- d-----w C:\Documents and Settings\Kelly Dayton\Application Data\Malwarebytes
2008-09-19 21:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-10 07:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 07:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-08-25 08:38 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-08-03 20:57 56,912 ----a-w C:\Documents and Settings\Kelly Dayton\g2mdlhlpx.exe
2001-01-08 23:03 266 --sh--w C:\Program Files\desktop.ini
2001-01-08 23:03 11,079 ---h--w C:\Program Files\folder.htt
2008-06-19 01:49 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061820080619\index.dat
.
((((((((((((((((((((((((((((( [email protected]_20.29.05.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:57:28 124,928 ------w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:28 347,136 ------w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:28 214,528 ------w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:28 133,120 ------w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 ------w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:26 70,656 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:30 153,088 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:30 230,400 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:30 383,488 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:30 384,512 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:34 6,066,176 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:34 44,544 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:36 27,648 ------w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 17:57:40 3,592,192 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:40 477,696 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:40 193,024 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 ------w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 ------w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 ------w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:42 233,472 ------w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:42 826,368 ------w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:57:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2008-06-23 16:57:28 124,928 ------w C:\WINDOWS\SYSTEM32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 ------w C:\WINDOWS\SYSTEM32\dllcache\advpack.dll
- 2008-06-23 16:57:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
- 2008-06-23 16:57:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 ------w C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 ------w C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
- 2008-06-23 16:57:30 153,088 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakeng.dll
- 2008-06-23 16:57:30 230,400 ------w C:\WINDOWS\SYSTEM32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\SYSTEM32\dllcache\ieaksie.dll
- 2008-06-23 16:57:30 383,488 ------w C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ------w C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:30 384,512 ------w C:\WINDOWS\SYSTEM32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:30 384,512 ------w C:\WINDOWS\SYSTEM32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:34 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\iernonce.dll
+ 2008-08-26 07:24:30 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 ------w C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
+ 2008-08-26 07:24:30 267,776 ------w C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
- 2008-06-23 16:57:36 27,648 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
- 2008-06-23 16:57:36 459,264 ------w C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ------w C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ------w C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ------w C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
- 2008-06-23 16:57:40 477,696 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
- 2008-06-23 16:57:40 193,024 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
- 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\SYSTEM32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\SYSTEM32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
- 2008-06-23 16:57:40 105,984 ------w C:\WINDOWS\SYSTEM32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 ------w C:\WINDOWS\SYSTEM32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
+ 2008-08-26 07:24:32 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
- 2008-06-23 16:57:42 233,472 ------w C:\WINDOWS\SYSTEM32\dllcache\webcheck.dll
+ 2008-08-26 07:24:32 233,472 ------w C:\WINDOWS\SYSTEM32\dllcache\webcheck.dll
- 2008-06-23 16:57:42 826,368 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
+ 2008-08-26 07:24:32 826,368 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
- 2008-06-23 16:57:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-06-23 16:57:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-06-23 16:57:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2008-06-19 01:48:58 319,544 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-10-16 23:23:46 319,544 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2008-06-23 09:20:26 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-08-25 08:38:00 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2008-06-23 16:57:30 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2008-06-23 16:57:30 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-08-23 05:54:52 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2008-06-23 16:57:30 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2008-06-23 16:57:30 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-08-26 07:24:30 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2008-06-23 16:57:34 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-10-03 17:41:16 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-06-23 16:57:34 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-08-26 07:24:30 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2008-06-10 08:21:02 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-10-24 09:30:00 144,792 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-10-24 09:30:02 144,792 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
- 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-10-24 09:30:02 148,888 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2008-06-23 16:57:36 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-10-05 03:16:26 235,936 ----a-r C:\WINDOWS\SYSTEM32


----------



## desertluver (Sep 11, 2008)

The rest of the combofix report.

- 2008-04-10 21:49:54 74,137 ----a-w C:\WINDOWS\SYSTEM32\MACROMED\FLASH\uninstall_activeX.exe
+ 2008-10-29 08:10:42 89,102 ----a-w C:\WINDOWS\SYSTEM32\MACROMED\FLASH\uninstall_activeX.exe
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2008-06-24 17:57:40 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-06-23 16:57:40 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2008-06-23 16:57:40 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2008-04-14 00:12:02 337,408 ----a-w C:\WINDOWS\SYSTEM32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w C:\WINDOWS\SYSTEM32\netapi32.dll
- 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:52 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-08-26 07:24:32 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2008-06-23 16:57:42 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-08-26 07:24:32 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2008-06-23 16:57:42 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-08-26 07:24:32 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-10-29 08:47:30 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_478.dat
+ 2008-10-29 08:48:00 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_744.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-13 17:12 8461312 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 43008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 5058560]
"InstantAccess"="C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe" [2000-01-19 49152]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 385024]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
"SM56ACL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"LoadPowerProfile"="powrprof.dll" [2008-04-13 C:\WINDOWS\SYSTEM32\powrprof.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]
C:\Documents and Settings\Kelly Dayton\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-30 118784]
CheckIt 86.lnk - C:\Program Files\CheckIt\86\CheckIt86.exe [2004-03-25 339968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AttuneClientEngine]
--a------ 2000-07-24 23:47 356728 C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"BookmarkCentral"=C:\PROGRA~1\BMCENT~1\BMLauncher.exe
"OneTouch Monitor"=C:\PROGRA~1\VISION~1\ONETOU~2.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"Hotbar"=C:\PROGRAM FILES\HOTBAR\BIN\4.4.2.0\HBINST.EXE /Upgrade
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ontrack\\SystemSuite\\SSuite.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-24 152984]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 36224]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder
2008-10-24 C:\WINDOWS\Tasks\Maintenance-Defragment programs.job
- C:\WINDOWS\DEFRAG.EXE []
2008-10-29 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-10-01 C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job
- C:\WINDOWS\CLEANMGR.EXE []
2008-10-29 C:\WINDOWS\Tasks\Avastantivirus.job
- C:\Program Files\Alwil Software\Avast4\ashQuick.exe [2008-07-19 07:30]
2008-10-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 01:49:29
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TextBridge Pro Millennium\Bin\TBMHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2008-10-29 2:01:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-29 09:01:16
ComboFix2.txt 2008-10-02 03:30:54
Pre-Run: 12,461,522,944 bytes free
Post-Run: 12,572,639,232 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
419 --- E O F --- 2008-10-29 06:28:56


----------



## desertluver (Sep 11, 2008)

HJT report, sorry for having to post reports separatly!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:06 AM, on 10/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8188 bytes


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\WINDOWS\SYSTEM32\deploytk.dll

Folder::
C:\PROGRA~1\Aveo
C:\PROGRAM FILES\HOTBAR

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AttuneClientEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabled runkeys]
"Hotbar"=-
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## desertluver (Sep 11, 2008)

Something odd happened after running combo-fix this time, after it provided the log report, there was nothing on my computer but a blue screen. I rebooted and all seemed ok, nothing lost.

After running combofix the last time I noticed that my icon for Avast is no longer in the tray but it is still downloaded on my PC. I checked the appearance page and put a check mark by icon tray but still no icon in the tray. Also, noticed that Avast notified me that I had some viruses, not sure if I got the virues bc the icon is not in the try or what.
How do I get the icon back in the tray?

Combofix log below, will send HJT log in separate reply.

ComboFix 08-10-30.09 - Kelly Dayton 2008-10-30 16:51:24.3 - *FAT32*x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.207 [GMT -7:00]
Running from: C:\Documents and Settings\Kelly Dayton\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Kelly Dayton\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\PROGRA~1\Aveo
C:\PROGRA~1\Aveo\Attune\bin\ActorManager.zip
C:\PROGRA~1\Aveo\Attune\bin\Attune.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\PROGRA~1\Aveo\Attune\bin\AttunePreventAlert.wav
C:\PROGRA~1\Aveo\Attune\bin\AttuneUtils.dll
C:\PROGRA~1\Aveo\Attune\bin\character.acs
C:\PROGRA~1\Aveo\Attune\bin\ClientEngineps.dll
C:\PROGRA~1\Aveo\Attune\bin\CUEngine.dll
C:\PROGRA~1\Aveo\Attune\bin\Discovery.dll
C:\PROGRA~1\Aveo\Attune\bin\Disk Space Manager.exe
C:\PROGRA~1\Aveo\Attune\bin\EngC23.dll
C:\PROGRA~1\Aveo\Attune\bin\EventMap.dll
C:\PROGRA~1\Aveo\Attune\bin\ExceptionList.dll
C:\PROGRA~1\Aveo\Attune\bin\integrity.chk
C:\PROGRA~1\Aveo\Attune\bin\Integrity.dll
C:\PROGRA~1\Aveo\Attune\bin\log.exe
C:\PROGRA~1\Aveo\Attune\bin\manifest.dat
C:\PROGRA~1\Aveo\Attune\bin\NOAgent.exe
C:\PROGRA~1\Aveo\Attune\bin\NOPopup.exe
C:\PROGRA~1\Aveo\Attune\bin\NOSysTray.exe
C:\PROGRA~1\Aveo\Attune\bin\Notification.dll
C:\PROGRA~1\Aveo\Attune\bin\notification.wav
C:\PROGRA~1\Aveo\Attune\bin\notifications.wav
C:\PROGRA~1\Aveo\Attune\bin\ProcessUpdate.dll
C:\PROGRA~1\Aveo\Attune\bin\PRProf.dll
C:\PROGRA~1\Aveo\Attune\bin\PSPackageStore.dll
C:\PROGRA~1\Aveo\Attune\bin\PTMHttp.dll
C:\PROGRA~1\Aveo\Attune\bin\receiver.exe
C:\PROGRA~1\Aveo\Attune\bin\RelationshipManagement.exe
C:\PROGRA~1\Aveo\Attune\bin\renotification.wav
C:\PROGRA~1\Aveo\Attune\bin\renotifications.wav
C:\PROGRA~1\Aveo\Attune\bin\target.dll
C:\PROGRA~1\Aveo\Attune\bin\Tech Support\notification.wav
C:\PROGRA~1\Aveo\Attune\Bitmap\About_box.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\Attune_Logo_.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\Aveologo.gif
C:\PROGRA~1\Aveo\Attune\Bitmap\bkgd_Other.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\bkgd_OtherBig.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\bkgd_Welcome.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\bkgd_WelcomeBig.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\blank.htm
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_AboutPri_D.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_AboutPri_R.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_AboutPri_U.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Msg_D.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Msg_R.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Msg_U.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavMsg_D.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavMsg_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavMsg_X.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavRel_D.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavRel_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavRel_X.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavWel_D.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavWel_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavWel_X.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Overview_D.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Overview_R.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Overview_U.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_PriState_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_RelSet_D.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_RelSet_R.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_RelSet_U.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_SharedState_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\Character.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\Dialog_Logo.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\Disabled.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\Enabled.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\main.htm
C:\PROGRA~1\Aveo\Attune\Bitmap\PopUpDialog.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\prevent_logo.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\smlAVEO.GIF
C:\PROGRA~1\Aveo\Attune\Bitmap\splash.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\summary.htm
C:\PROGRA~1\Aveo\Attune\Bitmap\Sys_Tray_Icon.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\SystemTrayIcon.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon0.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon1.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon2.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon3.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon4.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon5.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\whatis.txt
C:\PROGRA~1\Aveo\Attune\Data\Attune.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\AntiVirusDATFile.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\1.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\2.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\3.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\benefit.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\AmazonLogo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\AveoClear.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Aveologo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\blank.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Blseye.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\CorelLogo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\EarthWeb.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\ecircles.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\GSLOGO.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Guildhall.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Happy.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\hpprinters.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\lineonelogo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\mp3dotcom.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\NortonSysTrayIcon.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Pointer.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Printer.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Printerclear.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\promsebtn.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\promsebtn1.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\promsebtn2.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\promsebtn3.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Ser911.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Up-one.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Version 1.txt
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\VirginLogo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\pointer.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Printer.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\InitPram.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\LoadObject.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\lzLink.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\Tcommerce.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\WindowOpen.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\SummarySRC.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Title.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\PrinterInk.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\ProcessDVD.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\ProcessRunning.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\RegChecker2.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Agents\DiagnosticAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Assets\Tech Support (AttunePrevent)\2006-02.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Assets\Tech Support (AttunePrevent)\notifications.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\comattunenetwork.xml
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{96D1EE8F-A63E-11D3-A2D9-0050DA6D3454}\_notify.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{96D1EE8F-A63E-11D3-A2D9-0050DA6D3454}\main.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\_notify.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\AVEOLOGO.GIF
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\BLSEYE.GIF
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\HAPPY.GIF
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\main.htm
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\CertInstalled.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DIHardwareConfigurationActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DIInitialDataActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DISoftwareConfigurationActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DISystemSoftwareConfigurationActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DISystemUsageActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\WindowProcessActor.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneCommunicationsAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneDiskSpaceAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneHardwareAgent.DAT
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneHardwareAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneProcessAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSoftwareAgent.DAT
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSoftwareAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSystemSoftwareAgent.DAT
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSystemSoftwareAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSystemUsageAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneTimerAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneWindowAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\comaveo-attune.xml
C:\PROGRA~1\Aveo\Attune\Data\DiscoveryCommonStore.dat
C:\PROGRA~1\Aveo\Attune\Data\log.txt
C:\PROGRA~1\Aveo\Attune\Data\Packages.mdb
C:\PROGRA~1\Aveo\Attune\Data\Profile.mdb
C:\PROGRA~1\Aveo\Attune\Data\SecMHist.dat
C:\PROGRA~1\Aveo\Attune\eula.rtf
C:\PROGRA~1\Aveo\Attune\Help\AttuneClientHelp.chm
C:\PROGRA~1\Aveo\Attune\Help\AveoFacesBack.gif
C:\PROGRA~1\Aveo\Attune\Help\Overview.exe
C:\PROGRA~1\Aveo\Attune\Help\smlAVEO.GIF
C:\PROGRA~1\Aveo\Attune\Help\Tutorial.htm
C:\PROGRA~1\Aveo\Attune\Readme.txt
C:\PROGRA~1\Aveo\Attune\Setup\INUtil.dll
C:\PROGRA~1\Aveo\Attune\Setup\relsetup.exe
C:\WINDOWS\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-24 02:30 . 2008-10-24 02:30 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-23 15:33 . 2008-10-15 09:34 337,408 --------- C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
2008-10-15 18:33 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-10-15 18:33 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\SYSTEM32\dllcache\srv.sys
2008-10-15 18:32 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-10-15 18:32 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-10-15 18:32 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-10-15 18:32 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-10-13 18:02 . 2008-10-13 18:02 dr------- C:\Documents and Settings\Kelly Dayton\Application Data\Brother
2008-09-19 19:44 . 2008-09-19 19:44 d-------- C:\Documents and Settings\Kelly Dayton\Application Data\PC-FAX TX
2008-09-19 19:28 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\SYSTEM32\BroSNMP.dll
2008-09-19 19:28 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\SYSTEM32\BrDctF2.dll
2008-09-19 19:28 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\SYSTEM32\BrDctF2S.dll
2008-09-19 19:28 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\SYSTEM32\BrDctF2L.dll
2008-09-19 19:27 . 2006-01-17 01:03 126,976 --------- C:\WINDOWS\SYSTEM32\BrfxD05a.dll
2008-09-19 19:27 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.BMP
2008-09-19 19:27 . 2008-09-19 19:47 0 --a------ C:\WINDOWS\brdfxspd.dat
2008-09-19 18:51 . 2008-09-19 18:51 d-------- C:\Program Files\Reallusion
2008-09-19 18:10 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys
2008-09-19 18:10 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\SYSTEM32\dllcache\serscan.sys
2008-09-19 18:10 . 2008-09-19 19:50 1,020 --a------ C:\WINDOWS\Brpfx04a.ini
2008-09-19 18:10 . 2008-09-19 19:30 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-19 18:10 . 2008-09-19 19:44 153 --a------ C:\WINDOWS\brpcfx.ini
2008-09-19 18:10 . 2008-09-19 19:29 50 --a------ C:\WINDOWS\SYSTEM32\bridf07a.dat
2008-09-19 18:10 . 2008-09-19 19:30 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-19 18:08 . 2008-09-19 18:08 d-------- C:\Program Files\Brother
2008-09-19 18:08 . 2008-09-19 18:08 d-------- C:\Brother
2008-09-19 18:08 . 2007-02-01 13:19 1,520,640 --a------ C:\WINDOWS\SYSTEM32\BrWia07a.dll
2008-09-19 18:08 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\SYSTEM32\NSSearch.dll
2008-09-19 18:08 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-19 18:08 . 2002-11-26 13:43 106,496 --------- C:\WINDOWS\SYSTEM32\BrMuSNMP.dll
2008-09-19 18:08 . 2006-07-07 12:40 73,728 --------- C:\WINDOWS\SYSTEM32\BRCrypt.dll
2008-09-19 18:08 . 2007-02-06 19:50 61,952 --------- C:\WINDOWS\SYSTEM32\BrNetSti.dll
2008-09-19 18:08 . 2007-04-27 17:13 61,440 --------- C:\WINDOWS\SYSTEM32\BrMfNt.dll
2008-09-19 18:08 . 2007-01-26 16:13 54,784 --a------ C:\WINDOWS\SYSTEM32\brinsstr.dll
2008-09-19 18:08 . 2006-12-26 19:39 37,376 --------- C:\WINDOWS\SYSTEM32\Brnsplg.dll
2008-09-19 18:08 . 2007-01-26 15:06 34,816 --------- C:\WINDOWS\SYSTEM32\BrWiaNCp.dll
2008-09-19 18:08 . 2008-09-19 19:29 86 --a------ C:\WINDOWS\Brfaxrx.ini
2008-09-19 18:04 . 2008-09-19 18:04 d-------- C:\Program Files\Nuance
2008-09-19 17:19 . 2008-09-19 17:19 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-19 14:34 . 2008-09-19 14:34 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 14:34 . 2008-09-19 14:35 d-------- C:\Documents and Settings\Kelly Dayton\Application Data\Malwarebytes
2008-09-19 14:34 . 2008-09-19 14:34 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 14:34 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-09-19 14:34 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-15 00:09 . 2008-09-15 00:09 369 --a------ C:\WINDOWS\capture.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-08-25 08:38 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2007-08-03 20:57 56,912 ----a-w C:\Documents and Settings\Kelly Dayton\g2mdlhlpx.exe
2001-01-08 23:03 266 --sh--w C:\Program Files\desktop.ini
2001-01-08 23:03 11,079 ---h--w C:\Program Files\folder.htt
2008-06-19 01:49 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061820080619\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-10-29_ 2.00.25.77 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-30 20:37:00 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_464.dat
+ 2008-10-30 20:37:16 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explore


----------



## desertluver (Sep 11, 2008)

New HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:32 PM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8106 bytes


----------



## Cookiegal (Aug 27, 2003)

That's not the entire ComboFix log. Please post it all.


----------



## desertluver (Sep 11, 2008)

Ooops, sorry!

ComboFix 08-10-30.09 - Kelly Dayton 2008-10-30 16:51:24.3 - *FAT32*x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.207 [GMT -7:00]
Running from: C:\Documents and Settings\Kelly Dayton\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Kelly Dayton\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\PROGRA~1\Aveo
C:\PROGRA~1\Aveo\Attune\bin\ActorManager.zip
C:\PROGRA~1\Aveo\Attune\bin\Attune.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\PROGRA~1\Aveo\Attune\bin\AttunePreventAlert.wav
C:\PROGRA~1\Aveo\Attune\bin\AttuneUtils.dll
C:\PROGRA~1\Aveo\Attune\bin\character.acs
C:\PROGRA~1\Aveo\Attune\bin\ClientEngineps.dll
C:\PROGRA~1\Aveo\Attune\bin\CUEngine.dll
C:\PROGRA~1\Aveo\Attune\bin\Discovery.dll
C:\PROGRA~1\Aveo\Attune\bin\Disk Space Manager.exe
C:\PROGRA~1\Aveo\Attune\bin\EngC23.dll
C:\PROGRA~1\Aveo\Attune\bin\EventMap.dll
C:\PROGRA~1\Aveo\Attune\bin\ExceptionList.dll
C:\PROGRA~1\Aveo\Attune\bin\integrity.chk
C:\PROGRA~1\Aveo\Attune\bin\Integrity.dll
C:\PROGRA~1\Aveo\Attune\bin\log.exe
C:\PROGRA~1\Aveo\Attune\bin\manifest.dat
C:\PROGRA~1\Aveo\Attune\bin\NOAgent.exe
C:\PROGRA~1\Aveo\Attune\bin\NOPopup.exe
C:\PROGRA~1\Aveo\Attune\bin\NOSysTray.exe
C:\PROGRA~1\Aveo\Attune\bin\Notification.dll
C:\PROGRA~1\Aveo\Attune\bin\notification.wav
C:\PROGRA~1\Aveo\Attune\bin\notifications.wav
C:\PROGRA~1\Aveo\Attune\bin\ProcessUpdate.dll
C:\PROGRA~1\Aveo\Attune\bin\PRProf.dll
C:\PROGRA~1\Aveo\Attune\bin\PSPackageStore.dll
C:\PROGRA~1\Aveo\Attune\bin\PTMHttp.dll
C:\PROGRA~1\Aveo\Attune\bin\receiver.exe
C:\PROGRA~1\Aveo\Attune\bin\RelationshipManagement.exe
C:\PROGRA~1\Aveo\Attune\bin\renotification.wav
C:\PROGRA~1\Aveo\Attune\bin\renotifications.wav
C:\PROGRA~1\Aveo\Attune\bin\target.dll
C:\PROGRA~1\Aveo\Attune\bin\Tech Support\notification.wav
C:\PROGRA~1\Aveo\Attune\Bitmap\About_box.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\Attune_Logo_.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\Aveologo.gif
C:\PROGRA~1\Aveo\Attune\Bitmap\bkgd_Other.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\bkgd_OtherBig.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\bkgd_Welcome.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\bkgd_WelcomeBig.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\blank.htm
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_AboutPri_D.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_AboutPri_R.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_AboutPri_U.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Msg_D.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Msg_R.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Msg_U.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavMsg_D.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavMsg_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavMsg_X.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavRel_D.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavRel_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavRel_X.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavWel_D.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavWel_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_NavWel_X.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Overview_D.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Overview_R.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_Overview_U.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_PriState_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_RelSet_D.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_RelSet_R.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_RelSet_U.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\btn_SharedState_U.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\Character.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\Dialog_Logo.BMP
C:\PROGRA~1\Aveo\Attune\Bitmap\Disabled.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\Enabled.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\main.htm
C:\PROGRA~1\Aveo\Attune\Bitmap\PopUpDialog.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\prevent_logo.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\smlAVEO.GIF
C:\PROGRA~1\Aveo\Attune\Bitmap\splash.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\summary.htm
C:\PROGRA~1\Aveo\Attune\Bitmap\Sys_Tray_Icon.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\SystemTrayIcon.bmp
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon0.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon1.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon2.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon3.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon4.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\trayicon5.ico
C:\PROGRA~1\Aveo\Attune\Bitmap\whatis.txt
C:\PROGRA~1\Aveo\Attune\Data\Attune.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\AntiVirusDATFile.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\1.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\2.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\3.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\benefit.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\AmazonLogo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\AveoClear.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Aveologo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\blank.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Blseye.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\CorelLogo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\EarthWeb.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\ecircles.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\GSLOGO.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Guildhall.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Happy.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\hpprinters.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\lineonelogo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\mp3dotcom.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\NortonSysTrayIcon.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Pointer.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Printer.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Printerclear.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\promsebtn.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\promsebtn1.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\promsebtn2.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\promsebtn3.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Ser911.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Up-one.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\Version 1.txt
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Images\VirginLogo.gif
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\pointer.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Printer.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\InitPram.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\LoadObject.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\lzLink.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\Tcommerce.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Scripts\WindowOpen.js
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\SummarySRC.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\Content\0001\Title.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\PrinterInk.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\ProcessDVD.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\ProcessRunning.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Actors\RegChecker2.class
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Agents\DiagnosticAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Assets\Tech Support (AttunePrevent)\2006-02.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Assets\Tech Support (AttunePrevent)\notifications.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\comattunenetwork.xml
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{96D1EE8F-A63E-11D3-A2D9-0050DA6D3454}\_notify.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{96D1EE8F-A63E-11D3-A2D9-0050DA6D3454}\main.htm
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\_notify.dat
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\AVEOLOGO.GIF
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\BLSEYE.GIF
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\HAPPY.GIF
C:\PROGRA~1\Aveo\Attune\Data\comattunenetwork\Packages\{9A2FC4C0-2403-11D3-A050-005004053E8C}\main.htm
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\CertInstalled.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DIHardwareConfigurationActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DIInitialDataActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DISoftwareConfigurationActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DISystemSoftwareConfigurationActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\com\aveoattune\DISystemUsageActor.class
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Actors\WindowProcessActor.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneCommunicationsAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneDiskSpaceAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneHardwareAgent.DAT
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneHardwareAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneProcessAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSoftwareAgent.DAT
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSoftwareAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSystemSoftwareAgent.DAT
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSystemSoftwareAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneSystemUsageAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneTimerAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\Agents\AttuneWindowAgent.dll
C:\PROGRA~1\Aveo\Attune\Data\comaveo-attune\comaveo-attune.xml
C:\PROGRA~1\Aveo\Attune\Data\DiscoveryCommonStore.dat
C:\PROGRA~1\Aveo\Attune\Data\log.txt
C:\PROGRA~1\Aveo\Attune\Data\Packages.mdb
C:\PROGRA~1\Aveo\Attune\Data\Profile.mdb
C:\PROGRA~1\Aveo\Attune\Data\SecMHist.dat
C:\PROGRA~1\Aveo\Attune\eula.rtf
C:\PROGRA~1\Aveo\Attune\Help\AttuneClientHelp.chm
C:\PROGRA~1\Aveo\Attune\Help\AveoFacesBack.gif
C:\PROGRA~1\Aveo\Attune\Help\Overview.exe
C:\PROGRA~1\Aveo\Attune\Help\smlAVEO.GIF
C:\PROGRA~1\Aveo\Attune\Help\Tutorial.htm
C:\PROGRA~1\Aveo\Attune\Readme.txt
C:\PROGRA~1\Aveo\Attune\Setup\INUtil.dll
C:\PROGRA~1\Aveo\Attune\Setup\relsetup.exe
C:\WINDOWS\SYSTEM32\deploytk.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-24 02:30 . 2008-10-24 02:30 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-23 15:33 . 2008-10-15 09:34 337,408 --------- C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
2008-10-15 18:33 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-10-15 18:33 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\SYSTEM32\dllcache\srv.sys
2008-10-15 18:32 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-10-15 18:32 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-10-15 18:32 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-10-15 18:32 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-10-13 18:02 . 2008-10-13 18:02 dr------- C:\Documents and Settings\Kelly Dayton\Application Data\Brother
2008-09-19 19:44 . 2008-09-19 19:44 d-------- C:\Documents and Settings\Kelly Dayton\Application Data\PC-FAX TX
2008-09-19 19:28 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\SYSTEM32\BroSNMP.dll
2008-09-19 19:28 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\SYSTEM32\BrDctF2.dll
2008-09-19 19:28 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\SYSTEM32\BrDctF2S.dll
2008-09-19 19:28 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\SYSTEM32\BrDctF2L.dll
2008-09-19 19:27 . 2006-01-17 01:03 126,976 --------- C:\WINDOWS\SYSTEM32\BrfxD05a.dll
2008-09-19 19:27 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.BMP
2008-09-19 19:27 . 2008-09-19 19:47 0 --a------ C:\WINDOWS\brdfxspd.dat
2008-09-19 18:51 . 2008-09-19 18:51 d-------- C:\Program Files\Reallusion
2008-09-19 18:10 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys
2008-09-19 18:10 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\SYSTEM32\dllcache\serscan.sys
2008-09-19 18:10 . 2008-09-19 19:50 1,020 --a------ C:\WINDOWS\Brpfx04a.ini
2008-09-19 18:10 . 2008-09-19 19:30 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-19 18:10 . 2008-09-19 19:44 153 --a------ C:\WINDOWS\brpcfx.ini
2008-09-19 18:10 . 2008-09-19 19:29 50 --a------ C:\WINDOWS\SYSTEM32\bridf07a.dat
2008-09-19 18:10 . 2008-09-19 19:30 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-19 18:08 . 2008-09-19 18:08 d-------- C:\Program Files\Brother
2008-09-19 18:08 . 2008-09-19 18:08 d-------- C:\Brother
2008-09-19 18:08 . 2007-02-01 13:19 1,520,640 --a------ C:\WINDOWS\SYSTEM32\BrWia07a.dll
2008-09-19 18:08 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\SYSTEM32\NSSearch.dll
2008-09-19 18:08 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-19 18:08 . 2002-11-26 13:43 106,496 --------- C:\WINDOWS\SYSTEM32\BrMuSNMP.dll
2008-09-19 18:08 . 2006-07-07 12:40 73,728 --------- C:\WINDOWS\SYSTEM32\BRCrypt.dll
2008-09-19 18:08 . 2007-02-06 19:50 61,952 --------- C:\WINDOWS\SYSTEM32\BrNetSti.dll
2008-09-19 18:08 . 2007-04-27 17:13 61,440 --------- C:\WINDOWS\SYSTEM32\BrMfNt.dll
2008-09-19 18:08 . 2007-01-26 16:13 54,784 --a------ C:\WINDOWS\SYSTEM32\brinsstr.dll
2008-09-19 18:08 . 2006-12-26 19:39 37,376 --------- C:\WINDOWS\SYSTEM32\Brnsplg.dll
2008-09-19 18:08 . 2007-01-26 15:06 34,816 --------- C:\WINDOWS\SYSTEM32\BrWiaNCp.dll
2008-09-19 18:08 . 2008-09-19 19:29 86 --a------ C:\WINDOWS\Brfaxrx.ini
2008-09-19 18:04 . 2008-09-19 18:04 d-------- C:\Program Files\Nuance
2008-09-19 17:19 . 2008-09-19 17:19 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-19 14:34 . 2008-09-19 14:34 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 14:34 . 2008-09-19 14:35 d-------- C:\Documents and Settings\Kelly Dayton\Application Data\Malwarebytes
2008-09-19 14:34 . 2008-09-19 14:34 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 14:34 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-09-19 14:34 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-15 00:09 . 2008-09-15 00:09 369 --a------ C:\WINDOWS\capture.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-08-25 08:38 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2007-08-03 20:57 56,912 ----a-w C:\Documents and Settings\Kelly Dayton\g2mdlhlpx.exe
2001-01-08 23:03 266 --sh--w C:\Program Files\desktop.ini
2001-01-08 23:03 11,079 ---h--w C:\Program Files\folder.htt
2008-06-19 01:49 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061820080619\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-10-29_ 2.00.25.77 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-30 20:37:00 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_464.dat
+ 2008-10-30 20:37:16 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-13 17:12 8461312 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 43008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 5058560]
"InstantAccess"="C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe" [2000-01-19 49152]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 385024]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
"SM56ACL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"LoadPowerProfile"="powrprof.dll" [2008-04-13 C:\WINDOWS\SYSTEM32\powrprof.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]
C:\Documents and Settings\Kelly Dayton\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-30 118784]
CheckIt 86.lnk - C:\Program Files\CheckIt\86\CheckIt86.exe [2004-03-25 339968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"BookmarkCentral"=C:\PROGRA~1\BMCENT~1\BMLauncher.exe
"OneTouch Monitor"=C:\PROGRA~1\VISION~1\ONETOU~2.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"Hotbar"=C:\PROGRAM FILES\HOTBAR\BIN\4.4.2.0\HBINST.EXE /Upgrade
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ontrack\\SystemSuite\\SSuite.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-24 152984]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 36224]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder
2008-10-24 C:\WINDOWS\Tasks\Maintenance-Defragment programs.job
- C:\WINDOWS\DEFRAG.EXE []
2008-10-30 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-10-01 C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job
- C:\WINDOWS\CLEANMGR.EXE []
2008-10-30 C:\WINDOWS\Tasks\Avastantivirus.job
- C:\Program Files\Alwil Software\Avast4\ashQuick.exe [2008-07-19 07:30]
2008-10-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 16:54:54
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-30 16:55:30
ComboFix-quarantined-files.txt 2008-10-30 23:55:28
ComboFix3.txt 2008-10-02 03:30:54
ComboFix2.txt 2008-10-29 09:01:52
Pre-Run: 12,414,025,728 bytes free
Post-Run: 12,428,345,344 bytes free
393 --- E O F --- 2008-10-30 20:50:18


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Hotbar"=-
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## desertluver (Sep 11, 2008)

Below's the reports you asked for. Thanks!!

ComboFix 08-10-30.13 - Kelly Dayton 2008-10-31 18:50:41.4 - *FAT32*x86
Running from: C:\Documents and Settings\Kelly Dayton\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Kelly Dayton\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.
2008-10-30 18:25 . 2008-10-30 18:25 d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-30 17:52 . 2008-10-30 17:52 d-------- C:\Program Files\NOS
2008-10-30 17:52 . 2008-10-30 17:52 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-24 02:30 . 2008-10-24 02:30 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-23 15:33 . 2008-10-15 09:34 337,408 --------- C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
2008-10-15 18:33 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-10-15 18:33 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\SYSTEM32\dllcache\srv.sys
2008-10-15 18:32 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-10-15 18:32 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-10-15 18:32 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-10-15 18:32 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-10-13 18:02 . 2008-10-13 18:02 dr------- C:\Documents and Settings\Kelly Dayton\Application Data\Brother
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-09-20 02:44 --------- d-----w C:\Documents and Settings\Kelly Dayton\Application Data\PC-FAX TX
2008-09-20 01:51 --------- d-----w C:\Program Files\Reallusion
2008-09-20 01:08 --------- d-----w C:\Program Files\Brother
2008-09-20 01:04 --------- d-----w C:\Program Files\Nuance
2008-09-20 00:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother
2008-09-19 21:35 --------- d-----w C:\Documents and Settings\Kelly Dayton\Application Data\Malwarebytes
2008-09-19 21:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-10 07:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 07:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-08-25 08:38 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-08-03 20:57 56,912 ----a-w C:\Documents and Settings\Kelly Dayton\g2mdlhlpx.exe
2001-01-08 23:03 266 --sh--w C:\Program Files\desktop.ini
2001-01-08 23:03 11,079 ---h--w C:\Program Files\folder.htt
2008-06-19 01:49 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061820080619\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-10-29_ 2.00.25.77 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 22:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-06-19 01:50:12 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
+ 2008-10-31 00:52:32 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
- 2008-06-19 01:50:12 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-31 00:52:32 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-19 01:50:12 49,152 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-31 00:52:32 49,152 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-01 01:15:14 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_48c.dat
+ 2008-11-01 01:15:38 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_640.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-13 17:12 8461312 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 43008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 5058560]
"InstantAccess"="C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe" [2000-01-19 49152]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 385024]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
"SM56ACL"="sm56hlpr.exe" [2003-06-19 C:\WINDOWS\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"LoadPowerProfile"="powrprof.dll" [2008-04-13 C:\WINDOWS\SYSTEM32\powrprof.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]
C:\Documents and Settings\Kelly Dayton\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-30 118784]
CheckIt 86.lnk - C:\Program Files\CheckIt\86\CheckIt86.exe [2004-03-25 339968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"BookmarkCentral"=C:\PROGRA~1\BMCENT~1\BMLauncher.exe
"OneTouch Monitor"=C:\PROGRA~1\VISION~1\ONETOU~2.EXE
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ontrack\\SystemSuite\\SSuite.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-24 152984]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 36224]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder
2008-10-24 C:\WINDOWS\Tasks\Maintenance-Defragment programs.job
- C:\WINDOWS\DEFRAG.EXE []
2008-11-01 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-10-01 C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job
- C:\WINDOWS\CLEANMGR.EXE []
2008-11-01 C:\WINDOWS\Tasks\Avastantivirus.job
- C:\Program Files\Alwil Software\Avast4\ashQuick.exe [2008-07-19 07:30]
2008-10-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 18:54:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TextBridge Pro Millennium\Bin\TBMHOOK.dll
.
Completion time: 2008-10-31 18:54:42
ComboFix-quarantined-files.txt 2008-11-01 01:54:38
ComboFix4.txt 2008-10-02 03:30:54
ComboFix3.txt 2008-10-29 09:01:52
ComboFix2.txt 2008-10-30 23:55:32
Pre-Run: 11,884,134,400 bytes free
Post-Run: 11,896,586,240 bytes free
184 --- E O F --- 2008-10-30 20:50:18

HJT Report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:36 PM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8378 bytes


----------



## Cookiegal (Aug 27, 2003)

Please download Malwarebytes Anti-Malware form *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 
Also, if you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots. *


----------



## desertluver (Sep 11, 2008)

Malwarebytes' Anti-Malware 1.30
Database version: 1367
Windows 5.1.2600 Service Pack 3
11/4/2008 10:35:32 PM
mbam-log-2008-11-04 (22-35-32).txt
Scan type: Quick Scan
Objects scanned: 50584
Time elapsed: 3 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\BluetoothControlAgent (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SxS1 (Spyware.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\BluetoothControlAgent\setup.ini (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\1igeFX-cv.txt (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\1igeFX.ini (Spyware.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:11 PM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~1\OFFICE\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8660 bytes


----------



## Cookiegal (Aug 27, 2003)

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version (it's the fifith one down the list :

*Java Runtime Environment (JRE) 6 Update 7*

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## desertluver (Sep 11, 2008)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, November 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 05, 2008 23:27:57
Records in database: 1370937
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 92967
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:34:27

File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\instalator.exe.vir Infected: Trojan.Win32.Agent.akfc 1
C:\Documents and Settings\Kelly Dayton\Desktop\requested-files[2008-10-11_20_00].cab Infected: Trojan.Win32.Agent.akfc 1
C:\Documents and Settings\Kelly Dayton\Yugma\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
C:\Documents and Settings\Kelly Dayton\Yugma\lib\YugmaPlugin.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360 1
C:\System Volume Information\_restore{12DCD50A-FBB7-4742-BF3A-44E626BA43A0}\RP988\A0074715.exe Infected: Trojan.Win32.Agent.akfc 1
The selected area was scanned.


----------



## Cookiegal (Aug 27, 2003)

Delete this .cab file I had you create from your desktop.

C:\Documents and Settings\Kelly Dayton\Desktop\*requested-files[2008-10-11_20_00].cab *

Please post a new HijackThis log.


----------



## desertluver (Sep 11, 2008)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:02 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8464 bytes


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM32\ebkp.dll*

Reboot and post a new HijackThis log and let me know how things are now please.


----------



## desertluver (Sep 11, 2008)

The only thing I've noticed since we started working on my PC problems is the low virtual memory message still pops up. Could all the setup icons I have on my desktop be causing the low virtual memory? Is it ok to delete those icons?
Thank you so much for helping me and specially for taking the time to help me, your help is very much appreciated. After the this last HJT report I'll let you know how things are going, maybe the low virtual memory is fixed now. Thanks again for the help, you're GREAT!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:08 PM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8331 bytes


----------



## Cookiegal (Aug 27, 2003)

You may be running low on resources but you do have way too many applications running at startup.

How much RAM do you have?

What is the size of the paging file? To find that information, do this:

Click Start, and then click Control Panel. 
If in Category view, click on Click Performance and Maintenance and then click System (if in Classic view just click System). 
On the Advanced tab, under Performance, click Settings. 
On the Advanced tab, under Virtual memory, click Change. 
Don't change anything but let me know what it says the size of the initial file is.


----------



## desertluver (Sep 11, 2008)

I have a AMD athlom 64 processor 3000+
2.00GHz, 512 MB Ram (I think)

Paging file Initial size 384 MB
Paging file maximum size 768 MB

Is there any applications that I don't need at start up and can turn off?

I have somethings on my desktop that I've tried to delete and they won't delete and then there's some other things on my desktop that I have no idea what they are and if it's safe to delete or remove them.

Thanks for the quick replies and all the help!


----------



## Cookiegal (Aug 27, 2003)

What are the things that you can't delete from your desktop?


----------



## desertluver (Sep 11, 2008)

I can't remove Camtasia Studio, AiROBOForm.exe & Itunes, when I go to Add and Remove.

Is it ok to remove from my desktop and delete from computer the following files and desktop icons, being that these files have already been installed? If I need them, what about just removing the icons from my desktop
setupeng.exe
jre-6u7-windows-ia64.exe
install_flash_player.exe
FirefoxSetup3.0.1.exe 
Firefoxsetup2.0.06.exe
Firefox setup1.5.exe
SuperAntiSpyware.exe
HJTInstall.exe
ae.exe
mbam-setup.exe
ASAPUtilities_setup_4-2-2.exe
Adobe Reader 9 Installer

Also, I'm not sure what I need at start-up and what I can do without and what I need to continually run. If there's items that I don't really need at start up can I shut them off? Would that speed up my computer?

Cookiegal, thanks so much for the help, you've been great and have already helped me with so much, I'd be totally lost w/o this forum and the wonderful techs that are so willing to help us non-tech people out.
Many thanks!


----------



## Cookiegal (Aug 27, 2003)

I need to know the amount of RAM for sure so please right-click on My Computer and select properties and tell me what it says there.

I will ask someone else to help you trim down your startups when we're done.

You can delete all the program installers from your desktop.

But do you know what this one is associated with? *ae.exe*

Because it could be related to malware.


----------



## desertluver (Sep 11, 2008)

Cookiegal,

The ram says 2.00Ghz, 512 MB of ram, physical address extension. Windows XP Pro Version 2002 SP3.

All the .exe are program installers and I can delete and remove them from my desktop?

I don't know what that ae.exe file is, when I scroll over it, it says ae.exe, file version 1.0.0.0, size 6.43mb.

I've noticed for the past 3 days that Avast keeps telling me that a virus has been found. When I check out the log report is shows the same virus, sign of WIN32:Trojan.gen (other).

Thanks again for the help.


----------



## Cookiegal (Aug 27, 2003)

Delete the ae.exe file.

What file is Avast detected and where is it located?


----------



## desertluver (Sep 11, 2008)

Below is what I copied & pasted from the Avast log.

11/15/2008 6:21:47 PM Kelly Dayton 1388 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\QooBox\Quarantine\C\WINDOWS\instalator.exe.vir" file. 
11/15/2008 7:34:49 PM Kelly Dayton 3112 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\QooBox\Quarantine\C\WINDOWS\instalator.exe.vir" file. 
11/15/2008 7:50:44 PM Kelly Dayton 3112 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{12DCD50A-FBB7-4742-BF3A-44E626BA43A0}\RP988\A0074715.exe" file. 
11/16/2008 11:52:35 AM Kelly Dayton 1412 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Recycled\Dc2.cab\C:\WINDOWS\instalator.exe" file. 
11/17/2008 6:04:32 PM Kelly Dayton 1452 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Recycled\Dc2.cab\C:\WINDOWS\instalator.exe" file. 
11/17/2008 10:06:56 PM Kelly Dayton 1432 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Recycled\Dc2.cab\C:\WINDOWS\instalator.exe" file. 
11/18/2008 2:59:28 PM Kelly Dayton 1404 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Recycled\Dc2.cab\C:\WINDOWS\instalator.exe" file. 
11/19/2008 3:23:11 PM Kelly Dayton 1448 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Recycled\Dc2.cab\C:\WINDOWS\instalator.exe" file. 

Are all the files that end in "exe" program installers and it's ok to delete them?

Thanks!


----------



## Cookiegal (Aug 27, 2003)

Some are already quarantined by ComboFix, one is in system restore which we will flush out when we're done and the rest are in the recycling bin so you need to empty that.

Are there any other problems?


----------



## desertluver (Sep 11, 2008)

Besides the problems we're working on or fixed the only other thing that just happened yesterday was I sent two emails with two different attachements and both of those emails sent out over 100 of the same email.

I emptied the recycle bin and also deleted the ae.exe icon but I have not deleted any other icons that end in .exe.
I don't know what's going on with my computer.


----------



## Cookiegal (Aug 27, 2003)

Download *OTScanIt.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt* on your desktop.

Close any open browsers.
Disconnect from the Internet.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt.
Open the *OTScanIt* folder and double-click on OTScanIt.exe to start the program.
Check the box that says *Scan All Users*
Under Drivers select the radio button for *All*
Under Rootkit Search select the radio button for *Yes*
Check the Radio buttons for Files/Folders Created Within *30 Days* and Files/Folders Modified Within *30 Days. These are the defaults so don't make any changes.* 
Under Additional Scans check the following:
Reg - BotCheck
Reg - Disabled MS Config Items
Reg - Mountpoints2
Reg - Security Settings
Reg - Software Policy Settings
Reg - Uninstall List
Evnt - EventViewer Logs (last 10 errors)

Now click the *Run Scan* button on the toolbar.
The program may be scanning large amounts of data so depending on the scans requested and your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it automatically.
Save that Notepad file. Click the *Format* menu and make sure that *Word wrap* is not checked. If it is then click on it to uncheck it.
Use the *Reply* button and upload the Notepad file here as an attachment please.


----------



## desertluver (Sep 11, 2008)

I hope I attached the file correctly, first time I've sent a file as an attachement rather than copy and paste.


----------



## Cookiegal (Aug 27, 2003)

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill Explorer]
[Unregister Dlls]
[Driver Services - All]
YN -> (SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
YN -> svcWRSSSDK -> 
[Files/Folders - Modified Within 30 days]
NY -> 13 C:\Documents and Settings\Kelly Dayton\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Kelly Dayton\Local Settings\temp\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## desertluver (Sep 11, 2008)

Below are both the reports you requested.

Explorer killed successfully
[Driver Services - All]
Service SymEvent stopped successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\svcWRSSSDK deleted successfully.
[Files/Folders - Modified Within 30 days]
C:\Documents and Settings\Kelly Dayton\Local Settings\temp\svoap.tmp folder deleted successfully.
File delete failed. C:\Documents and Settings\Kelly Dayton\Local Settings\temp\~DF8D9.tmp scheduled to be deleted on reboot.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Kelly Dayton\Local Settings\temp\~DF8D9.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_47c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_644.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11252008_232513
Files moved on Reboot...
C:\Documents and Settings\Kelly Dayton\Local Settings\temp\~DF8D9.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_47c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_644.dat not found!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:16 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\MICROS~1\OFFICE\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8684 bytes


----------



## Cookiegal (Aug 27, 2003)

The log looks fine. Are you still having problems?


----------



## desertluver (Sep 11, 2008)

Computer seems to be doing better, the only thing I noticed is the warning of a virus, which I posted below. This warning came after the last reports I sent you. 
Also, I'm sorry but I'm still unclear as to if I can delete all the icons on my desktop that end in .exe?

11/30/2008 3:02:51 PM 1228082571 Kelly Dayton 1400 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Ontrack\SystemSuite\zmsfxdll.dll\[Embedded#164ec]" file. 

 Thank you again for your time and help I very much appreciate your help with getting my PC running smoothly.

DesertLuver


----------



## Cookiegal (Aug 27, 2003)

I replied above when you asked about the icons on your desktop.

This last detection may be a false positive but lets check it out.

Go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\Program Files\Ontrack\SystemSuite\zmsfxdll.dll


----------



## desertluver (Sep 11, 2008)

File: 
zmsfxdll.dll 
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) 
MD5: cb18aca031894b662379824397b5785e Packers detected: -

Scan taken on 02 Dec 2008 02:17:31 (GMT) 
A-Squared Found nothing 
AntiVir Found nothing 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
CPsecure Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
F-Secure Anti-Virus Found nothing 
G DATA Found nothing 
Ikarus Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
Panda Antivirus Found nothing 
Sophos Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found Unknown.Win32Virus (probable variant)


----------



## desertluver (Sep 11, 2008)

Forgot to add that again today Avast warned of a potential virus, I think it's the same one.


----------



## Cookiegal (Aug 27, 2003)

I'd like to get a closer look at that file so please do the following:

Go to the forum *here* and upload this (these) file(s):

*C:\Program Files\Ontrack\SystemSuite\zmsfxdll.dll *

Here are the directions for uploading the file:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.


----------



## desertluver (Sep 11, 2008)

Below is the link you asked for.

http://thespykiller.co.uk/index.php...ew?PHPSESSID=a287ec8a5acef352ff62fb98ef0e4ede

Also recently I've been getting emails from people saying that a few of the emails I've sent them they are getting a bunch of times and some have even said they received the same email over 100 times. I think it's emails with pictures and attachements that they are receiving over 100 of them at one time. I think my computer is starting to have a mind of its own!

Thanks for your help and patiance!


----------



## Cookiegal (Aug 27, 2003)

The uploaded file is inconclusive although it doesn't appear to be malware.

Are you using this program and if so do you have the means to uninstall and reinstall it?

*Ontrack\SystemSuite*


----------



## desertluver (Sep 11, 2008)

I think this software came with the computer as I do not remember buying it. The utilities that came with it are: Crash Proof, Disc Cleaner, 
Defrag Plus, Disk Snapshot, Fix Wizard, PC Diagnostics, Registry cleaner, registry fixer, rescue disk, system explorer, system monitor, system saver, system suite log, system suite scheduler, virus scanner, Win customiser and year 2000.
I've used this it for defraging.

You can read more about it here.
http://www.ontrackdatarecovery.com/data-recovery-press/?getpressrelease=84

I can uninstall, but I do not have the disk to install again.
Thanks!


----------



## Cookiegal (Aug 27, 2003)

Please remove the version of ComboFix you currently have by dragging it to the recycle bin and grab the latest version and post a new log.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.


----------



## desertluver (Sep 11, 2008)

I installed the newer version of Combofix and also installed the the bootdisk for windows xp onto my desktop, which just replaced the one I had. Do I need to drag the windows xp boot disk over onto combofix since I still have the boot disk installed and on my desktop from the last time we installed combofix?

Should I drag the old BootSafe icon that's already on my desktop from last time over to the recycle bin or do I continue to use the boot safe icon I already have on my desktop?

Thanks!


----------



## Cookiegal (Aug 27, 2003)

No, once the recovery console is installed you don't have to go through that process again. Please just download the new version of ComboFix and run the scan.


----------



## desertluver (Sep 11, 2008)

I had to run combofix 2 times because the first time I forgot to save the log, I copied it but then I had to restart my computer and the copied part wasn't there. Below is the 2 log

ComboFix 08-12-11.03 - Kelly Dayton 2008-12-11 15:54:26.6 - *FAT32*x86
Running from: c:\documents and settings\Kelly Dayton\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.
2008-12-03 18:05 . 2008-12-03 18:05 d--hs---- C:\FOUND.002
2008-11-25 23:25 . 2008-11-25 23:25 d-------- C:\_OTScanIt
2008-11-18 20:30 . 2008-11-18 20:30 d-------- c:\documents and settings\Kelly Dayton\Application Data\OpenOffice.org
2008-11-18 20:25 . 2008-11-18 20:25 d-------- c:\program files\OpenOffice.org 3
2008-11-18 20:25 . 2008-11-18 20:25 d-------- c:\program files\JRE
2008-11-16 16:55 . 2008-11-16 16:55 d-------- c:\program files\OpenOffice.org 2.4
2008-11-16 16:51 . 2008-11-16 16:51 d-------- c:\program files\Common Files\Java
2008-11-11 14:15 . 2008-10-24 04:21 455,296 --------- c:\windows\SYSTEM32\dllcache\mrxsmb.sys
2008-11-11 14:14 . 2008-09-04 10:15 1,106,944 --------- c:\windows\SYSTEM32\dllcache\msxml3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 08:02 60,744 ----a-w c:\documents and settings\Kelly Dayton\g2mdlhlpx.exe
2008-10-31 01:25 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-31 00:52 --------- d-----w c:\program files\NOS
2008-10-31 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 23:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 23:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\dllcache\wups.dll
2008-10-16 21:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 21:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\dllcache\netapi32.dll
2008-10-14 01:02 --------- d-----r c:\documents and settings\Kelly Dayton\Application Data\Brother
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\dllcache\ieframe.dll
2008-09-30 23:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2001-01-08 23:03 266 --sh--w c:\program files\desktop.ini
2001-01-08 23:03 11,079 ---h--w c:\program files\folder.htt
2008-06-19 01:49 32,768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061820080619\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-12-11_15.41.37.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-11 22:46:18 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_47c.dat
+ 2008-12-11 22:46:36 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-13 17:12 8461312 --a------ c:\windows\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 43008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-19 1805552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"InstantAccess"="c:\program files\TextBridge Pro Millennium\Bin\InstantAccess.exe" [2000-01-19 49152]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 c:\windows\sm56hlpr.exe]
"SM56ACL"="sm56hlpr.exe" [2003-06-19 c:\windows\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]
"LoadPowerProfile"="powrprof.dll" [2008-04-13 c:\windows\SYSTEM32\powrprof.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
c:\documents and settings\Kelly Dayton\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-03-30 118784]
CheckIt 86.lnk - c:\program files\CheckIt\86\CheckIt86.exe [2004-03-25 339968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"BookmarkCentral"=c:\progra~1\BMCENT~1\BMLauncher.exe
"OneTouch Monitor"=c:\progra~1\VISION~1\ONETOU~2.EXE
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ontrack\\SystemSuite\\SSuite.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-31 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-19 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-19 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-31 20560]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2006-01-12 36224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder
2008-10-24 c:\windows\Tasks\Maintenance-Defragment programs.job
- c:\windows\DEFRAG.EXE []
2008-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-10-01 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\CLEANMGR.EXE []
2008-12-11 c:\windows\Tasks\Avastantivirus.job
- c:\program files\Alwil Software\Avast4\ashQuick.exe [2008-11-26 10:14]
2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tucson.cox.net/cci/home
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add To CheckIt &86 Trust List - c:\progra~1\CHECKIT\86\AddToTrustList.js
TCP: {857ED467-1990-40A9-9D9B-152657296476} = 192.168.1.1,4.2.2.2
O16 -: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
c:\windows\Downloaded Program Files\Internet Explorer Classes for Java.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
c:\windows\Downloaded Program Files\Quicksilver.inf
c:\windows\Downloaded Program Files\sabminf.dll - O16 -: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF}
hxxp://www.superadblocker.com/activex/sabminf.cab
c:\windows\Downloaded Program Files\sabminf.inf
FF - ProfilePath - c:\documents and settings\Kelly Dayton\Application Data\Mozilla\Firefox\Profiles\ckm11rp6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 15:59:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(440)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-11 16:00:05
ComboFix-quarantined-files.txt 2008-12-11 23:00:04
ComboFix4.txt 2008-10-30 23:55:32
ComboFix5.txt 2008-12-11 22:53:32
ComboFix3.txt 2008-11-01 01:54:46
ComboFix2.txt 2008-12-11 22:42:00
Pre-Run: 12,176,523,264 bytes free
Post-Run: 12,167,380,992 bytes free
207 --- E O F --- 2008-12-11 18:43:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:39 PM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MICROS~1\OFFICE\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8516 bytes


----------



## Cookiegal (Aug 27, 2003)

Without the report I can't tell if ComboFix removed anything.

How are things now?


----------



## desertluver (Sep 11, 2008)

I sent the Combofix report and included the report from the 2nd time I ran it. Would the 2nd time running Combofix be all that different from the first time I ran it? In between running it the first time and second time I did nothing except reboot my computer and then immediatly ran Combofix again and HJT and then sent it. 

Nobodies complained about me sending them 100's of the same email but I have noticed that if I go to send an email to over 10 different people Avast gives me a message that a possible virus has been detected BUT if I reduce the amount of people I send the email to then I don't get that virus warning. I seem to get that virus warning only when sending to a lot of people, not when I get the email myself.
Other than the email problem the only other thing I notice is that my computer is still slower than normal.

Thanks for your help, I really appreciate you taking the time to look into the problems and then helping me to resolve them.

Thanks so much!


----------



## Cookiegal (Aug 27, 2003)

Sorry, I had looked over the log and then forgot to post about it. The log looks fine.

Are you able to reproduce the alert you're getting with Avast? If so, please capture a screenshot and post it here.


----------



## desertluver (Sep 11, 2008)

I wrote out a simple email, no attachements, just words and tried to send it to 18 people and Avast alerted me of an Suspicious email. 
I don't know how to capture a screenshot, so I just copied and pasted what the message said and did not send the email out because I did NOT want to send out 100's of the same email. When I do hit the continue button and send the email anyway, that's when I get emails back telling me they recieved the same email over 100 times.

There are too many recipients of message

Sender: 
Recipient: 
Subject: test


----------



## Cookiegal (Aug 27, 2003)

From what I understand there's a setting in Avast to increase the number of emails you can send. I've never used Avast so I don't know how it work. Can you look around and see if you can find such a setting? It may be something to do with configuration on the advanced page of mail provider settings.


----------



## desertluver (Sep 11, 2008)

I searched Avast and found a page where I could change the number of emails sent and I sent an email out to a lot of people and the virus warning did not pop up, so I'm thinking that part is fixed with the emails. Thanks!

You have been very helpful and I really appreciate the time and help you've put into helping me with my computer problems, thank you so much!

Thank you,
Desertluver


----------



## desertluver (Sep 11, 2008)

Hi Cookiegal,

After changing a setting in Avast I got an email today telling me that they received the email I sent 20 times. I just sent the same email to myself and it sent it to me 17 times and Avast warned me of a potential infection. I copied and pasted this email rather than forwarding it. It was pictures of a deer and rabbit, thankfully I had only sent it to one person beside myself.

I've also noticed that anytime I try to watch a youtube video, the video will not play straight through, it will stop then play and stop and play and continue to do this until it finally finishes.

Any suggestions on what's going on and causing these problems?

Thank you!


----------



## Cookiegal (Aug 27, 2003)

Download GMER from: http://gmer.net/index.php

Save it somewhere on your hard drive and unzip it to desktop.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## desertluver (Sep 11, 2008)

I'm not sure what you mean by "Save it somewhere on your hard drive and unzip it to desktop."
I saved it in my documents then it took me to some unzip thing (Winzip I think) and I extracted the files to my desktop and now there's an gmer.exe icon on my desktop. 
I wasn't sure if I saved it in the right place (my documents) or if I was doing it correctly by extracting to my desktop so I stopped there and did not run the scan incase I downloaded it wrong.

Thus far have I done everything correctly or was I suppose to save it to my "C" drive then unzip to desktop. When I go to open it it takes me to Winzip and askes if I want to extract, nothing about unzipping to desktop. 

Thanks!


----------



## Cookiegal (Aug 27, 2003)

It's fine. You can click on the gmer.exe on your desktop to run the program please.


----------



## desertluver (Sep 11, 2008)

Ok, thanks... Report from GMER.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-22 17:47:22
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF6684576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF6684432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF6684910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF668400A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF668450C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF6683F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF6683FAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwQueryValueKey [0xF668462C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF66845EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF668476C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF6765F20]
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
---- EOF - GMER 1.0.14 ----


----------



## Cookiegal (Aug 27, 2003)

Please remove the current version of ComboFix that you have (drag the file from your desktop to the recycle bin) and download the latest version, do another scan and post the log. You can get it at the following link:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


----------



## desertluver (Sep 11, 2008)

ComboFix 08-12-23.01 - Kelly Dayton 2008-12-23 18:53:36.5 - *FAT32*x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.212 [GMT -7:00]
Running from: c:\documents and settings\Kelly Dayton\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.
2008-12-18 23:06 . 2008-12-22 17:41 250 --a------ c:\windows\gmer.ini
2008-12-14 19:21 . 2008-12-14 19:21 d-------- c:\program files\Windows Media Connect 2
2008-12-14 19:19 . 2008-12-14 19:19 d-------- c:\windows\SYSTEM32\LogFiles
2008-12-14 19:19 . 2008-12-14 19:19 d-------- c:\windows\SYSTEM32\DRIVERS\UMDF
2008-12-11 22:48 . 2008-12-11 22:48 d-------- C:\Combo-Fix
2008-12-03 18:05 . 2008-12-03 18:05 d--hs---- C:\FOUND.002
2008-11-25 23:25 . 2008-11-25 23:25 d-------- C:\_OTScanIt
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\dllcache\mshtml.dll
2008-11-19 03:30 --------- d-----w c:\documents and settings\Kelly Dayton\Application Data\OpenOffice.org
2008-11-19 03:25 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-19 03:25 --------- d-----w c:\program files\JRE
2008-11-16 23:55 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-11-16 23:51 --------- d-----w c:\program files\Common Files\Java
2008-11-05 08:02 60,744 ----a-w c:\documents and settings\Kelly Dayton\g2mdlhlpx.exe
2008-10-31 01:25 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-31 00:52 --------- d-----w c:\program files\NOS
2008-10-31 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\dllcache\gdi32.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\dllcache\wups.dll
2008-10-16 21:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 21:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\SYSTEM32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\SYSTEM32\dllcache\strmdll.dll
2008-09-30 23:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2001-01-08 23:03 266 --sh--w c:\program files\desktop.ini
2001-01-08 23:03 11,079 ---h--w c:\program files\folder.htt
2008-06-19 01:49 32,768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061820080619\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-10-29_ 2.00.25.77 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:10:56 1,379,840 ------w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ------w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ------w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ------w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ------w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-09-04 17:12:28 1,106,944 ------w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:52 17,272 ------w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:52 231,288 ------w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:52 26,488 ------w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:52 755,576 ------w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 20:08:38 382,840 ------w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-24 11:41:12 455,936 ------w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:02 17,272 ------w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ------w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:02 26,488 ------w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ------w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ------w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-04-14 00:12:02 1,306,624 ------w c:\windows\$NtUninstallKB954459$\msxml6.dll
+ 2007-11-30 12:39:22 231,288 ------w c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 ------w c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
+ 2008-04-14 00:12:02 1,104,896 ------w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:52 231,288 ------w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 20:08:38 382,840 ------w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2008-04-13 19:17:02 456,576 ------w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 ------w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 ------w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2008-11-19 03:26:30 60,928 ----a-w c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.14.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2008-11-19 03:26:44 3,072 ----a-w c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\14.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2008-11-19 03:25:56 11,264 ----a-w c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.11.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2008-11-19 03:26:32 823,296 ----a-w c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.0.0__ce2cb7e279207b9e\cli_oootypes.dll
+ 2008-11-19 03:25:56 7,680 ----a-w c:\windows\assembly\GAC_MSIL\cli_ure\1.0.14.0__ce2cb7e279207b9e\cli_ure.dll
+ 2008-11-19 03:25:56 114,688 ----a-w c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.0.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2008-11-19 03:25:56 3,072 ----a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\11.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2008-11-19 03:26:44 3,072 ----a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\1.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2008-11-19 03:25:56 3,072 ----a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\14.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2008-11-19 03:25:58 3,072 ----a-w c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\1.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2008-10-24 11:21:10 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-12-19 06:06:00 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 04:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-08-26 07:24:28 124,928 ------w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 ------w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 ------w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 ------w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 ------w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:38:00 70,656 ------w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 ------w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 ------w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:52 161,792 ------w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 ------w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:30 384,512 ------w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:16 6,066,176 ------w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:30 44,544 ------w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:30 267,776 ------w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 ------w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ------w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 ------w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 ------w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 ------w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 ------w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 ------w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 ------w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 ------w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 ------w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 ------w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:40 213,216 ------w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 ------w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:32 1,159,680 ------w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:32 233,472 ------w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:32 826,368 ------w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 09:08:40 3,593,216 ------w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:40 213,216 ------w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:48 371,424 ------w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2004-09-23 01:46:10 192,512 ----a-w c:\windows\inf\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w c:\windows\inf\unregmp2.exe
+ 2008-11-12 02:48:44 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2007-12-12 22:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2008-11-19 03:27:36 7,424,000 ----a-r c:\windows\Installer\{F44DA61E-720D-4E79-871F-F6E628B33242}\soffice.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
- 2004-09-23 01:45:36 8,192 ----a-w c:\windows\SYSTEM32\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w c:\windows\SYSTEM32\asferror.dll
- 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\SYSTEM32\aswBoot.exe
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\SYSTEM32\aswBoot.exe
- 2004-09-23 01:45:36 480,768 ----a-w c:\windows\SYSTEM32\Audiodev.dll
+ 2006-10-19 04:47:08 276,992 ----a-w c:\windows\SYSTEM32\Audiodev.dll
- 2008-07-19 14:30:54 94,392 ----a-w c:\windows\SYSTEM32\AvastSS.scr
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\SYSTEM32\AvastSS.scr
- 2005-01-28 20:44:28 294,912 ----a-w c:\windows\SYSTEM32\blackbox.dll
+ 2006-10-19 04:47:10 542,720 ----a-w c:\windows\SYSTEM32\blackbox.dll
- 2005-01-28 20:44:28 164,864 ----a-w c:\windows\SYSTEM32\cewmdm.dll
+ 2006-10-19 04:47:10 229,376 ----a-w c:\windows\SYSTEM32\cewmdm.dll
- 2008-06-19 01:50:12 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Cookies\index.dat
+ 2008-10-31 00:52:32 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Cookies\index.dat
- 2008-06-19 01:50:12 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-31 00:52:32 32,768 ----a-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-19 01:50:12 49,152 ----a-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-31 00:52:32 49,152 ----a-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-26 07:24:28 124,928 ------w c:\windows\SYSTEM32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\SYSTEM32\dllcache\advpack.dll
- 2004-09-23 01:45:36 8,192 ----a-w c:\windows\SYSTEM32\dllcache\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w c:\windows\SYSTEM32\dllcache\asferror.dll
- 2005-01-28 20:44:28 294,912 ----a-w c:\windows\SYSTEM32\dllcache\blackbox.dll
+ 2006-10-19 04:47:10 542,720 ----a-w c:\windows\SYSTEM32\dllcache\blackbox.dll
- 2005-01-28 20:44:28 164,864 ----a-w c:\windows\SYSTEM32\dllcache\cewmdm.dll
+ 2006-10-19 04:47:10 229,376 ----a-w c:\windows\SYSTEM32\dllcache\cewmdm.dll
- 2005-01-28 20:44:28 502,272 ----a-w c:\windows\SYSTEM32\dllcache\drmv2clt.dll
+ 2006-10-19 04:47:10 991,744 ----a-w c:\windows\SYSTEM32\dllcache\drmv2clt.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\dllcache\extmgr.dll
+ 2008-10-16 20:38:36 133,120 ----a-w c:\windows\SYSTEM32\dllcache\extmgr.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\SYSTEM32\dllcache\icardie.dll
+ 2008-10-16 20:38:36 63,488 ------w c:\windows\SYSTEM32\dllcache\icardie.dll
- 2008-08-26 07:24:28 153,088 ------w c:\windows\SYSTEM32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:36 153,088 ------w c:\windows\SYSTEM32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\SYSTEM32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:36 230,400 ------w c:\windows\SYSTEM32\dllcache\ieaksie.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\SYSTEM32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:36 383,488 ------w c:\windows\SYSTEM32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:30 384,512 ------w c:\windows\SYSTEM32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:36 384,512 ------w c:\windows\SYSTEM32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:16 6,066,176 ------w c:\windows\SYSTEM32\dllcache\ieframe.dll
+ 2008-10-16 20:38:38 6,066,176 ------w c:\windows\SYSTEM32\dllcache\ieframe.dll
- 2008-08-26 07:24:30 44,544 ------w c:\windows\SYSTEM32\dllcache\iernonce.dll
+ 2008-10-16 20:38:38 44,544 ------w c:\windows\SYSTEM32\dllcache\iernonce.dll
- 2008-08-26 07:24:30 267,776 ------w c:\windows\SYSTEM32\dllcache\iertutil.dll
+ 2008-10-16 20:38:38 267,776 ------w c:\windows\SYSTEM32\dllcache\iertutil.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:38 27,648 ----a-w c:\windows\SYSTEM32\dllcache\jsproxy.dll
- 2005-01-28 20:44:28 6,656 ----a-w c:\windows\SYSTEM32\dllcache\laprxy.dll
+ 2006-10-19 04:47:14 11,264 ----a-w c:\windows\SYSTEM32\dllcache\LAPRXY.dll
- 2005-01-28 20:44:28 96,768 ----a-w c:\windows\SYSTEM32\dllcache\logagent.exe
+ 2008-06-18 08:09:22 100,864 ----a-w c:\windows\SYSTEM32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\SYSTEM32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:38 459,264 ------w c:\windows\SYSTEM32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\SYSTEM32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:38 52,224 ------w c:\windows\SYSTEM32\dllcache\msfeedsbs.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\dllcache\mshtmled.dll
- 2005-01-28 20:44:28 142,336 ----a-w c:\windows\SYSTEM32\dllcache\msnetobj.dll
+ 2006-10-19 04:47:16 179,712 ----a-w c:\windows\SYSTEM32\dllcache\msnetobj.dll
- 2005-01-28 20:44:28 25,088 ----a-w c:\windows\SYSTEM32\dllcache\mspmsnsv.dll
+ 2006-10-19 04:47:16 27,136 ----a-w c:\windows\SYSTEM32\dllcache\mspmsnsv.dll
- 2005-01-28 20:44:28 173,568 ----a-w c:\windows\SYSTEM32\dllcache\mspmsp.dll
+ 2006-10-19 04:47:16 175,616 ----a-w c:\windows\SYSTEM32\dllcache\mspmsp.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\dllcache\msrating.dll
- 2005-01-28 20:44:28 364,784 ----a-w c:\windows\SYSTEM32\dllcache\msscp.dll
+ 2006-12-04 23:21:50 414,720 ----a-w c:\windows\SYSTEM32\dllcache\msscp.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\dllcache\mstime.dll
+ 2008-10-16 20:38:40 671,232 ----a-w c:\windows\SYSTEM32\dllcache\mstime.dll
- 2005-01-28 20:44:28 315,904 ----a-w c:\windows\SYSTEM32\dllcache\mswmdm.dll
+ 2006-10-19 04:47:16 321,536 ----a-w c:\windows\SYSTEM32\dllcache\mswmdm.dll
+ 2008-09-04 17:15:04 1,106,944 ------w c:\windows\SYSTEM32\dllcache\msxml3.dll
- 2008-04-14 00:12:02 1,306,624 ------w c:\windows\SYSTEM32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\SYSTEM32\dllcache\msxml6.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\SYSTEM32\dllcache\occache.dll
+ 2008-10-16 20:38:40 102,912 ------w c:\windows\SYSTEM32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:40 44,544 ----a-w c:\windows\SYSTEM32\dllcache\pngfilt.dll
- 2005-01-28 20:44:28 221,184 ----a-w c:\windows\SYSTEM32\dllcache\qasf.dll
+ 2006-10-19 04:47:18 211,456 ----a-w c:\windows\SYSTEM32\dllcache\qasf.dll
- 2004-09-23 01:46:04 819,200 ----a-w c:\windows\SYSTEM32\dllcache\setup_wm.exe
+ 2006-11-02 01:31:38 1,669,120 ----a-w c:\windows\SYSTEM32\dllcache\setup_wm.exe
- 2004-09-23 01:46:10 192,512 ----a-w c:\windows\SYSTEM32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w c:\windows\SYSTEM32\dllcache\unregmp2.exe
- 2008-08-26 07:24:30 105,984 ------w c:\windows\SYSTEM32\dllcache\url.dll
+ 2008-10-16 20:38:40 105,984 ------w c:\windows\SYSTEM32\dllcache\url.dll
- 2008-08-26 07:24:32 1,159,680 ----a-w c:\windows\SYSTEM32\dllcache\urlmon.dll
+ 2008-10-16 20:38:40 1,160,192 ----a-w c:\windows\SYSTEM32\dllcache\urlmon.dll
- 2008-08-26 07:24:32 233,472 ------w c:\windows\SYSTEM32\dllcache\webcheck.dll
+ 2008-10-16 20:38:40 233,472 ------w c:\windows\SYSTEM32\dllcache\webcheck.dll
- 2008-08-26 07:24:32 826,368 ----a-w c:\windows\SYSTEM32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\dllcache\wininet.dll
- 2005-01-28 20:44:28 396,528 ----a-w c:\windows\SYSTEM32\dllcache\wmadmod.dll
+ 2006-10-19 04:47:18 757,248 ----a-w c:\windows\SYSTEM32\dllcache\WMADMOD.dll
- 2005-01-28 20:44:28 716,288 ----a-w c:\windows\SYSTEM32\dllcache\wmadmoe.dll
+ 2006-10-19 04:47:18 1,117,696 ----a-w c:\windows\SYSTEM32\dllcache\WMADMOE.dll
- 2007-10-28 00:40:06 227,328 ----a-w c:\windows\SYSTEM32\dllcache\wmasf.dll
+ 2007-10-28 00:40:30 222,720 ----a-w c:\windows\SYSTEM32\dllcache\wmasf.dll
- 2005-01-28 20:44:28 28,160 ----a-w c:\windows\SYSTEM32\dllcache\wmdmlog.dll
+ 2006-10-19 04:47:18 33,792 ----a-w c:\windows\SYSTEM32\dllcache\wmdmlog.dll
- 2005-01-28 20:44:28 33,792 ----a-w c:\windows\SYSTEM32\dllcache\wmdmps.dll
+ 2006-10-19 04:47:18 37,376 ----a-w c:\windows\SYSTEM32\dllcache\wmdmps.dll
- 2005-01-28 20:44:28 150,016 ----a-w c:\windows\SYSTEM32\dllcache\wmidx.dll
+ 2006-10-19 04:47:20 157,184 ----a-w c:\windows\SYSTEM32\dllcache\wmidx.dll
- 2005-01-28 20:44:28 1,027,072 ----a-w c:\windows\SYSTEM32\dllcache\wmnetmgr.dll
+ 2008-06-18 12:03:08 938,496 ----a-w c:\windows\SYSTEM32\dllcache\WMNetmgr.dll
- 2004-09-23 01:46:22 73,728 ----a-w c:\windows\SYSTEM32\dllcache\wmplayer.exe
+ 2006-10-19 04:46:20 64,000 ----a-w c:\windows\SYSTEM32\dllcache\wmplayer.exe
- 2004-09-23 01:46:22 3,371,008 ----a-w c:\windows\SYSTEM32\dllcache\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w c:\windows\SYSTEM32\dllcache\wmploc.dll
- 2004-09-23 01:46:24 86,016 ----a-w c:\windows\SYSTEM32\dllcache\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w c:\windows\SYSTEM32\dllcache\wmpshell.dll
- 2005-01-28 20:44:28 774,904 ----a-w c:\windows\SYSTEM32\dllcache\wmsdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\dllcache\wmsdmod.dll
- 2005-01-28 20:44:28 1,119,744 ----a-w c:\windows\SYSTEM32\dllcache\wmsdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\dllcache\wmsdmoe2.dll
- 2005-01-28 20:44:28 413,944 ----a-w c:\windows\SYSTEM32\dllcache\wmspdmod.dll
+ 2006-10-19 04:47:22 603,648 ----a-w c:\windows\SYSTEM32\dllcache\WMSPDMOD.dll
- 2005-01-28 20:44:28 940,544 ----a-w c:\windows\SYSTEM32\dllcache\wmspdmoe.dll
+ 2006-10-19 04:47:22 1,329,152 ----a-w c:\windows\SYSTEM32\dllcache\WMSPDMOE.dll
- 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\SYSTEM32\dllcache\wmvcore.dll
+ 2008-06-18 12:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\dllcache\WMVCore.dll
- 2005-01-28 20:44:28 895,736 ----a-w c:\windows\SYSTEM32\dllcache\wmvdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\dllcache\wmvdmod.dll
- 2005-01-28 20:44:28 1,003,008 ----a-w c:\windows\SYSTEM32\dllcache\wmvdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\dllcache\wmvdmoe2.dll
- 2008-07-19 14:32:16 26,944 ----a-w c:\windows\SYSTEM32\DRIVERS\aavmker4.sys
+ 2008-11-26 17:15:36 26,944 ----a-w c:\windows\SYSTEM32\DRIVERS\aavmker4.sys
- 2008-07-19 14:37:42 20,560 ----a-w c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys
+ 2008-11-26 17:17:26 20,560 ----a-w c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys
- 2008-01-17 17:34:02 93,264 ----a-w c:\windows\SYSTEM32\DRIVERS\aswmon.sys
+ 2008-11-26 17:18:26 93,296 ----a-w c:\windows\SYSTEM32\DRIVERS\aswmon.sys
- 2008-07-19 14:37:22 94,416 ----a-w c:\windows\SYSTEM32\DRIVERS\aswmon2.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\SYSTEM32\DRIVERS\aswmon2.sys
- 2008-07-19 14:33:42 23,152 ----a-w c:\windows\SYSTEM32\DRIVERS\aswRdr.sys
+ 2008-11-26 17:16:30 23,152 ----a-w c:\windows\SYSTEM32\DRIVERS\aswRdr.sys
- 2008-07-19 14:35:18 78,416 ----a-w c:\windows\SYSTEM32\DRIVERS\aswSP.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\SYSTEM32\DRIVERS\aswSP.sys
- 2008-07-19 14:32:36 42,912 ----a-w c:\windows\SYSTEM32\DRIVERS\aswTdi.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\SYSTEM32\DRIVERS\aswTdi.sys
+ 2008-12-19 06:06:00 85,969 ----a-w c:\windows\SYSTEM32\DRIVERS\gmer.sys
- 2008-09-10 07:03:56 17,200 ----a-w c:\windows\SYSTEM32\DRIVERS\mbam.sys
+ 2008-10-22 23:10:22 15,504 ----a-w c:\windows\SYSTEM32\DRIVERS\mbam.sys
- 2008-09-10 07:04:02 38,528 ----a-w c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
+ 2008-10-22 23:10:38 38,496 ----a-w c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
+ 2006-10-19 04:47:22 671,232 ------w c:\windows\SYSTEM32\DRIVERS\UMDF\wpdmtpdr.dll
- 2005-01-28 20:44:28 18,944 ----a-w c:\windows\SYSTEM32\DRIVERS\wpdusb.sys
+ 2006-10-19 03:00:00 38,528 ----a-w c:\windows\SYSTEM32\DRIVERS\wpdusb.sys
+ 2006-09-29 01:55:50 77,568 ------w c:\windows\SYSTEM32\DRIVERS\WudfPf.sys
+ 2006-09-29 02:00:34 82,944 ------w c:\windows\SYSTEM32\DRIVERS\WudfRd.sys
+ 2006-10-19 03:00:46 249,856 ------w c:\windows\SYSTEM32\drmupgds.exe
- 2005-01-28 20:44:28 502,272 ----a-w c:\windows\SYSTEM32\drmv2clt.dll
+ 2006-10-19 04:47:10 991,744 ----a-w c:\windows\SYSTEM32\drmv2clt.dll


----------



## desertluver (Sep 11, 2008)

Second half of HJT Log

- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-16 20:38:36 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
- 2008-10-16 23:23:46 319,544 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2008-11-19 20:46:10 336,256 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
+ 2008-10-16 20:38:36 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
- 2008-08-25 08:38:00 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
+ 2008-10-16 13:11:10 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
+ 2008-10-16 20:38:36 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
+ 2008-10-16 20:38:36 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
- 2008-08-23 05:54:52 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
+ 2008-10-15 07:04:54 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
+ 2008-10-16 20:38:36 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
- 2008-08-26 07:24:30 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
+ 2008-10-16 20:38:36 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
- 2008-10-03 17:41:16 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-16 20:38:38 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
+ 2008-10-16 20:38:38 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
- 2008-08-26 07:24:30 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
+ 2008-10-16 20:38:38 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
+ 2008-10-16 13:11:10 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-10-16 20:38:38 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
- 2005-01-28 20:44:28 6,656 ----a-w c:\windows\SYSTEM32\laprxy.dll
+ 2006-10-19 04:47:14 11,264 ----a-w c:\windows\SYSTEM32\LAPRXY.dll
- 2005-01-28 20:44:28 96,768 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-06-18 08:09:22 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2006-10-19 04:47:14 212,992 ------w c:\windows\SYSTEM32\MFPLAT.dll
+ 2006-10-19 04:47:14 259,072 ------w c:\windows\SYSTEM32\MP43DECD.dll
- 2004-08-04 07:56:42 310,272 ----a-w c:\windows\SYSTEM32\mp43dmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w c:\windows\SYSTEM32\MP43DMOD.dll
+ 2006-10-19 04:47:14 317,440 ------w c:\windows\SYSTEM32\MP4SDECD.dll
- 2004-08-04 07:56:42 384,512 ----a-w c:\windows\SYSTEM32\mp4sdmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w c:\windows\SYSTEM32\MP4SDMOD.dll
+ 2006-10-19 04:47:14 259,072 ------w c:\windows\SYSTEM32\MPG4DECD.dll
- 2008-04-14 00:11:58 240,640 ----a-w c:\windows\SYSTEM32\mpg4dmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w c:\windows\SYSTEM32\MPG4DMOD.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2006-10-02 22:28:42 312,128 ------w c:\windows\SYSTEM32\msdelta.dll
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
+ 2008-10-16 20:38:38 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
+ 2008-10-16 20:38:38 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2005-01-28 20:44:28 142,336 ----a-w c:\windows\SYSTEM32\msnetobj.dll
+ 2006-10-19 04:47:16 179,712 ----a-w c:\windows\SYSTEM32\msnetobj.dll
- 2005-01-28 20:44:28 25,088 ----a-w c:\windows\SYSTEM32\MsPMSNSv.dll
+ 2006-10-19 04:47:16 27,136 ----a-w c:\windows\SYSTEM32\MsPMSNSv.dll
- 2005-01-28 20:44:28 173,568 ----a-w c:\windows\SYSTEM32\MsPMSP.dll
+ 2006-10-19 04:47:16 175,616 ----a-w c:\windows\SYSTEM32\MsPMSP.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2005-01-28 20:44:28 364,784 ----a-w c:\windows\SYSTEM32\MSSCP.dll
+ 2006-12-04 23:21:50 414,720 ----a-w c:\windows\SYSTEM32\msscp.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2008-10-16 20:38:40 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
- 2005-01-28 20:44:28 315,904 ----a-w c:\windows\SYSTEM32\MSWMDM.dll
+ 2006-10-19 04:47:16 321,536 ----a-w c:\windows\SYSTEM32\mswmdm.dll
- 2008-04-14 00:12:02 1,104,896 ----a-w c:\windows\SYSTEM32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
- 2008-04-14 00:12:02 1,306,624 ------w c:\windows\SYSTEM32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
+ 2008-10-16 20:38:40 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-10-16 20:38:40 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2006-10-19 04:47:18 284,160 ------w c:\windows\SYSTEM32\PortableDeviceApi.dll
+ 2006-10-19 04:47:18 101,888 ------w c:\windows\SYSTEM32\PortableDeviceClassExtension.dll
+ 2006-10-19 04:47:18 166,912 ------w c:\windows\SYSTEM32\PortableDeviceTypes.dll
+ 2006-10-19 04:47:18 132,096 ------w c:\windows\SYSTEM32\PortableDeviceWiaCompat.dll
+ 2006-10-19 04:47:18 199,168 ------w c:\windows\SYSTEM32\PortableDeviceWMDRM.dll
- 2005-01-28 20:44:28 221,184 ----a-w c:\windows\SYSTEM32\qasf.dll
+ 2006-10-19 04:47:18 211,456 ----a-w c:\windows\SYSTEM32\qasf.dll
- 2008-08-26 13:24:26 408,992 ----a-w c:\windows\SYSTEM32\Restore\rstrlog.dat
+ 2008-12-12 05:49:02 215,468 ----a-w c:\windows\SYSTEM32\Restore\rstrlog.dat
+ 2008-10-16 21:08:58 34,328 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 21:09:44 43,544 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:18:52 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2007-07-27 16:41:40 16,760 ------w c:\windows\SYSTEM32\spmsg.dll
- 2008-07-11 12:42:28 62,976 ------w c:\windows\SYSTEM32\tzchange.exe
+ 2008-10-23 10:07:00 62,976 ------w c:\windows\SYSTEM32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\SYSTEM32\url.dll
+ 2008-10-16 20:38:40 105,984 ----a-w c:\windows\SYSTEM32\url.dll
- 2008-08-26 07:24:32 1,159,680 ----a-w c:\windows\SYSTEM32\urlmon.dll
+ 2008-10-16 20:38:40 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2005-01-28 20:44:28 47,104 ----a-w c:\windows\SYSTEM32\uwdf.exe
+ 2006-10-19 04:58:00 8,704 ----a-w c:\windows\SYSTEM32\uwdf.exe
- 2005-01-28 20:44:28 15,872 ----a-w c:\windows\SYSTEM32\wdfapi.dll
+ 2006-10-19 04:47:18 4,096 ----a-w c:\windows\SYSTEM32\wdfapi.dll
- 2005-01-28 20:44:28 38,912 ----a-w c:\windows\SYSTEM32\wdfmgr.exe
+ 2006-10-19 04:58:00 8,704 ----a-w c:\windows\SYSTEM32\wdfmgr.exe
- 2008-08-26 07:24:32 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
+ 2008-10-16 20:38:40 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
- 2008-08-26 07:24:32 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
- 2005-01-28 20:44:28 396,528 ----a-w c:\windows\SYSTEM32\wmadmod.dll
+ 2006-10-19 04:47:18 757,248 ----a-w c:\windows\SYSTEM32\WMADMOD.dll
- 2005-01-28 20:44:28 716,288 ----a-w c:\windows\SYSTEM32\wmadmoe.dll
+ 2006-10-19 04:47:18 1,117,696 ----a-w c:\windows\SYSTEM32\WMADMOE.dll
- 2007-10-28 00:40:06 227,328 ----a-w c:\windows\SYSTEM32\wmasf.dll
+ 2007-10-28 00:40:30 222,720 ----a-w c:\windows\SYSTEM32\wmasf.dll
- 2005-01-28 20:44:28 28,160 ----a-w c:\windows\SYSTEM32\WMDMLOG.dll
+ 2006-10-19 04:47:18 33,792 ----a-w c:\windows\SYSTEM32\wmdmlog.dll
- 2005-01-28 20:44:28 33,792 ----a-w c:\windows\SYSTEM32\WMDMPS.dll
+ 2006-10-19 04:47:18 37,376 ----a-w c:\windows\SYSTEM32\wmdmps.dll
- 2005-01-28 20:44:28 335,872 ----a-w c:\windows\SYSTEM32\WMDRMdev.dll
+ 2006-10-19 04:47:18 429,056 ----a-w c:\windows\SYSTEM32\WMDRMdev.dll
- 2005-01-28 20:44:28 290,816 ----a-w c:\windows\SYSTEM32\WMDRMNet.dll
+ 2006-10-19 04:47:20 348,672 ----a-w c:\windows\SYSTEM32\WMDRMNet.dll
+ 2006-10-19 04:47:20 535,040 ------w c:\windows\SYSTEM32\wmdrmsdk.dll
- 2004-09-23 01:46:14 189,440 ----a-w c:\windows\SYSTEM32\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w c:\windows\SYSTEM32\wmerror.dll
- 2005-01-28 20:44:28 150,016 ----a-w c:\windows\SYSTEM32\wmidx.dll
+ 2006-10-19 04:47:20 157,184 ----a-w c:\windows\SYSTEM32\wmidx.dll
- 2005-01-28 20:44:28 1,027,072 ----a-w c:\windows\SYSTEM32\wmnetmgr.dll
+ 2008-06-18 12:03:08 938,496 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll
- 2007-04-30 15:20:24 5,537,792 ----a-w c:\windows\SYSTEM32\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w c:\windows\SYSTEM32\wmp.dll
- 2004-09-23 01:46:20 135,168 ----a-w c:\windows\SYSTEM32\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w c:\windows\SYSTEM32\wmpasf.dll
- 2004-09-23 01:46:20 282,624 ----a-w c:\windows\SYSTEM32\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w c:\windows\SYSTEM32\wmpdxm.dll
+ 2008-06-25 01:12:58 295,936 ------w c:\windows\SYSTEM32\wmpeffects.dll
- 2004-09-23 01:46:20 1,589,760 ----a-w c:\windows\SYSTEM32\wmpencen.dll
+ 2006-10-19 04:47:20 1,661,440 ----a-w c:\windows\SYSTEM32\wmpencen.dll
- 2004-09-23 01:46:22 3,371,008 ----a-w c:\windows\SYSTEM32\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w c:\windows\SYSTEM32\wmploc.dll
+ 2006-10-19 04:47:20 613,376 ------w c:\windows\SYSTEM32\wmpmde.dll
+ 2006-10-19 04:47:20 130,048 ------w c:\windows\SYSTEM32\wmpps.dll
- 2004-09-23 01:46:24 86,016 ----a-w c:\windows\SYSTEM32\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w c:\windows\SYSTEM32\wmpshell.dll
- 2004-09-23 01:46:24 175,104 ----a-w c:\windows\SYSTEM32\wmpsrcwp.dll
+ 2006-10-19 04:47:20 204,288 ----a-w c:\windows\SYSTEM32\wmpsrcwp.dll
- 2005-01-28 20:44:28 774,904 ----a-w c:\windows\SYSTEM32\wmsdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\wmsdmod.dll
- 2005-01-28 20:44:28 1,119,744 ----a-w c:\windows\SYSTEM32\wmsdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\wmsdmoe2.dll
- 2005-01-28 20:44:28 413,944 ----a-w c:\windows\SYSTEM32\wmspdmod.dll
+ 2006-10-19 04:47:22 603,648 ----a-w c:\windows\SYSTEM32\WMSPDMOD.dll
- 2005-01-28 20:44:28 940,544 ----a-w c:\windows\SYSTEM32\wmspdmoe.dll
+ 2006-10-19 04:47:22 1,329,152 ----a-w c:\windows\SYSTEM32\WMSPDMOE.dll
- 2005-01-28 20:44:28 1,218,808 ----a-w c:\windows\SYSTEM32\wmvadvd.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\WMVADVD.dll
- 2005-01-28 20:44:28 1,512,448 ----a-w c:\windows\SYSTEM32\WMVADVE.DLL
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\WMVADVE.DLL
- 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\SYSTEM32\wmvcore.dll
+ 2008-06-18 12:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\WMVCore.dll
+ 2006-10-19 04:47:22 1,543,680 ------w c:\windows\SYSTEM32\WMVDECOD.dll
- 2005-01-28 20:44:28 895,736 ----a-w c:\windows\SYSTEM32\wmvdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\wmvdmod.dll
- 2005-01-28 20:44:28 1,003,008 ----a-w c:\windows\SYSTEM32\wmvdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w c:\windows\SYSTEM32\wmvdmoe2.dll
+ 2006-10-19 04:47:22 1,574,912 ------w c:\windows\SYSTEM32\WMVENCOD.dll
+ 2006-10-19 04:47:22 1,382,912 ------w c:\windows\SYSTEM32\WMVSDECD.dll
+ 2006-10-19 04:47:22 767,488 ------w c:\windows\SYSTEM32\WMVSENCD.dll
+ 2006-10-19 04:47:22 656,896 ------w c:\windows\SYSTEM32\WMVXENCD.dll
- 2005-01-28 20:44:28 38,912 ----a-w c:\windows\SYSTEM32\wpd_ci.dll
+ 2006-10-19 04:47:22 629,760 ----a-w c:\windows\SYSTEM32\wpd_ci.dll
- 2005-01-28 20:44:28 61,952 ----a-w c:\windows\SYSTEM32\wpdconns.dll
+ 2006-10-19 04:47:22 35,840 ----a-w c:\windows\SYSTEM32\wpdconns.dll
- 2005-01-28 20:44:28 114,176 ----a-w c:\windows\SYSTEM32\wpdmtp.dll
+ 2006-10-19 04:47:22 154,624 ----a-w c:\windows\SYSTEM32\wpdmtp.dll
- 2005-01-28 20:44:28 66,560 ----a-w c:\windows\SYSTEM32\wpdmtpus.dll
+ 2006-10-19 04:47:22 63,488 ----a-w c:\windows\SYSTEM32\wpdmtpus.dll
+ 2006-10-19 04:47:22 2,603,008 ------w c:\windows\SYSTEM32\WpdShext.dll
+ 2006-10-19 03:00:14 17,408 ------w c:\windows\SYSTEM32\wpdshextautoplay.exe
+ 2006-10-19 04:47:22 38,400 ------w c:\windows\SYSTEM32\wpdshextres.dll
+ 2006-10-19 04:47:22 133,632 ------w c:\windows\SYSTEM32\WPDShServiceObj.dll
- 2005-01-28 20:44:28 331,264 ----a-w c:\windows\SYSTEM32\wpdsp.dll
+ 2006-10-19 04:47:22 356,352 ----a-w c:\windows\SYSTEM32\wpdsp.dll
+ 2006-09-29 03:13:26 95,344 ------w c:\windows\SYSTEM32\WUDFCoinstaller.dll
+ 2006-09-29 01:56:38 146,432 ------w c:\windows\SYSTEM32\WudfHost.exe
+ 2006-09-29 01:56:16 165,376 ------w c:\windows\SYSTEM32\WudfPlatform.dll
+ 2006-09-29 01:56:14 55,808 ------w c:\windows\SYSTEM32\WudfSvc.dll
+ 2006-09-29 01:56:38 316,416 ------w c:\windows\SYSTEM32\WUDFx.dll
+ 2008-12-23 16:56:44 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_468.dat
+ 2008-12-23 16:57:02 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_644.dat
+ 2008-09-30 23:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 23:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-10-01 01:29:22 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-10-01 01:29:22 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2008-10-01 01:29:22 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-13 17:12 8461312 --a------ c:\windows\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 43008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-19 1805552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"InstantAccess"="c:\program files\TextBridge Pro Millennium\Bin\InstantAccess.exe" [2000-01-19 49152]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 c:\windows\sm56hlpr.exe]
"SM56ACL"="sm56hlpr.exe" [2003-06-19 c:\windows\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]
"LoadPowerProfile"="powrprof.dll" [2008-04-13 c:\windows\SYSTEM32\powrprof.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
c:\documents and settings\Kelly Dayton\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-03-30 118784]
CheckIt 86.lnk - c:\program files\CheckIt\86\CheckIt86.exe [2004-03-25 339968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"BookmarkCentral"=c:\progra~1\BMCENT~1\BMLauncher.exe
"OneTouch Monitor"=c:\progra~1\VISION~1\ONETOU~2.EXE
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ontrack\\SystemSuite\\SSuite.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-31 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-19 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-19 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-31 20560]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2006-01-12 36224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder
2008-12-12 c:\windows\Tasks\Maintenance-Defragment programs.job
- c:\windows\DEFRAG.EXE []
2008-12-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-10-01 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\CLEANMGR.EXE []
2008-12-23 c:\windows\Tasks\Avastantivirus.job
- c:\program files\Alwil Software\Avast4\ashQuick.exe [2008-11-26 10:14]
2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tucson.cox.net/cci/home
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add To CheckIt &86 Trust List - c:\progra~1\CHECKIT\86\AddToTrustList.js
TCP: {857ED467-1990-40A9-9D9B-152657296476} = 192.168.1.1,4.2.2.2
O16 -: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
c:\windows\Downloaded Program Files\Internet Explorer Classes for Java.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
c:\windows\Downloaded Program Files\Quicksilver.inf
c:\windows\Downloaded Program Files\sabminf.dll - O16 -: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF}
hxxp://www.superadblocker.com/activex/sabminf.cab
c:\windows\Downloaded Program Files\sabminf.inf
FF - ProfilePath - c:\documents and settings\Kelly Dayton\Application Data\Mozilla\Firefox\Profiles\ckm11rp6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 18:57:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(440)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-23 18:58:14
ComboFix-quarantined-files.txt 2008-12-24 01:58:14
ComboFix5.txt 2008-12-24 01:52:40
ComboFix4.txt 2008-11-01 01:54:46
ComboFix3.txt 2008-12-11 22:42:00
ComboFix2.txt 2008-12-11 23:00:08
Pre-Run: 11,753,242,624 bytes free
Post-Run: 11,852,480,512 bytes free
648 --- E O F --- 2008-12-22 23:25:17


----------



## desertluver (Sep 11, 2008)

I'm not sure if I disabled the Avast self defense module. I went to that section and I can't remember if I checked or unchecked that box, I know that before funning Combofix and turning off avast self defense module that I did not get any pop up message however when after running combofix and when I went to turn the self defense module back on I then got a pop up stating wouldn't be protected.
I'm thinking that the last time I ran combofix I forgot to turn the avast self defense mode on and this time before running combofix I may have turned it on rather than off. 
Does the HJT report show the Avast self defense module on? 
I apologize if I screwed this report up, if I need to run combofix again I'll make sure the self defense module is off, sorry, my goof.


----------



## Cookiegal (Aug 27, 2003)

The log looks fine. I'm not seeing any cause for the problem.

What e-mail client are you using?

How many user accounts are there on this computer?


----------



## desertluver (Sep 11, 2008)

I'm using Microsoft Outlook and I'm the only user.
I also have a Gmail account too.

I was thinking of going back to Outlook Express but I'm not sure how to get all the information from Microsoft Outlook over to Outlook Express.

Happy Holidays!


----------



## Cookiegal (Aug 27, 2003)

Which e-mail client is sending the multiple e-mails?

Also, you didn't answer my question about how many user accounts there are on this computer.


----------



## desertluver (Sep 11, 2008)

Microsoft Outlook is sending multiple emails and I'm the only user on the computer. 

Thank You!


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download *Dr.Web CureIt* and save it to your desktop.

Doubleclick the *drweb-cureit.exe* file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the *green arrow* at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:








If so, click it and then click the next icon right below and select *Move incurable* as you'll see in next image:








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click *file* and choose *save report list*
Save the report to your desktop. The report will be called *DrWeb.csv*
Close Dr.Web Cureit.
*Reboot* your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.


----------



## desertluver (Sep 11, 2008)

I ran the Dr.Web scan and I did an express and complete scan and both scans noted no viruses found. However, I'm still having problems with email when sending emails with any type of attachment. I'm still getting replies that when I send certain emails they are receiving 10 or more of the same email. One email had a power point attachment and I got a reply stating they received it 10 times. I did not forward the email, I copied and pasted then sent it. If I use my gmail account I do not have this problem. Thanks again for your patience and help I hope you can help me to get this resolved because I work from home and I send out emails with attachments and I'd hate to be sending clients 10 to 100 of the same email. Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:27 AM, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\MICROS~1\OFFICE\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CHECKIT\86\AddToTrustList.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CHECKIT\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857ED467-1990-40A9-9D9B-152657296476}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8640 bytes


----------



## Cookiegal (Aug 27, 2003)

Do you have a lot of emails in your Sent folder that have not been archived elsewhere?


----------



## desertluver (Sep 11, 2008)

I had 511 but then I just now deleted a lot of them and now I have 8 but since deleting a majority of them I have not tried to send any emails with attachments.

Thank you!


----------



## Cookiegal (Aug 27, 2003)

Can you give it a try? I found some information saying that Outlook can't handle too many e-mails in the Sent folder and this was what was happening.


----------



## desertluver (Sep 11, 2008)

I forwarded an email to myself that had an attachment with it and I received 42 of the same email even after I deleted all but 10 of my sent emails. Below is part of what I received in the 42 emails.

rVt/Ru89U3EIRSCYjZGzCajkxDjRjj8eH3WAYF7FL/w59yLrnAZAbM/ca+xymHvKdS7CEAhAwWko
tIQ4QN33yzjmJ9xEBqEne9iAxIYaAxDdkbM5/+dBhr3nQEwDBIYVhpafxfA1Sjz9Scx9COhZWl2p
AoGF90lb8XJishW22HaWkRcpSkRcpSkRb9LGeIGdmfNL0bzJ5W+3+n5KskvM72oB2kl9rKEOx9tJ
v2dql06pe4Aa9rIALhvAz+c6rQAnK5fQhB/VcUBAGFAMCkEx8NZ/LS51R86YovF5RnacB2TcTAzp
Fe6QA2ANUFhoaUP75dNpfIpS1AOwEOAopn8Recv7GtayaWLwXaSwE6Q0+v7/4+p3o1oTU5Kqwb2X
DBnLAltoYmC9DRcQW2VVEv/fV/KSjnVBSPzJRe0Cu/367ggJu4FAzgPNbuAw5aOrrsoBoCGDZHV0
Khvp+ost9OBAwgEwA/DABOAYgIQExDJgYBRKWL43oDcklbJGAXGfiUXzQNLbNluAzvXgCcAuIRDI
YBeAVkJwHWJqSw1gxODX+y8lAYktO4j5qyH3zQVlvUnuSaQyYBQB0Bck8kp6FsP6WYK9TyhvKAzi
GAWdDoTthxmNwj2UAvAKklIxM6MBN0HbHZ/ke6SQK8tKEbF9tmG/8rCHOC7azvjgDwNApi0bE0hl
Ix5KLSUkKyifcgNALkp3IYYAalF5H3yCaG8m/D8/T9uxl6UMIQFSb1FoK+zZWSgn9tU/gVAQdHLS
UXiupCQHCeP+22eUr86AaAGKCEglFAB878bwKk0Z/3MZHUOeQBCAJwKpcMQBhCOEcYkl9x+SzMHe
7IYksv5PAwTMGuxZK7OxyNruAD8oAfkvFFAGOJhMGpGlFIwGUi+n4K3ns5kX5oBOkDHJhQAdEJJa
Wz5LMLTw0iIsQFAwBNialBQGCkoZaPvnZb84+98gBNg0vcsCoCEml/4YGlhv/wrZGGYV2vMgDIAS
dAaGhqAE4CcmBmR8WS2DX/27kv5lGZqWHTfDr88AagD8B2A6KQSiEgN43Z83bD25aHDr1gCEAxAQ
gVAqNDSykIK7nEpOWKd+wv3k8AaFYMRgGIagtAwBQNbdItPzM4dd8BOAgDCgM5iEMLOQV3bh/5Ok
ZLW4YAMQE3TwMFFl4opaS8nDSzfluow68kAOABmgCrI+5SG2R3f/i9hrXqwHQA4DQh+UGBn+CPls
5nc28OAPgKIQUMQgslZWJfyxG3/YTSir1HyEFo/UuSsQVscqVSxVladrWnrAwmlBrjOcK+I+0Pn7
jeI3idpSOb6ERcpSkRcrg0pPd2+xw8jVNJ/PGvekmkMCnyOMTvnGpcbWLLz/WUA15WRht0AHaUFI
euzQupesAnJqUd0Jb7n6YAcFllgMf0p6eM5//tIDHjeqygDRwCtLgSIsbyqPigCkhkohFY50hbXb
AQAJ8BQB2UW7LYOsQAWhvwaTEOB79ruI77y/XPapPBFF4vb43PdQAe/lFoSZ9MANAK9JMJXPRYAG
JCwFQz40/U1He+kGMWg96jFZOdzrWBTJQnoHKuYgmJ+iT1Hft8qUMJn6VayIAojdcCw0DBeRiYnv
iTtmxPk2m/qQ4CmP9WMKRjpywwDLcalACr7ETy8tBWbplOo033yrSAh5aCYBlBfDMUBctisX0ox6
GGJ5wElx4Bqh2RpiwGKW+6HQ3cKm+k1SkovFlYsp2Tnz75Qj7fXpgB+BQsAt6UE0m98ooJ6A9/sT
rhAIAEJCJoYAUFvik8r43fGWgAfk1IDpCA0MAw/CAL9Vr6b9WUANi0jAG5b7jlcLOrQHYAyLDCsk
MIaNsfi26hSexFsoYAnSBXrSV0/8Bx/mEDP91z4mEMm4N2SBjKxa0uM/M2SQLTiqdfc5adsjN/ua
XhnEYDthDA1t+lRbLSGjBmEb/5gqhDANEAIMksvlJR/vnT/g/f8N3Hsn23AO0p+yMlDmFFp6A7pO
D4lfJLAYFoKRywKhiVbI2Lb9wJbdmCrekCiRqeXhqHbI2dha8ND6oMTmQkvl9nzdO/Ua+YjwAQ4h
/lAVATEMNIQFmSzDe4kaYOXLReohcohZIzBjpV3Y7LNx9w0AVATgO98AwJiSYGBuwIX0klPuhCmD
OndvzW+vWEIBNiaGnk0NLd/0pT+Jf3kSEAOgMI3Lw0bsy0q5i88LnfcKAGwAYgO8wDsBCQgxnZPx
LLPUEIQhGwfcYoAeAF/KJRDDSYQ8GICC9sj/ubsUAAABuiEAD/ZlgAzPAAAB4Afu////////////
YCUPcT7nAAkIYGPyYWkoN3xye3we+C9YgKE0smIGAV5WSh8NfbqNTuR6e4qd7AHSAMJSG/IJQYgD
6SU6QEbKF3ngKAIQwhoV0OOQnJxOveAGYCAsAzyQ0mlE0BCsBQghfdCFn/vYQB8AYAMSsyAKoxaG
Atyan8rDm2+gb9FSeMwCcaWSsh/j17bBfexve4KAD3AMQ1BNJvR8lHdnSX3MG/obiLx5CGkrDf+o
/sRNtQhI+r68/2+b59WpIRReb4UeoKOJ1VCiu7xgHyvsb3oA37OMD4ZOQrZUo1HCPVK7BpfY7VZQ
1gnk6G2zYKkjQ9ylI0z


----------



## Cookiegal (Aug 27, 2003)

Just as a test, configure Avast not to scan emails and then send yourself another test one and see if this still occurs.


----------



## desertluver (Sep 11, 2008)

I did set Avast as instructed and sent a test email with an attachment and I still received 42 of the same email with all that junk in the email.

Desert Luver


----------



## desertluver (Sep 11, 2008)

I'm going to try AVG anti-virus and see if it's better than Avast and hopefully it will fix my email problems too. What's your thought on AVG vs Avast?


----------



## Cookiegal (Aug 27, 2003)

I do think Avast is the superior program but it would be worthwhile to do this as a test. You can always go back to Avast. Let me know how it goes please.


----------



## desertluver (Sep 11, 2008)

Do I have to uninstall Avast before installing AVG or can I just stop Avast?

Thank you!


----------



## Cookiegal (Aug 27, 2003)

No, you would have to uninstall it to be sure there are no problems with the new install.


----------



## desertluver (Sep 11, 2008)

Cookiegal,

I decided to not switch to AVG being that I'm having more problems with my email than just the attachment stuff so I thought it probably had nothing to do with Avast.

Besides the attachment problem of every time I send an email with an attachment the receiver of the email ends up getting an email all whacked out and over 100 of the same email. Now, my email is taking forever to receive emails and most times I get an error message stating, "timed out" and I can't receive but a few of my emails if any. Right now I have 47 emails trying to be delivered and so far 4 of the emails have came through and it's been close to 10 minutes now. This is the first time I've had this much trouble with my email. I also noticed that when I tried to retrieve my email of my webmail account it took a long time but I did get the emails. For some reason they seem stuck in outlook and just hanging.
Do you have any suggestions on what's causing this and how to fix this problem?

Thank you for the help and for taking the time to help!


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## desertluver (Sep 11, 2008)

In both sections application and systems I only found 1 error message that was pretty recent, which is listed below.
There is a lot of Information icons in systems and both information and Warning icons in applications in the last 48 hours.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 1/29/2009
Time: 12:47:17 PM
User: N/A
Computer: V2G1U2
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Thank you!


----------



## Cookiegal (Aug 27, 2003)

Let's try one more time to remove ComboFix and get a new version, scan and post the log please.

You can drag the Combo-Fix.exe to the recycle bin.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.


----------



## desertluver (Sep 11, 2008)

For some reason when it downloaded there was no option to change the name, it just automatically saved it to my desktop w/o asking. This time it took about 20 minutes to download, it's never taken that long before and I've also noticed that it's taking a long time for web-pages to load, it seems like my whole computer system has slowed down tremendously. Maybe the Combofix report will give you an idea of what's going on. Sorry for not being able to change the name to combo-fix.exe

ComboFix 09-02-04.01 - Kelly Dayton 2009-02-04 21:38:32.6 - *FAT32*x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.214 [GMT -7:00]
Running from: c:\documents and settings\Kelly Dayton\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1296 [VPS 090204-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-01-22 00:40 . 2009-01-22 00:40 d-------- c:\program files\filehippo.com
2009-01-22 00:40 . 2009-01-22 00:40 d-------- c:\program files\Defraggler
2009-01-22 00:39 . 2009-01-22 00:39 d-------- c:\program files\CCleaner
2009-01-08 14:58 . 2009-01-08 14:58 d-------- c:\documents and settings\Kelly Dayton\Application Data\Reallusion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 02:21 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\dllcache\srv.sys
2008-11-05 08:02 60,744 ----a-w c:\documents and settings\Kelly Dayton\g2mdlhlpx.exe
2001-01-08 23:03 266 --sh--w c:\program files\desktop.ini
2001-01-08 23:03 11,079 ---h--w c:\program files\folder.htt
2008-06-19 01:49 32,768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061820080619\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-12-23_18.57.55.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 15:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 15:00:00 29,696 ----a-w c:\windows\Nircmd.exe
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\NPSWF32_FlashUtil.exe
+ 2008-12-26 23:59:38 84,661 ----a-w c:\windows\SYSTEM32\MACROMED\FLASH\uninstall_plugin.exe
- 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\SYSTEM32\MRT.exe
- 2007-07-27 16:41:40 16,760 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2009-02-04 16:33:56 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_464.dat
+ 2009-02-04 16:34:14 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-13 17:12 8461312 --a------ c:\windows\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 43008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-19 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"InstantAccess"="c:\program files\TextBridge Pro Millennium\Bin\InstantAccess.exe" [2000-01-19 49152]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SMSERIAL"="sm56hlpr.exe" [2003-06-19 c:\windows\sm56hlpr.exe]
"SM56ACL"="sm56hlpr.exe" [2003-06-19 c:\windows\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]
"LoadPowerProfile"="powrprof.dll" [2008-04-13 c:\windows\SYSTEM32\powrprof.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]

c:\documents and settings\Kelly Dayton\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-03-30 118784]
CheckIt 86.lnk - c:\program files\CheckIt\86\CheckIt86.exe [2004-03-25 339968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-08 13:49 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"dvpapi"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"BookmarkCentral"=c:\progra~1\BMCENT~1\BMLauncher.exe
"OneTouch Monitor"=c:\progra~1\VISION~1\ONETOU~2.EXE
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ontrack\\SystemSuite\\SSuite.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2008-10-31 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-08-19 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-08-19 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2008-10-31 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 dfmirage;dfmirage;c:\windows\SYSTEM32\DRIVERS\dfmirage.sys [2005-11-25 31896]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lne100v5.sys [2006-01-12 36224]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
.
Contents of the 'Scheduled Tasks' folder

2009-01-30 c:\windows\Tasks\Maintenance-Defragment programs.job
- c:\windows\DEFRAG.EXE []

2009-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-02-03 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\CLEANMGR.EXE []

2009-02-04 c:\windows\Tasks\Avastantivirus.job
- c:\program files\Alwil Software\Avast4\ashQuick.exe [2008-11-26 10:14]

2009-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tucson.cox.net/cci/home
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add To CheckIt &86 Trust List - c:\progra~1\CHECKIT\86\AddToTrustList.js
Trusted Zone: tucsonfcuhb.com\www
Trusted Zone: turbotax.com
TCP: {857ED467-1990-40A9-9D9B-152657296476} = 192.168.1.1,4.2.2.2
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwoa.ops.placeware.com/etc/place/OSCAR/SCOpws-a1/5.1.8.511/lib/quicksilver.cab
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
FF - ProfilePath - c:\documents and settings\Kelly Dayton\Application Data\Mozilla\Firefox\Profiles\ckm11rp6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://tucson.cox.net/cci/home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 21:42:27
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(440)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-02-04 21:43:24
ComboFix-quarantined-files.txt 2009-02-05 04:43:24
ComboFix5.txt 2009-02-05 04:37:46
ComboFix4.txt 2008-12-11 22:42:00
ComboFix3.txt 2008-12-11 23:00:08
ComboFix2.txt 2008-12-24 01:58:18

Pre-Run: 11,683,430,400 bytes free
Post-Run: 11,668,766,720 bytes free

184 --- E O F --- 2009-02-02 17:52:02


----------



## Cookiegal (Aug 27, 2003)

I'm afraid I'm not seeing anything there either.

It might be best to back up your important data at this point, wipe the drive and reformat to start fresh again.


----------

