Thread: Project 1 and other pop up problems
View Single Post
Old 09-25-2006, 07:21 AM   #11 (permalink)
rotisman38
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


New combofix log

scott caines - 06-09-25 14:13:44.25 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\scott caines\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-09 17:04 34,308 --a------ C:\WINDOWS\system32\Chip.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-25 12:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-25 00:36 -------- d-------- C:\Program Files\Auction Sentry
2006-09-24 22:20 -------- d-------- C:\Program Files\MSN Messenger
2006-09-24 22:14 -------- d-------- C:\Program Files\Trillian
2006-09-24 21:53 -------- d-------- C:\Documents and Settings\scott caines\Application Data\wsInspector
2006-09-24 21:51 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Adobe
2006-09-24 19:06 -------- d-------- C:\Documents and Settings\scott caines\Application Data\teamspeak2
2006-09-24 17:33 -------- d-------- C:\Program Files\AOL 9.0b
2006-09-24 17:15 -------- d-------- C:\Program Files\WinZip
2006-09-24 17:15 -------- d-------- C:\Program Files\WinRAR
2006-09-24 17:15 -------- d-------- C:\Program Files\Windows Defender
2006-09-24 17:10 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 16:57 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 16:56 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-24 16:50 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 15:42 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 14:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 14:34 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-24 14:33 -------- d-------- C:\Program Files\KazaaBegone
2006-09-22 21:14 125 ---hs---- C:\Documents and Settings\scott caines\Application Data\.zreglib
2006-09-22 09:16 -------- d-------- C:\Program Files\Common Files
2006-09-22 00:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 23:01 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 15:01 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-09-20 23:02 -------- d-------- C:\Program Files\Google
2006-09-20 22:38 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Apple Computer
2006-09-20 20:31 -------- d-------- C:\Program Files\Zoom Player
2006-09-20 18:04 -------- d-------- C:\Program Files\Mame32
2006-09-19 18:34 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-18 22:53 -------- d-------- C:\Program Files\vso
2006-09-17 21:16 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 20:21 -------- d-------- C:\Program Files\ClicPic
2006-09-16 16:09 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-15 21:43 -------- d-------- C:\Program Files\Yahoo!
2006-09-14 22:39 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Google
2006-09-14 17:34 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-14 00:17 81920 --a------ C:\Documents and Settings\scott caines\Application Data\ezpinst.exe
2006-09-14 00:17 7176 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.cat
2006-09-14 00:17 47360 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.sys
2006-09-14 00:17 33 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.log
2006-09-14 00:17 1144 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.inf
2006-09-14 00:17 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Vso
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-12 17:54 -------- d-------- C:\Documents and Settings\scott caines\Application Data\AOL
2006-09-05 22:25 -------- d-------- C:\Program Files\Belarc
2006-08-31 21:55 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 16:43 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Avant Browser
2006-08-30 23:39 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-08-29 21:37 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-27 11:50 -------- d-------- C:\Program Files\Real
2006-08-27 11:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-27 11:49 -------- d-------- C:\Program Files\Common Files\Real
2006-08-27 11:27 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Real
2006-08-26 22:30 -------- d-------- C:\Program Files\WinAVI VideoConverter
2006-08-26 22:12 -------- d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2006-08-26 14:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd4365.sys
2006-08-26 14:46 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:17 -------- d-------- C:\Program Files\Washer
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 19:46 -------- d---s---- C:\Documents and Settings\scott caines\Application Data\Microsoft
2006-08-20 01:58 -------- d-------- C:\Program Files\Opera
2006-08-09 03:57 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-09 03:57 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 21:41 -------- d---s---- C:\Program Files\Xfire
2006-07-28 21:41 -------- d-------- C:\Program Files\QuickTime
2006-07-28 21:41 -------- d-------- C:\Program Files\NetMeeting
2006-07-28 21:41 -------- d-------- C:\Program Files\KnightOnline
2006-07-28 21:41 -------- d-------- C:\Program Files\AOL
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:33 613888 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-07-25 18:24 -------- d-------- C:\Program Files\Phenix-Q8
2006-07-25 18:24 -------- d-------- C:\Program Files\Common Files\PCCamera
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 12:08 286720 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"EPSON Stylus C40 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /A \"C:\\WINDOWS\\System32\\E_S102.tmp\""
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /M \"Stylus D68\" /EF \"HKCU\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"DSLAGENTEXE"="dslagent.exe USB"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"nwiz"="nwiz.exe /install"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KAZAA"="C:\\Program Files\\KaZaA\\kazaa.exe /SYSTRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB002\" /M \"Stylus C42\""
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\9.bin\\mwsoemon.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMOAgent.exe\" /run"
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\PCClient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\pccguide.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Admanager Controller"="C:\\Program Files\\Admanager Controller\\AdManCtl.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Voyager100Test\\fts.exe\""
"DriverMagicLogon"="\"C:\\Program Files\\SymplisIT\\DriverMagic\\dmschedule.exe\" /boot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144493714\\ee\\AOLSoftware.exe"
"PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"
"Videora"="C:\\Program Files\\Videora\\Videora.exe -t"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /O6 \"USB002\" /M \"Stylus D68\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"EPSON Stylus D68 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P32 \"EPSON Stylus D68 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus D68\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"CTFMon"="C:\\WINDOWS\\system32\\CTF\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"SubscribedURL"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9e,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,b5,05,0f

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 25/09/2006 14:16:33.68
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
rotisman38 is offline