Tech Support Forum - View Single Post

DupontEngineer · 10-05-2006, 09:30 AM

Colin S. Delaney - 06-10-05 11:28:39.46 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Colin S. Delaney\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 ))))))))))))))))))))))))))))))))))

2006-10-11 15:31 789,009 C:\WINDOWSDuPont Field Engineering Saver.exe
2006-10-11 15:31 481,032 C:\WINDOWSDuPont Field Engineering Saver.scr
2006-10-11 15:31 40,960 C:\WINDOWSDuPont Field Engineering Saver.dll
2006-10-04 11:07 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-10-01 12:10 218,112 --a------ C:\HijackThis.exe
2006-09-14 00:53 532,480 --a------ C:\WINDOWS\SYSTEM32\screensaver.scr

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-11 15:31 789009 --a------ C:\WINDOWS\DuPont Field Engineering Saver.exe
2006-10-11 15:31 481032 --a------ C:\WINDOWS\DuPont Field Engineering Saver.scr
2006-10-11 15:31 40960 --a------ C:\WINDOWS\DuPont Field Engineering Saver.dll
2006-10-05 00:59 1593 --a------ C:\Documents and Settings\Colin S. Delaney\Application Data\.googlewebacchosts
2006-10-04 18:57 -------- d-------- C:\Program Files\SolidWorks SDK 2003-2004 (2)
2006-10-04 18:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-04 16:32 -------- d-------- C:\Program Files\iTunes
2006-10-04 16:31 -------- d-------- C:\Program Files\iPod
2006-10-04 16:29 -------- d-------- C:\Program Files\QuickTime
2006-10-04 16:24 -------- d-------- C:\Program Files\Apple Software Update
2006-10-04 13:17 -------- d-------- C:\Program Files\Windows Defender
2006-10-04 13:12 -------- d-------- C:\Program Files\Messenger
2006-10-04 13:12 -------- d-------- C:\Program Files\Lexmark 3300 Series
2006-10-04 13:10 -------- d-------- C:\Program Files\Internet Explorer
2006-10-04 13:08 -------- d-------- C:\Program Files\AIM
2006-10-04 11:07 -------- d-------- C:\Program Files\Grisoft
2006-10-04 11:01 -------- d-------- C:\Program Files\Lx_cats
2006-10-02 12:16 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-20 19:48 -------- d-------- C:\Program Files\AOD
2006-08-21 08:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2006-08-18 16:41 -------- d-------- C:\Program Files\IrfanView
2006-08-17 18:40 -------- d-------- C:\Program Files\ABC
2006-08-17 18:39 -------- d-------- C:\Documents and Settings\Colin S. Delaney\Application Data\.ABC
2006-08-16 16:40 -------- d-------- C:\Program Files\Google
2006-07-27 09:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\SYSTEM32\GEARAspi.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"POINTER"="point32.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Thu 10/05/2006 11:29:13.28
ComboFix.txt

10-05-2006, 09:30 AM	#8 (permalink)
DupontEngineer Registered User Join Date: Oct 2006 Location: Charlottesville, VA Posts: 6 OS: XP	ComboFix Colin S. Delaney - 06-10-05 11:28:39.46 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Colin S. Delaney\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 )))))))))))))))))))))))))))))))))) 2006-10-11 15:31 789,009 C:\WINDOWSDuPont Field Engineering Saver.exe 2006-10-11 15:31 481,032 C:\WINDOWSDuPont Field Engineering Saver.scr 2006-10-11 15:31 40,960 C:\WINDOWSDuPont Field Engineering Saver.dll 2006-10-04 11:07 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2006-10-01 12:10 218,112 --a------ C:\HijackThis.exe 2006-09-14 00:53 532,480 --a------ C:\WINDOWS\SYSTEM32\screensaver.scr (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-11 15:31 789009 --a------ C:\WINDOWS\DuPont Field Engineering Saver.exe 2006-10-11 15:31 481032 --a------ C:\WINDOWS\DuPont Field Engineering Saver.scr 2006-10-11 15:31 40960 --a------ C:\WINDOWS\DuPont Field Engineering Saver.dll 2006-10-05 00:59 1593 --a------ C:\Documents and Settings\Colin S. Delaney\Application Data\.googlewebacchosts 2006-10-04 18:57 -------- d-------- C:\Program Files\SolidWorks SDK 2003-2004 (2) 2006-10-04 18:55 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-04 16:32 -------- d-------- C:\Program Files\iTunes 2006-10-04 16:31 -------- d-------- C:\Program Files\iPod 2006-10-04 16:29 -------- d-------- C:\Program Files\QuickTime 2006-10-04 16:24 -------- d-------- C:\Program Files\Apple Software Update 2006-10-04 13:17 -------- d-------- C:\Program Files\Windows Defender 2006-10-04 13:12 -------- d-------- C:\Program Files\Messenger 2006-10-04 13:12 -------- d-------- C:\Program Files\Lexmark 3300 Series 2006-10-04 13:10 -------- d-------- C:\Program Files\Internet Explorer 2006-10-04 13:08 -------- d-------- C:\Program Files\AIM 2006-10-04 11:07 -------- d-------- C:\Program Files\Grisoft 2006-10-04 11:01 -------- d-------- C:\Program Files\Lx_cats 2006-10-02 12:16 -------- d-------- C:\Program Files\SpywareBlaster 2006-09-20 19:48 -------- d-------- C:\Program Files\AOD 2006-08-21 08:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll 2006-08-21 05:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe 2006-08-21 05:14 128896 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys 2006-08-18 16:41 -------- d-------- C:\Program Files\IrfanView 2006-08-17 18:40 -------- d-------- C:\Program Files\ABC 2006-08-17 18:39 -------- d-------- C:\Documents and Settings\Colin S. Delaney\Application Data\.ABC 2006-08-16 16:40 -------- d-------- C:\Program Files\Google 2006-07-27 09:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll 2006-07-21 04:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll 2006-07-14 14:51 108144 --a------ C:\WINDOWS\SYSTEM32\GEARAspi.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe" "POINTER"="point32.exe" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe" "D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe" "ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe" "LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] @="" "NoDriveTypeAutoRun"=hex:5f,00,00,00 "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\ISP signup reminder 1.job C:\WINDOWS\tasks\MP Scheduled Scan.job Completion time: Thu 10/05/2006 11:29:13.28 ComboFix.txt