|
Registered User
Join Date: Nov 2006
Posts: 21
OS: xp
|
Hi Iain - Here's combofix:
Jerms - 06-12-08 21:31:40.07 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Jerms\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-11-08 to 2006-12-08 ))))))))))))))))))))))))))))))))))
2006-12-07 22:45 <DIR> d-------- C:\avenger
2006-12-01 11:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-30 13:08 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-11-30 08:36 <DIR> d-------- C:\Program Files\CleanUp!
2006-11-29 13:34 <DIR> d-------- C:\HJT
2006-11-28 10:08 <DIR> d-------- C:\WINDOWS\system32\Dell
2006-11-28 08:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-28 08:58 <DIR> d-------- C:\c73728d49eb7a2e29c25ae21666b6baf
2006-11-28 08:57 <DIR> d-------- C:\f2edc3c88727fce3440535
2006-11-27 12:12 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-27 12:07 <DIR> d-------- C:\d24b460bec1d525a09c9b9
2006-11-27 12:03 <DIR> d-------- C:\WINDOWS\system32\ODCTOOLS
2006-11-26 16:10 <DIR> d-------- C:\Program Files\PCPitstop
2006-11-26 10:45 <DIR> d-------- C:\Program Files\RegCure
2006-11-23 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-23 12:23 <DIR> d-------- C:\Program Files\Grisoft
2006-11-23 10:41 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-11-22 18:10 <DIR> d--hs---- C:\WINDOWS\CSC
2006-11-16 16:58 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-11-13 15:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-08 21:28 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-08 03:19 -------- d-------- C:\Program Files\World of Warcraft
2006-12-07 04:09 -------- d-------- C:\Program Files\Warcraft III
2006-12-04 21:23 -------- d-------- C:\Program Files\Java
2006-12-04 02:23 -------- d-------- C:\Program Files\QuickTime
2006-12-01 20:16 -------- d-------- C:\Program Files\Norton SystemWorks
2006-12-01 11:41 -------- d-------- C:\Program Files\MSN Messenger
2006-12-01 11:41 -------- d-------- C:\Program Files\Messenger
2006-12-01 11:40 -------- d-------- C:\Program Files\iTunes
2006-12-01 11:40 -------- d-------- C:\Program Files\Internet Explorer
2006-12-01 11:39 -------- d-------- C:\Program Files\Google
2006-12-01 11:39 -------- d-------- C:\Program Files\Digital Line Detect
2006-12-01 11:39 -------- d-------- C:\Program Files\Dell Support
2006-12-01 11:38 -------- d-------- C:\Program Files\BAE
2006-12-01 11:38 -------- d-------- C:\Program Files\America Online 9.0
2006-11-29 13:16 -------- d-------- C:\Program Files\Common Files
2006-11-28 12:50 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Hamachi
2006-11-28 10:08 -------- d-------- C:\Program Files\Dell
2006-11-23 10:41 -------- d-------- C:\Program Files\RegistryPatrol3.0
2006-11-17 18:55 -------- d-------- C:\Program Files\Google Toolbar
2006-11-16 17:39 7438520 --a------ C:\WINDOWS\system32\mi2.exe
2006-11-16 17:37 379071 --a------ C:\WINDOWS\system32\mi1.exe
2006-11-16 16:56 2724 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-16 16:54 -------- d-------- C:\Program Files\BearShare Applications
2006-11-09 19:22 -------- d-------- C:\Program Files\Apple Software Update
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 19:20 56 -r-hs---- C:\WINDOWS\system32\80020AEA00.sys
2006-11-03 19:19 61678 --a------ C:\Documents and Settings\Jerms\Application Data\PFP120JPR.{PB
2006-11-03 19:19 12358 --a------ C:\Documents and Settings\Jerms\Application Data\PFP120JCM.{PB
2006-11-03 19:19 -------- d-------- C:\Documents and Settings\Jerms\Application Data\COREL
2006-11-02 20:42 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-10-27 12:08 -------- d-------- C:\Program Files\XPMedic
2006-10-27 08:06 -------- d-------- C:\Program Files\AdwareAlert
2006-10-25 14:27 -------- d-------- C:\Program Files\Lavasoft
2006-10-25 14:27 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Lavasoft
2006-10-24 11:57 1886 --a------ C:\WINDOWS\system32\coke.exe
2006-10-24 09:36 -------- d-------- C:\Program Files\Symantec Technical Support
2006-10-23 18:50 -------- d-------- C:\Program Files\MSN
2006-10-23 18:50 -------- d-------- C:\Documents and Settings\Jerms\Application Data\MSNInstaller
2006-10-23 08:30 -------- d-------- C:\Program Files\SpywareBot
2006-10-22 20:33 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-22 13:58 -------- d-------- C:\Documents and Settings\Jerms\Application Data\TrojanHunter
2006-10-22 13:57 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Help
2006-10-22 13:48 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Simply Super Software
2006-10-22 13:41 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-10-22 13:00 -------- d---s---- C:\Documents and Settings\Jerms\Application Data\Microsoft
2006-10-14 22:22 -------- d-------- C:\Documents and Settings\Jerms\Application Data\Corel Photo Album
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 04:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-11 13:07 252752 --a------ C:\WINDOWS\system32\odc.dll
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2240}"="DCOM Server 2240"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-12-08 21:32:48.71
C:\ComboFix.txt ... 06-12-08 21:32
C:\ComboFix2.txt ... 06-12-01 11:58
C:\ComboFix3.txt ... 06-11-29 21:02
Thanks
Cathy
|