Tech Support Forum - View Single Post - My laptop cannot get Microsoft Updates and I couldn't install most of the free scans

miracleshaman · 12-14-2006, 06:44 PM

Ried,

The instructions to disable Windows Defender were posted on the thread for the desktop and it is actually installed on this computer, the laptop. And I read, copied, and followed the instructions for this one first. While ComboFix was running I went in the other room to work on the instructions for the desktop. And that's where I saw the instructions re: Windows Defender. So what that means is I ran ComboFix here with Windows Defender still active. I'll post the results, but if that poses a problem, let me know and I can disable it and run the scan again.

I will say that in "asking" the computer to save the instructions in notepad on to the desktop, it did not, and I had to do a search to find where it was saved. I did find it, somewhere in Documents and Settings next to a folder called .housecall6.6, which I have NEVER seen before. I did not click on it, but it sure did look suspicious!

Anyway, here's the ComboFix log:

"Suraya Rose Sarae" - 06-12-14 19:59:46.32 Service Pack 2
ComboFix 06-12-14W-BetaE2 - Running from: "C:\Documents and Settings\Suraya Rose Sarae\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-14 to 2006-12-14 ))))))))))))))))))))))))))))))))))

2006-12-14 19:55 <DIR> d-------- C:\Program Files\HijackThis
2006-12-10 09:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-08 23:18 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-08 23:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-08 22:43 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-12-08 22:42 <DIR> d-------- C:\DOCUME~1\SURAYA~1\.housecall6.6
2006-12-02 13:18 <DIR> d-------- C:\Program Files\Windows Defender
2006-12-02 12:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-12-02 11:58 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-12-02 11:58 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-12-02 11:58 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-12-02 11:58 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-12-02 11:58 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-12-02 11:58 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-12-02 11:58 <DIR> d-------- C:\Program Files\Webroot
2006-12-02 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2006-12-02 11:54 <DIR> d-------- C:\DOCUME~1\SURAYA~1\APPLIC~1\Webroot
2006-12-02 01:24 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-12-01 23:20 <DIR> d-------- C:\Program Files\Registry Mechanic
2006-12-01 17:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-12-01 17:01 <DIR> d-------- C:\Program Files\OfficeUpdate11
2006-11-29 22:51 <DIR> d-------- C:\DOCUME~1\SURAYA~1\APPLIC~1\OfficeUpdate12
2006-11-26 15:59 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-11-23 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bowsshimclockatom
2006-11-23 13:12 <DIR> d-------- C:\DOCUME~1\SURAYA~1\APPLIC~1\Else plus

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-02 11:54 -------- d-------- C:\DOCUME~1\SURAYA~1\Application Data\webroot
2006-12-01 17:07 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-29 22:51 -------- d-------- C:\DOCUME~1\SURAYA~1\Application Data\officeupdate12
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 14:10 82432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-10-30 00:15 -------- d-------- C:\Program Files\divx
2006-10-28 01:38 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-28 01:38 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-28 01:38 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-28 01:38 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-17 13:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 13:07 252752 --a------ C:\WINDOWS\system32\odc.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\divx.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryMechanic"=""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Arovax AntiSpyware"="\"C:\\Program Files\\Arovax AntiSpyware\\arovaxantispyware.exe\" /s"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\88FC46E0B517F9C4.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-14 20:01:47.45

___________

I couldn't find that file named winimprvise.

___________

Here's the report from the first AVG-Anti Spy scan I ran when I installed it. It seems to be the only one that was saved. But hopefully, it will tell you something.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:00:37 PM 12/10/2006

+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored.
C:\Recycled\Dc1\DVD\Cinema Craft Encoder 2.70.02 [SP].rar/Cinema Craft Encoder 2.70.02 [SP]\Crack\cctspt.exe -> Adware.WinAD : Ignored.
C:\Recycled\Dc1\DVD\Cinema Craft Encoder 2.70.02 [SP].rar/Cinema Craft Encoder 2.70.02 [SP]\Crack\cctspt.rar/cctspt.exe -> Adware.WinAD : Ignored.
C:\Recycled\Dc1\DVD\DVD.Rebuilder.PRO.v1.00.RC5.1.rar/DVD.Rebuilder.PRO.v1.00.RC5.1\License.rar/License\keygen.exe -> Adware.WinAD : Ignored.
C:\Recycled\Dc1\DVD\DVD.Rebuilder.PRO.v1.00.RC5.1\License.rar/License\keygen.exe -> Adware.WinAD : Ignored.
C:\Recycled\Dc1\DVD\eclcce.rar/eclcce\EclCCE.exe -> Adware.WinAD : Ignored.
:mozilla.7:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@site.www.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.25:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@e-2dj6wgmyuhdjadp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@e-2dj6wjl4enczcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.117:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.118:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.119:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.140:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.141:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Looking forward to finding out what you uncover!

Now back into the other room. ComboFix must be done on the desktop by now.

12-14-2006, 06:44 PM	#8 (permalink)
miracleshaman Registered User Join Date: Dec 2006 Posts: 128 OS: XPSP2	ComboFix log Ried, The instructions to disable Windows Defender were posted on the thread for the desktop and it is actually installed on this computer, the laptop. And I read, copied, and followed the instructions for this one first. While ComboFix was running I went in the other room to work on the instructions for the desktop. And that's where I saw the instructions re: Windows Defender. So what that means is I ran ComboFix here with Windows Defender still active. I'll post the results, but if that poses a problem, let me know and I can disable it and run the scan again. I will say that in "asking" the computer to save the instructions in notepad on to the desktop, it did not, and I had to do a search to find where it was saved. I did find it, somewhere in Documents and Settings next to a folder called .housecall6.6, which I have NEVER seen before. I did not click on it, but it sure did look suspicious! Anyway, here's the ComboFix log: "Suraya Rose Sarae" - 06-12-14 19:59:46.32 Service Pack 2 ComboFix 06-12-14W-BetaE2 - Running from: "C:\Documents and Settings\Suraya Rose Sarae\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-11-14 to 2006-12-14 )))))))))))))))))))))))))))))))))) 2006-12-14 19:55 <DIR> d-------- C:\Program Files\HijackThis 2006-12-10 09:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-12-08 23:18 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2006-12-08 23:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2006-12-08 22:43 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2006-12-08 22:42 <DIR> d-------- C:\DOCUME~1\SURAYA~1\.housecall6.6 2006-12-02 13:18 <DIR> d-------- C:\Program Files\Windows Defender 2006-12-02 12:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2006-12-02 11:58 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2006-12-02 11:58 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2006-12-02 11:58 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2006-12-02 11:58 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2006-12-02 11:58 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2006-12-02 11:58 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2006-12-02 11:58 <DIR> d-------- C:\Program Files\Webroot 2006-12-02 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2006-12-02 11:54 <DIR> d-------- C:\DOCUME~1\SURAYA~1\APPLIC~1\Webroot 2006-12-02 01:24 178,408 --a------ C:\WINDOWS\system32\muweb.dll 2006-12-01 23:20 <DIR> d-------- C:\Program Files\Registry Mechanic 2006-12-01 17:55 <DIR> d-------- C:\Program Files\MSXML 4.0 2006-12-01 17:01 <DIR> d-------- C:\Program Files\OfficeUpdate11 2006-11-29 22:51 <DIR> d-------- C:\DOCUME~1\SURAYA~1\APPLIC~1\OfficeUpdate12 2006-11-26 15:59 <DIR> d-------- C:\Program Files\SpywareBlaster 2006-11-23 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bowsshimclockatom 2006-11-23 13:12 <DIR> d-------- C:\DOCUME~1\SURAYA~1\APPLIC~1\Else plus (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-02 11:54 -------- d-------- C:\DOCUME~1\SURAYA~1\Application Data\webroot 2006-12-01 17:07 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-11-29 22:51 -------- d-------- C:\DOCUME~1\SURAYA~1\Application Data\officeupdate12 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-11-04 14:10 82432 --a------ C:\WINDOWS\system32\msxml4r.dll 2006-10-30 00:15 -------- d-------- C:\Program Files\divx 2006-10-28 01:38 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-10-28 01:38 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-10-28 01:38 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2006-10-28 01:38 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-10-17 13:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-10-17 13:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-10-17 13:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-10-17 13:33 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe 2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-11 13:07 252752 --a------ C:\WINDOWS\system32\odc.dll 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\divx.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] @="" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RegistryMechanic"="" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "Arovax AntiSpyware"="\"C:\\Program Files\\Arovax AntiSpyware\\arovaxantispyware.exe\" /s" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\88FC46E0B517F9C4.job C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job C:\WINDOWS\tasks\MP Scheduled Scan.job Completion time: 06-12-14 20:01:47.45 ___________ I couldn't find that file named winimprvise. ___________ Here's the report from the first AVG-Anti Spy scan I ran when I installed it. It seems to be the only one that was saved. But hopefully, it will tell you something. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 1:00:37 PM 12/10/2006 + Scan result: C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored. C:\Recycled\Dc1\DVD\Cinema Craft Encoder 2.70.02 [SP].rar/Cinema Craft Encoder 2.70.02 [SP]\Crack\cctspt.exe -> Adware.WinAD : Ignored. C:\Recycled\Dc1\DVD\Cinema Craft Encoder 2.70.02 [SP].rar/Cinema Craft Encoder 2.70.02 [SP]\Crack\cctspt.rar/cctspt.exe -> Adware.WinAD : Ignored. C:\Recycled\Dc1\DVD\DVD.Rebuilder.PRO.v1.00.RC5.1.rar/DVD.Rebuilder.PRO.v1.00.RC5.1\License.rar/License\keygen.exe -> Adware.WinAD : Ignored. C:\Recycled\Dc1\DVD\DVD.Rebuilder.PRO.v1.00.RC5.1\License.rar/License\keygen.exe -> Adware.WinAD : Ignored. C:\Recycled\Dc1\DVD\eclcce.rar/eclcce\EclCCE.exe -> Adware.WinAD : Ignored. :mozilla.7:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@site.www.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.142:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.25:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@e-2dj6wgmyuhdjadp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@e-2dj6wjl4enczcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. :mozilla.117:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.118:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.119:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Suraya Rose Sarae\Cookies\suraya_rose___sarae@trafic[1].txt -> TrackingCookie.Trafic : Cleaned. :mozilla.140:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.141:C:\Documents and Settings\Suraya Rose Sarae\Application Data\Mozilla\Firefox\Profiles\dby159qn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end Looking forward to finding out what you uncover! Now back into the other room. ComboFix must be done on the desktop by now.