Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Project 1 and other pop up problems
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 09-22-2006, 02:01 AM   #1 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


Project 1 and other pop up problems
My neice who uses msn has infected my pc with project 1 and other pop up spyware. I have run avg, spypot, adaware se etc in safe mode with system restore off and have removed several items but still have problems.
My hijackthis log file is here
Any help would be appreciated as normally I am able to remove such items by googling and following forums help on similar problems

Logfile of HijackThis v1.99.1
Scan saved at 08:48:16, on 22/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\scott caines\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk/ws/eBayISAPI.dll?MyeBay
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Never Offline ® Internet Explorer
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\scott caines\Xinstall.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e10.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebca...ebMonProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www1.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www1.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.uclan.ac.uk/other/iss/remote/wficat.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152209767811
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.244.192.60/activex/AxisCamControl.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/ao...US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda...pcuploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4AFE5EB-465B-4005-904D-7F362321460C}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\kt2ql7f51.dll
O20 - Winlogon Notify: WB - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - SlySoft, Inc. - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 09-22-2006, 08:07 AM   #2 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

In the meantime, make sure you subscribe to this thread so that you will receive an instant email when I have replied with a fix to your problem. You may do this by clicking the Thread Tools option at the top of your post and then clicking Subscribe to this thread. Then, make sure Instant Notification by email is selected and click Add Subscription

Please be patient with me during this time.
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-22-2006, 08:16 AM   #3 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


Thanks. I have since used ewido & combo fix and other software and my pc is now running alot better since this. I will post another hijack log and combo log

Logfile of HijackThis v1.99.1
Scan saved at 15:14:38, on 22/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\CTF\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\scott caines\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Never Offline ® Internet Explorer
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebca...ebMonProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www1.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www1.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.uclan.ac.uk/other/iss/remote/wficat.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152209767811
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.244.192.60/activex/AxisCamControl.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/ao...US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda...pcuploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4AFE5EB-465B-4005-904D-7F362321460C}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - SlySoft, Inc. - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------


scott caines - 06-09-22 13:54:42.96 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\scott caines\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))


2006-09-21 18:34 138,862 --a------ C:\WINDOWS\system32\alfa.exe
2006-09-09 17:04 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2006-08-26 22:08 2,368 --a------ C:\WINDOWS\system32\SVKP.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-22 13:53 -------- d-------- C:\Program Files\Trillian
2006-09-22 13:39 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-22 13:32 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-22 09:16 -------- d-------- C:\Program Files\Common Files
2006-09-22 04:37 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Adobe
2006-09-22 00:11 -------- d-------- C:\Program Files\MSN Messenger
2006-09-22 00:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 23:03 125 ---hs---- C:\Documents and Settings\scott caines\Application Data\.zreglib
2006-09-21 23:01 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 21:12 -------- d-------- C:\Documents and Settings\scott caines\Application Data\wsInspector
2006-09-21 18:38 554139 --a------ C:\Documents and Settings\scott caines\Application Data\Dxcknwrd.dll
2006-09-21 15:01 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-09-20 23:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-20 23:02 -------- d-------- C:\Program Files\Google
2006-09-20 22:38 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Apple Computer
2006-09-20 20:31 -------- d-------- C:\Program Files\Zoom Player
2006-09-20 18:20 -------- d-------- C:\Program Files\AOL 9.0b
2006-09-20 18:04 -------- d-------- C:\Program Files\Mame32
2006-09-19 18:34 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-18 22:53 -------- d-------- C:\Program Files\vso
2006-09-18 17:13 -------- d-------- C:\Program Files\Auction Sentry
2006-09-17 21:16 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 20:21 -------- d-------- C:\Program Files\ClicPic
2006-09-16 16:10 -------- d-------- C:\Program Files\Windows Defender
2006-09-16 16:09 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-15 21:43 -------- d-------- C:\Program Files\Yahoo!
2006-09-14 22:39 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Google
2006-09-14 17:34 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-14 00:17 81920 --a------ C:\Documents and Settings\scott caines\Application Data\ezpinst.exe
2006-09-14 00:17 7176 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.cat
2006-09-14 00:17 47360 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.sys
2006-09-14 00:17 33 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.log
2006-09-14 00:17 1144 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.inf
2006-09-14 00:17 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Vso
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-12 17:56 -------- d-------- C:\Program Files\Internet Explorer
2006-09-12 17:54 -------- d-------- C:\Documents and Settings\scott caines\Application Data\AOL
2006-09-05 22:25 -------- d-------- C:\Program Files\Belarc
2006-09-01 16:10 -------- d-------- C:\Documents and Settings\scott caines\Application Data\teamspeak2
2006-08-31 21:55 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 16:43 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Avant Browser
2006-08-30 23:39 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-08-29 21:37 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-29 17:34 -------- d-------- C:\Program Files\WinRAR
2006-08-27 23:39 -------- d-------- C:\Program Files\BitComet
2006-08-27 11:50 -------- d-------- C:\Program Files\Real
2006-08-27 11:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-27 11:49 -------- d-------- C:\Program Files\Common Files\Real
2006-08-27 11:27 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Real
2006-08-26 22:30 -------- d-------- C:\Program Files\WinAVI VideoConverter
2006-08-26 22:12 -------- d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2006-08-26 14:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd4365.sys
2006-08-26 14:46 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-23 23:22 -------- d-------- C:\Program Files\LimeWire
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:17 -------- d-------- C:\Program Files\Washer
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 19:46 -------- d---s---- C:\Documents and Settings\scott caines\Application Data\Microsoft
2006-08-20 01:58 -------- d-------- C:\Program Files\Opera
2006-08-09 03:57 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-09 03:57 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 21:41 -------- d---s---- C:\Program Files\Xfire
2006-07-28 21:41 -------- d-------- C:\Program Files\Windows Media Player
2006-07-28 21:41 -------- d-------- C:\Program Files\QuickTime
2006-07-28 21:41 -------- d-------- C:\Program Files\NetMeeting
2006-07-28 21:41 -------- d-------- C:\Program Files\KnightOnline
2006-07-28 21:41 -------- d-------- C:\Program Files\AOL
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:33 613888 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-07-25 18:24 -------- d-------- C:\Program Files\Phenix-Q8
2006-07-25 18:24 -------- d-------- C:\Program Files\Common Files\PCCamera
2006-07-22 22:06 -------- d-------- C:\Documents and Settings\scott caines\Application Data\WebCompiler3
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 12:08 286720 --------- C:\WINDOWS\Setup1.exe
2006-06-23 12:02 658944 --a------ C:\WINDOWS\system32\wininet(2).dll
2006-06-23 12:02 474112 --a------ C:\WINDOWS\system32\shlwapi(2).dll
2006-06-23 12:02 448512 --a------ C:\WINDOWS\system32\mshtmled(3).dll
2006-06-23 12:02 1022976 --a------ C:\WINDOWS\system32\browseui(5).dll
2006-06-22 06:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 06:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"BidSlayer"=""
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"EPSON Stylus C40 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /A \"C:\\WINDOWS\\System32\\E_S102.tmp\""
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /M \"Stylus D68\" /EF \"HKCU\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
"msvmsvcv"="C:\\WINDOWS\\system32\\msvmsvcv.exe"
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"DSLAGENTEXE"="dslagent.exe USB"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"explorer"="C:\\Documents and Settings\\scott caines\\Xinstall.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"1A:Stardock TrayMonitor"=""
"nwiz"="nwiz.exe /install"
"WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup"
"Trickler"="\"c:\\windows\\temp\\adware\\fsg_4104.exe\""
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BrowseProxy"="C:\\Program Files\\AdvSearch\\FindService.exe"
"websearch"="wjview /cp:p \"C:\\Program Files\\websearch\\System\\Code\" Main lp: \"C:\\Program Files\\websearch\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KAZAA"="C:\\Program Files\\KaZaA\\kazaa.exe /SYSTRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB002\" /M \"Stylus C42\""
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\9.bin\\mwsoemon.exe"
"AltnetPointsManager"="C:\\Program Files\\Altnet\\Points Manager\\Points Manager.exe -s "
"updmgr"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"P2P Networking"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMOAgent.exe\" /run"
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\PCClient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\pccguide.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Admanager Controller"="C:\\Program Files\\Admanager Controller\\AdManCtl.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"BlockChecker"="C:\\Program Files\\Block Checker\\block-checker.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Voyager100Test\\fts.exe\""
"DriverMagicLogon"="\"C:\\Program Files\\SymplisIT\\DriverMagic\\dmschedule.exe\" /boot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144493714\\ee\\AOLSoftware.exe"
"PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"
"Videora"="C:\\Program Files\\Videora\\Videora.exe -t"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /O6 \"USB002\" /M \"Stylus D68\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RegistryMechanic"=""
"EPSON Stylus D68 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P32 \"EPSON Stylus D68 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus D68\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"retsu"="C:\\Program Files\\Retsub_01\\csrss.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"werinit"="C:\\WINDOWS\\svcwinra.exe"
"msvmsvcv"="C:\\WINDOWS\\system32\\msvmsvcv.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"CTFMon"="C:\\WINDOWS\\system32\\CTF\\ctfmon.exe"
"newname"="c:\\\\nwnmff_e10.exe"
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"
"explorer"="C:\\Documents and Settings\\scott caines\\Xinstall.exe"
"defender"="c:\\\\dfndrff_e10.exe"
"keyboard"="c:\\\\kybrdff_e10.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices\not active]
"1A:Stardock TrayMonitor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"SubscribedURL"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9e,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,b5,05,0f

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 22/09/2006 13:57:53.48
ComboFix.txt
ComboFix2.txt
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-23-2006, 10:46 AM   #4 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


Can you tell me what Third Party Software you are using to disable DeluxeCommunication, Net.Net, AdvSearch, etc…?

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

====================================================================================================

Showing Hidden files, folders, and system files and folders

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled.

Also make sure that the System Files and Folders are showing / visible.

Uncheck the Hide protected operating system files option.
====================================================================================================

Suspicious File Packer

Before fixing anything, Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:
C:\WINDOWS\system32\alfa.exe
C:\WINDOWS\system32\Chip.dll
Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.
====================================================================================================

Disable Software that may interfere with fixes

Windows Defender

To disable Real-Time Protection:

* Go to "Tools" | "General Settings"
* Scroll down to "Real-time protection options"
* Uncheck "Turn on real-time protection (recommended)"
* Remember to reactivate this feature when we have finished all our work.
====================================================================================================

P2P Software Installed

P2P Software
I see you have BitComet, Kazaa and Limewire installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation. I will make recommendations below for removal highlighted in Orange, which you can choose to ignore, where this P2P application is involved. I’ll leave the decision to you.
====================================================================================================


Downloads

Cleanup!

Cleanup! and install it. You will use this later.


Kazaa Begone

Download KazaaBegone and unzip it to your desktop. Warning: This version has a bug that can cause your Internet connection to be broken when removing New.Net, WebHancer or CommonName. Before using KazaaBegone, download WinsockFix just in case you need it (if it breaks your internet connection, run it).

SDFix

Download SDFix and save it to your desktop.

ComboFix <- This is a different version from the one you ran earlier, please replace the version you have with this one

1. Download from one of the following locations Combofix to your desktop -

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Save this log to your desktop as combo1.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
====================================================================================================

Delete Bad Registry Entries

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"BidSlayer"=-
"msvmsvcv"=-
"DeluxeCommunications"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"explorer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"1A:Stardock TrayMonitor"=-
"WT GameChannel"=-
"New.net Startup"=-
"Trickler"=-
"wcmdmgr"=-
"BrowseProxy"=-
"websearch"=-
Plugin"=-
"AltnetPointsManager"=-
"updmgr"=-
"P2P Networking"=-
"BlockChecker"=-
"RegistryMechanic"=-
"retsu"=-
"werinit"=-
"msvmsvcv"=-
"newname"=-
"DeluxeCommunications"=-
"explorer"=-
"defender"=-
"keyboard"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices\not active]
"1A:Stardock TrayMonitor"=-
====================================================================================================

Rebooting in Safe Mode

Next, reboot your computer in SafeMode :
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.
====================================================================================================


Add/Remove Programs

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

BitComet
Limewire
Kazaa

====================================================================================================

HiJackThis! Fixes

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe


Please remember to close all other windows, including browsers then click Fix checked.
====================================================================================================

Tools

Kazaa Begone

Run KazaaBegone.exe
Select "Search and destroy all installed components"then click "Go.
====================================================================================================

Deleting Files and Folders

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\NewDotNet
c:\windows\temp\adware
C:\WINDOWS\wt
C:\Program Files\websearch
C:\Program Files\AdvSearch
C:\Program Files\MyWebSearch
C:\Program Files\Altnet
C:\WINDOWS\System32\P2P Networking
C:\Program Files\Admanager Controller
C:\Program Files\Block Checker
C:\Program Files\MessengerPlus! 3
C:\WINDOWS\svcwinra.exe
c:\nwnmff_e10.exe
c:\dfndrff_e10.exe
c:\kybrdff_e10.exe
C:\Program Files\Limewire
C:\Program Files\BitComet
C:\Program Files\Kazaa

====================================================================================================

Tools

CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program and DO NOT reboot when prompted.


SDFix
  • Right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file
    Report.txt back onto the forum with a new HijackThis log

====================================================================================================

Rebooting in Normal Mode


Reboot your system in Normal Mode.
====================================================================================================

Online Virus/Spyware Scan

Panda Activescan

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
====================================================================================================

Tools

HiJackThis!

Please run a new HiJackThis! Scan and post the results with your next reply
====================================================================================================

Summary: Please make sure you have completed all of the steps above and include the following in your next post

New HiJackThis! Log
Panda ActiveScan Log
Report.txt
ComboFix Log
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-23-2006, 02:04 PM   #5 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


I have submitted the CAB and shall continue with instructions and post back when completed, thanks
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-24-2006, 11:34 AM   #6 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


Here's the 4 logs required. The only problem I had was with kazaa as it wouldn't remove.

============================================================

Hijackthis Log


Logfile of HijackThis v1.99.1
Scan saved at 18:28:48, on 24/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Documents and Settings\scott caines\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Never Offline ® Internet Explorer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebca...ebMonProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www1.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www1.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.uclan.ac.uk/other/iss/remote/wficat.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152209767811
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.244.192.60/activex/AxisCamControl.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/ao...US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda...pcuploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4AFE5EB-465B-4005-904D-7F362321460C}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - SlySoft, Inc. - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

======================================================================================

Panda Activescan Log



Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UERS_9999_N91S2507NetInstaller.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware program Not disinfected c:\windows\ss3unstl.exe
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:adware/block-checker Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\scott caines\alfa.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.2o7.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.adrevolver.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.adtech.de/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.com.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.adviva.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.apmebf.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[searchportal.information.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.mysearch.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\scott caines\Application Data\Mozilla\Firefox\Profiles\fe6i6i96.Default User\cookies.txt[stats.drivecleaner.com/]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\scott caines\Desktop\requested-files[2006-09-23_21_00].cab[C:\WINDOWS\system32\alfa.exe]
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\scott caines\Desktop\requested-files[2006-09-23_21_00].cab[C:\WINDOWS\system32\alfa.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\scott caines\Desktop\requested-files[2006-09-23_21_00].cab[C:\WINDOWS\system32\alfa.exe][¦++\²íÇ\Update.exe]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\scott caines\Desktop\requested-files[2006-09-23_21_00].cab[C:\WINDOWS\system32\alfa.exe][MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\scott caines\Desktop\requested-files[2006-09-23_21_00].cab[C:\WINDOWS\system32\alfa.exe][Activate.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\scott caines\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\scott caines\Desktop\SDFix.zip[SDFix/apps/Process.exe]
Potentially unwanted tool:Application/FamilyKeylogger Not disinfected C:\Documents and Settings\scott caines\My Documents\My Downloaded Files\logger\familykeylogger-download.zip[FamilyKeyLogger-setup.exe][ctfmon.dll]
Potentially unwanted tool:Application/GoldenKeyLog Not disinfected C:\Documents and Settings\scott caines\My Documents\My Downloaded Files\logger\familykeylogger-download.zip[FamilyKeyLogger-setup.exe][ctfs.dll]
Potentially unwanted tool:Application/FamilyKeylogger Not disinfected C:\Documents and Settings\scott caines\My Documents\My Downloaded Files\logger\FamilyKeyLogger-setup.exe[ctfmon.dll]
Potentially unwanted tool:Application/GoldenKeyLog Not disinfected C:\Documents and Settings\scott caines\My Documents\My Downloaded Files\logger\FamilyKeyLogger-setup.exe[ctfs.dll]
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\Common Files\aolshare\AOL Spyware Protection\Backup\10525531.asw
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Downloaded Program Files\speedtest2.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\turbo.inf
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\alfa.exe
Potentially unwanted tool:Application/FamilyKeylogger Not disinfected C:\WINDOWS\system32\CTF\ctfmon.dll
Potentially unwanted tool:Application/GoldenKeyLog Not disinfected C:\WINDOWS\system32\CTF\ctfs.dll_tobedeleted

===============================================================================

Report.txt


SDFix: Version 1.25
-------------------

24/09/2006
15:30


Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\scott caines\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----

SVKP

Path:
----

\??\C:\WINDOWS\system32\SVKP.sys


SVKP ... deleted


Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting!

Stage Two...

Registry Cleaning Finished...

Checking For Malware Files:
--------------------------

C:\WINDOWS\system32\SVKP.SYS

Backing Up and Removing any Files Found...

Final Check:

Remaining Services:
------------------

Remaining Files:
--------------



*If Malware was detected, the files are stored in the SDFix\Backup Folder !

*FINISHED*

============================================================================

ComboFix Log

scott caines - 06-09-24 14:36:28.96 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\scott caines\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))




* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))


2006-09-21 18:34 138,862 --a------ C:\WINDOWS\system32\alfa.exe
2006-09-09 17:04 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2006-08-26 22:08 2,368 --a------ C:\WINDOWS\system32\SVKP.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-24 14:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 14:34 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-24 14:33 -------- d-------- C:\Program Files\KazaaBegone
2006-09-24 13:22 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Adobe
2006-09-24 10:38 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-23 20:53 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-22 21:14 125 ---hs---- C:\Documents and Settings\scott caines\Application Data\.zreglib
2006-09-22 15:49 -------- d-------- C:\Documents and Settings\scott caines\Application Data\wsInspector
2006-09-22 13:53 -------- d-------- C:\Program Files\Trillian
2006-09-22 09:16 -------- d-------- C:\Program Files\Common Files
2006-09-22 00:11 -------- d-------- C:\Program Files\MSN Messenger
2006-09-22 00:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 23:01 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 18:38 554139 --a------ C:\Documents and Settings\scott caines\Application Data\Dxcknwrd.dll
2006-09-21 15:01 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-09-20 23:02 -------- d-------- C:\Program Files\Google
2006-09-20 22:38 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Apple Computer
2006-09-20 20:31 -------- d-------- C:\Program Files\Zoom Player
2006-09-20 18:20 -------- d-------- C:\Program Files\AOL 9.0b
2006-09-20 18:04 -------- d-------- C:\Program Files\Mame32
2006-09-19 18:34 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-18 22:53 -------- d-------- C:\Program Files\vso
2006-09-18 17:13 -------- d-------- C:\Program Files\Auction Sentry
2006-09-17 21:16 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 20:21 -------- d-------- C:\Program Files\ClicPic
2006-09-16 16:10 -------- d-------- C:\Program Files\Windows Defender
2006-09-16 16:09 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-15 21:43 -------- d-------- C:\Program Files\Yahoo!
2006-09-14 22:39 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Google
2006-09-14 17:34 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-14 00:17 81920 --a------ C:\Documents and Settings\scott caines\Application Data\ezpinst.exe
2006-09-14 00:17 7176 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.cat
2006-09-14 00:17 47360 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.sys
2006-09-14 00:17 33 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.log
2006-09-14 00:17 1144 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.inf
2006-09-14 00:17 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Vso
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-12 17:56 -------- d-------- C:\Program Files\Internet Explorer
2006-09-12 17:54 -------- d-------- C:\Documents and Settings\scott caines\Application Data\AOL
2006-09-05 22:25 -------- d-------- C:\Program Files\Belarc
2006-09-01 16:10 -------- d-------- C:\Documents and Settings\scott caines\Application Data\teamspeak2
2006-08-31 21:55 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 16:43 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Avant Browser
2006-08-30 23:39 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-08-29 21:37 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-29 17:34 -------- d-------- C:\Program Files\WinRAR
2006-08-27 23:39 -------- d-------- C:\Program Files\BitComet
2006-08-27 11:50 -------- d-------- C:\Program Files\Real
2006-08-27 11:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-27 11:49 -------- d-------- C:\Program Files\Common Files\Real
2006-08-27 11:27 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Real
2006-08-26 22:30 -------- d-------- C:\Program Files\WinAVI VideoConverter
2006-08-26 22:12 -------- d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2006-08-26 14:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd4365.sys
2006-08-26 14:46 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-23 23:22 -------- d-------- C:\Program Files\LimeWire
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:17 -------- d-------- C:\Program Files\Washer
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 19:46 -------- d---s---- C:\Documents and Settings\scott caines\Application Data\Microsoft
2006-08-20 01:58 -------- d-------- C:\Program Files\Opera
2006-08-09 03:57 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-09 03:57 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 21:41 -------- d---s---- C:\Program Files\Xfire
2006-07-28 21:41 -------- d-------- C:\Program Files\Windows Media Player
2006-07-28 21:41 -------- d-------- C:\Program Files\QuickTime
2006-07-28 21:41 -------- d-------- C:\Program Files\NetMeeting
2006-07-28 21:41 -------- d-------- C:\Program Files\KnightOnline
2006-07-28 21:41 -------- d-------- C:\Program Files\AOL
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:33 613888 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-07-25 18:24 -------- d-------- C:\Program Files\Phenix-Q8
2006-07-25 18:24 -------- d-------- C:\Program Files\Common Files\PCCamera
2006-07-22 22:06 -------- d-------- C:\Documents and Settings\scott caines\Application Data\WebCompiler3
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 12:08 286720 --------- C:\WINDOWS\Setup1.exe
2006-06-23 12:02 658944 --a------ C:\WINDOWS\system32\wininet(2).dll
2006-06-23 12:02 474112 --a------ C:\WINDOWS\system32\shlwapi(2).dll
2006-06-23 12:02 448512 --a------ C:\WINDOWS\system32\mshtmled(3).dll
2006-06-23 12:02 1022976 --a------ C:\WINDOWS\system32\browseui(5).dll
2006-06-22 06:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 06:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"BidSlayer"=""
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"EPSON Stylus C40 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /A \"C:\\WINDOWS\\System32\\E_S102.tmp\""
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /M \"Stylus D68\" /EF \"HKCU\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
"msvmsvcv"="C:\\WINDOWS\\system32\\msvmsvcv.exe"
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"DSLAGENTEXE"="dslagent.exe USB"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"1A:Stardock TrayMonitor"=""
"nwiz"="nwiz.exe /install"
"WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup"
"Trickler"="\"c:\\windows\\temp\\adware\\fsg_4104.exe\""
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BrowseProxy"="C:\\Program Files\\AdvSearch\\FindService.exe"
"websearch"="wjview /cp:p \"C:\\Program Files\\websearch\\System\\Code\" Main lp: \"C:\\Program Files\\websearch\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KAZAA"="C:\\Program Files\\KaZaA\\kazaa.exe /SYSTRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB002\" /M \"Stylus C42\""
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\9.bin\\mwsoemon.exe"
"AltnetPointsManager"="C:\\Program Files\\Altnet\\Points Manager\\Points Manager.exe -s "
"updmgr"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"P2P Networking"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMOAgent.exe\" /run"
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\PCClient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\pccguide.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Admanager Controller"="C:\\Program Files\\Admanager Controller\\AdManCtl.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"BlockChecker"="C:\\Program Files\\Block Checker\\block-checker.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Voyager100Test\\fts.exe\""
"DriverMagicLogon"="\"C:\\Program Files\\SymplisIT\\DriverMagic\\dmschedule.exe\" /boot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144493714\\ee\\AOLSoftware.exe"
"PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"
"Videora"="C:\\Program Files\\Videora\\Videora.exe -t"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /O6 \"USB002\" /M \"Stylus D68\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RegistryMechanic"=""
"EPSON Stylus D68 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P32 \"EPSON Stylus D68 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus D68\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"retsu"="C:\\Program Files\\Retsub_01\\csrss.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"werinit"="C:\\WINDOWS\\svcwinra.exe"
"msvmsvcv"="C:\\WINDOWS\\system32\\msvmsvcv.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"CTFMon"="C:\\WINDOWS\\system32\\CTF\\ctfmon.exe"
"newname"="c:\\\\nwnmff_e10.exe"
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"
"explorer"="C:\\Documents and Settings\\scott caines\\Xinstall.exe"
"defender"="c:\\\\dfndrff_e10.exe"
"keyboard"="c:\\\\kybrdff_e10.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices\not active]
"1A:Stardock TrayMonitor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"SubscribedURL"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9e,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,b5,05,0f

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 24/09/2006 14:43:51.15
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-24-2006, 11:38 AM   #7 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


HiJackThis! Fixes

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\scott caines\Xinstall.exe
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

Please remember to close all other windows, including browsers then click Fix checked.
====================================================================================================

Shutdown MSN Messenger
Then, check this folder -> C:\Program Files\MSN Messenger
Look for this file -> msgs.exe. If found, DO NOT delete it.
Delete msnmsgr.exe instead & rename msgs.exe to msnmsgr.exe, AGAIN MAKE SURE YOU ONLY DELETE msnmsgr.exe IF AND ONLY IF msgs.exe exists in C:\Program Files\MSN Messenger folder

Also delete C:\Documents and Settings\scott caines\Xinstall.exe

Search for & delete these via Start -> Seach:

sprk.exe
sprt.exe
sprx.exe
spry.exe

Please post a fresh HJT log after doing this. Thanks
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-24-2006, 12:09 PM   #8 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


Also, please run Combofix again and post a new combofix log here
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-24-2006, 03:59 PM   #9 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


Couldnt find any trace of xinstall.exe in hijack this log or in C:\Documents and Settings\scott caines\Xinstall.exe

Deleted and renamed in msn folder

Used search facility and couldn't find any of the 4 .exe
sprk.exe
sprt.exe
sprx.exe
spry.exe

=========================================================

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 22:38:35, on 24/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\scott caines\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Never Offline ® Internet Explorer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebca...ebMonProj1.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www1.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www1.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.uclan.ac.uk/other/iss/remote/wficat.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152209767811
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.244.192.60/activex/AxisCamControl.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/ao...US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda...pcuploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4AFE5EB-465B-4005-904D-7F362321460C}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - SlySoft, Inc. - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

==========================================================

Combofix Log


scott caines - 06-09-24 22:48:04.15 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\scott caines\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))


2006-09-21 18:34 138,862 --a------ C:\WINDOWS\system32\alfa.exe
2006-09-09 17:04 34,308 --a------ C:\WINDOWS\system32\Chip.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-24 22:25 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-24 22:20 -------- d-------- C:\Program Files\MSN Messenger
2006-09-24 22:14 -------- d-------- C:\Program Files\Trillian
2006-09-24 21:53 -------- d-------- C:\Documents and Settings\scott caines\Application Data\wsInspector
2006-09-24 21:51 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Adobe
2006-09-24 19:06 -------- d-------- C:\Documents and Settings\scott caines\Application Data\teamspeak2
2006-09-24 17:33 -------- d-------- C:\Program Files\AOL 9.0b
2006-09-24 17:15 -------- d-------- C:\Program Files\WinZip
2006-09-24 17:15 -------- d-------- C:\Program Files\WinRAR
2006-09-24 17:15 -------- d-------- C:\Program Files\Windows Defender
2006-09-24 17:10 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 16:57 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 16:56 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-24 16:50 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 15:42 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 14:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 14:34 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-24 14:33 -------- d-------- C:\Program Files\KazaaBegone
2006-09-22 21:14 125 ---hs---- C:\Documents and Settings\scott caines\Application Data\.zreglib
2006-09-22 09:16 -------- d-------- C:\Program Files\Common Files
2006-09-22 00:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 23:01 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 15:01 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-09-20 23:02 -------- d-------- C:\Program Files\Google
2006-09-20 22:38 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Apple Computer
2006-09-20 20:31 -------- d-------- C:\Program Files\Zoom Player
2006-09-20 18:04 -------- d-------- C:\Program Files\Mame32
2006-09-19 18:34 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-18 22:53 -------- d-------- C:\Program Files\vso
2006-09-18 17:13 -------- d-------- C:\Program Files\Auction Sentry
2006-09-17 21:16 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 20:21 -------- d-------- C:\Program Files\ClicPic
2006-09-16 16:09 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-15 21:43 -------- d-------- C:\Program Files\Yahoo!
2006-09-14 22:39 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Google
2006-09-14 17:34 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-14 00:17 81920 --a------ C:\Documents and Settings\scott caines\Application Data\ezpinst.exe
2006-09-14 00:17 7176 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.cat
2006-09-14 00:17 47360 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.sys
2006-09-14 00:17 33 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.log
2006-09-14 00:17 1144 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.inf
2006-09-14 00:17 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Vso
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-12 17:54 -------- d-------- C:\Documents and Settings\scott caines\Application Data\AOL
2006-09-05 22:25 -------- d-------- C:\Program Files\Belarc
2006-08-31 21:55 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 16:43 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Avant Browser
2006-08-30 23:39 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-08-29 21:37 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-27 11:50 -------- d-------- C:\Program Files\Real
2006-08-27 11:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-27 11:49 -------- d-------- C:\Program Files\Common Files\Real
2006-08-27 11:27 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Real
2006-08-26 22:30 -------- d-------- C:\Program Files\WinAVI VideoConverter
2006-08-26 22:12 -------- d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2006-08-26 14:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd4365.sys
2006-08-26 14:46 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:17 -------- d-------- C:\Program Files\Washer
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 19:46 -------- d---s---- C:\Documents and Settings\scott caines\Application Data\Microsoft
2006-08-20 01:58 -------- d-------- C:\Program Files\Opera
2006-08-09 03:57 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-09 03:57 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 21:41 -------- d---s---- C:\Program Files\Xfire
2006-07-28 21:41 -------- d-------- C:\Program Files\QuickTime
2006-07-28 21:41 -------- d-------- C:\Program Files\NetMeeting
2006-07-28 21:41 -------- d-------- C:\Program Files\KnightOnline
2006-07-28 21:41 -------- d-------- C:\Program Files\AOL
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:33 613888 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-07-25 18:24 -------- d-------- C:\Program Files\Phenix-Q8
2006-07-25 18:24 -------- d-------- C:\Program Files\Common Files\PCCamera
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 12:08 286720 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"BidSlayer"=""
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"EPSON Stylus C40 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /A \"C:\\WINDOWS\\System32\\E_S102.tmp\""
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /M \"Stylus D68\" /EF \"HKCU\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
"msvmsvcv"="C:\\WINDOWS\\system32\\msvmsvcv.exe"
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"DSLAGENTEXE"="dslagent.exe USB"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"1A:Stardock TrayMonitor"=""
"nwiz"="nwiz.exe /install"
"WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup"
"Trickler"="\"c:\\windows\\temp\\adware\\fsg_4104.exe\""
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BrowseProxy"="C:\\Program Files\\AdvSearch\\FindService.exe"
"websearch"="wjview /cp:p \"C:\\Program Files\\websearch\\System\\Code\" Main lp: \"C:\\Program Files\\websearch\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KAZAA"="C:\\Program Files\\KaZaA\\kazaa.exe /SYSTRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB002\" /M \"Stylus C42\""
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\9.bin\\mwsoemon.exe"
"AltnetPointsManager"="C:\\Program Files\\Altnet\\Points Manager\\Points Manager.exe -s "
"updmgr"="C:\\Program Files\\Common files\\updmgr\\updmgr.exe"
"P2P Networking"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMOAgent.exe\" /run"
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\PCClient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\pccguide.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Admanager Controller"="C:\\Program Files\\Admanager Controller\\AdManCtl.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"BlockChecker"="C:\\Program Files\\Block Checker\\block-checker.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Voyager100Test\\fts.exe\""
"DriverMagicLogon"="\"C:\\Program Files\\SymplisIT\\DriverMagic\\dmschedule.exe\" /boot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144493714\\ee\\AOLSoftware.exe"
"PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"
"Videora"="C:\\Program Files\\Videora\\Videora.exe -t"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /O6 \"USB002\" /M \"Stylus D68\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RegistryMechanic"=""
"EPSON Stylus D68 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P32 \"EPSON Stylus D68 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus D68\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"retsu"="C:\\Program Files\\Retsub_01\\csrss.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"werinit"="C:\\WINDOWS\\svcwinra.exe"
"msvmsvcv"="C:\\WINDOWS\\system32\\msvmsvcv.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"CTFMon"="C:\\WINDOWS\\system32\\CTF\\ctfmon.exe"
"newname"="c:\\\\nwnmff_e10.exe"
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"
"explorer"="C:\\Documents and Settings\\scott caines\\Xinstall.exe"
"defender"="c:\\\\dfndrff_e10.exe"
"keyboard"="c:\\\\kybrdff_e10.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices\not active]
"1A:Stardock TrayMonitor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"SubscribedURL"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9e,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,b5,05,0f

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 24/09/2006 22:50:17.67
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-24-2006, 08:32 PM   #10 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


Deleting Files and Folders

Delete the following Files indicated in RED if they still exist.

C:\WINDOWS\system32\alfa.exe
====================================================================================================

Delete Bad Registry Entries

Please download the attached .zip file and unzip it to your desktop. If it asks you if you would like to replace the existing file say Yes. Once you have done this please double click it and allow it to merge to your registry.
====================================================================================================

ComboFix

Please run ComboFix once more and post the log here for review
Attached Files
File Type: zip RegdelForRotisman38.zip (471 Bytes, 1 views)
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-25-2006, 07:21 AM   #11 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


New combofix log

scott caines - 06-09-25 14:13:44.25 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\scott caines\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-09 17:04 34,308 --a------ C:\WINDOWS\system32\Chip.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-25 12:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-25 00:36 -------- d-------- C:\Program Files\Auction Sentry
2006-09-24 22:20 -------- d-------- C:\Program Files\MSN Messenger
2006-09-24 22:14 -------- d-------- C:\Program Files\Trillian
2006-09-24 21:53 -------- d-------- C:\Documents and Settings\scott caines\Application Data\wsInspector
2006-09-24 21:51 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Adobe
2006-09-24 19:06 -------- d-------- C:\Documents and Settings\scott caines\Application Data\teamspeak2
2006-09-24 17:33 -------- d-------- C:\Program Files\AOL 9.0b
2006-09-24 17:15 -------- d-------- C:\Program Files\WinZip
2006-09-24 17:15 -------- d-------- C:\Program Files\WinRAR
2006-09-24 17:15 -------- d-------- C:\Program Files\Windows Defender
2006-09-24 17:10 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 16:57 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 16:56 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-24 16:50 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 15:42 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 14:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 14:34 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-24 14:33 -------- d-------- C:\Program Files\KazaaBegone
2006-09-22 21:14 125 ---hs---- C:\Documents and Settings\scott caines\Application Data\.zreglib
2006-09-22 09:16 -------- d-------- C:\Program Files\Common Files
2006-09-22 00:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 23:01 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 15:01 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-09-20 23:02 -------- d-------- C:\Program Files\Google
2006-09-20 22:38 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Apple Computer
2006-09-20 20:31 -------- d-------- C:\Program Files\Zoom Player
2006-09-20 18:04 -------- d-------- C:\Program Files\Mame32
2006-09-19 18:34 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-18 22:53 -------- d-------- C:\Program Files\vso
2006-09-17 21:16 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 20:21 -------- d-------- C:\Program Files\ClicPic
2006-09-16 16:09 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-15 21:43 -------- d-------- C:\Program Files\Yahoo!
2006-09-14 22:39 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Google
2006-09-14 17:34 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-14 00:17 81920 --a------ C:\Documents and Settings\scott caines\Application Data\ezpinst.exe
2006-09-14 00:17 7176 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.cat
2006-09-14 00:17 47360 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.sys
2006-09-14 00:17 33 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.log
2006-09-14 00:17 1144 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.inf
2006-09-14 00:17 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Vso
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-12 17:54 -------- d-------- C:\Documents and Settings\scott caines\Application Data\AOL
2006-09-05 22:25 -------- d-------- C:\Program Files\Belarc
2006-08-31 21:55 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 16:43 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Avant Browser
2006-08-30 23:39 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-08-29 21:37 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-27 11:50 -------- d-------- C:\Program Files\Real
2006-08-27 11:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-27 11:49 -------- d-------- C:\Program Files\Common Files\Real
2006-08-27 11:27 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Real
2006-08-26 22:30 -------- d-------- C:\Program Files\WinAVI VideoConverter
2006-08-26 22:12 -------- d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2006-08-26 14:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd4365.sys
2006-08-26 14:46 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:17 -------- d-------- C:\Program Files\Washer
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 19:46 -------- d---s---- C:\Documents and Settings\scott caines\Application Data\Microsoft
2006-08-20 01:58 -------- d-------- C:\Program Files\Opera
2006-08-09 03:57 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-09 03:57 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 21:41 -------- d---s---- C:\Program Files\Xfire
2006-07-28 21:41 -------- d-------- C:\Program Files\QuickTime
2006-07-28 21:41 -------- d-------- C:\Program Files\NetMeeting
2006-07-28 21:41 -------- d-------- C:\Program Files\KnightOnline
2006-07-28 21:41 -------- d-------- C:\Program Files\AOL
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:33 613888 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-07-25 18:24 -------- d-------- C:\Program Files\Phenix-Q8
2006-07-25 18:24 -------- d-------- C:\Program Files\Common Files\PCCamera
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 12:08 286720 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"EPSON Stylus C40 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /A \"C:\\WINDOWS\\System32\\E_S102.tmp\""
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /M \"Stylus D68\" /EF \"HKCU\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"DSLAGENTEXE"="dslagent.exe USB"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"nwiz"="nwiz.exe /install"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KAZAA"="C:\\Program Files\\KaZaA\\kazaa.exe /SYSTRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB002\" /M \"Stylus C42\""
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\9.bin\\mwsoemon.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMOAgent.exe\" /run"
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\PCClient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\pccguide.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Admanager Controller"="C:\\Program Files\\Admanager Controller\\AdManCtl.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Voyager100Test\\fts.exe\""
"DriverMagicLogon"="\"C:\\Program Files\\SymplisIT\\DriverMagic\\dmschedule.exe\" /boot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144493714\\ee\\AOLSoftware.exe"
"PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"
"Videora"="C:\\Program Files\\Videora\\Videora.exe -t"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /O6 \"USB002\" /M \"Stylus D68\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"EPSON Stylus D68 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P32 \"EPSON Stylus D68 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus D68\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"CTFMon"="C:\\WINDOWS\\system32\\CTF\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"SubscribedURL"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9e,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,b5,05,0f

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 25/09/2006 14:16:33.68
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-25-2006, 05:04 PM   #12 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


====================================================================================================

Delete Bad Registry Entries

Please download the attached .zip file and unzip it to your desktop. If it asks you if you would like to replace the existing file say Yes. Once you have done this please double click it and allow it to merge to your registry.
====================================================================================================

ComboFix

Please run ComboFix once more and post the log here for review
====================================================================================================

Kaspersky Online Scanner


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
====================================================================================================

Summary: Please make sure you have completed all of the steps above and include the following in your next post

ComboFix Log
Kaspersky Log
Attached Files
File Type: zip regdel2.zip (268 Bytes, 1 views)
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-26-2006, 03:23 PM   #13 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


scott caines - 06-09-26 15:59:56.65 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\scott caines\Desktop\Daniels"

((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))


2006-09-26 15:27 20,480 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-09-09 17:04 34,308 --a------ C:\WINDOWS\system32\Chip.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-26 15:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-26 15:52 -------- d-------- C:\Program Files\Windows Defender
2006-09-26 15:31 -------- d---s---- C:\Documents and Settings\scott caines\Application Data\Microsoft
2006-09-26 15:30 44288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-09-26 15:22 -------- d-------- C:\Program Files\WordSearch
2006-09-26 15:22 -------- d-------- C:\Program Files\Windows Media Player
2006-09-26 15:22 -------- d-------- C:\Program Files\Voyager100Test
2006-09-26 15:22 -------- d-------- C:\Program Files\ToolbarCounter
2006-09-26 15:22 -------- d-------- C:\Program Files\quicksnooker
2006-09-26 15:22 -------- d-------- C:\Program Files\Netscape Online
2006-09-26 15:22 -------- d-------- C:\Program Files\Movie Maker
2006-09-26 15:22 -------- d-------- C:\Program Files\Microsoft Works
2006-09-26 15:22 -------- d-------- C:\Program Files\Messenger
2006-09-26 15:16 -------- d-------- C:\Documents and Settings\scott caines\Application Data\wsInspector
2006-09-26 00:01 -------- d-------- C:\Program Files\Trend Micro
2006-09-25 23:23 125 ---hs---- C:\Documents and Settings\scott caines\Application Data\.zreglib
2006-09-25 23:02 -------- d-------- C:\Program Files\Trillian
2006-09-25 16:59 -------- d-------- C:\Program Files\AOL Toolbar
2006-09-25 16:59 -------- d-------- C:\Program Files\AOL 9.0b
2006-09-25 16:59 -------- d-------- C:\Program Files\AOL 9.0a
2006-09-25 16:58 -------- d-------- C:\Program Files\AOL 9.0
2006-09-25 00:36 -------- d-------- C:\Program Files\Auction Sentry
2006-09-24 22:20 -------- d-------- C:\Program Files\MSN Messenger
2006-09-24 21:51 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Adobe
2006-09-24 19:06 -------- d-------- C:\Documents and Settings\scott caines\Application Data\teamspeak2
2006-09-24 17:15 -------- d-------- C:\Program Files\WinZip
2006-09-24 17:15 -------- d-------- C:\Program Files\WinRAR
2006-09-24 17:10 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 16:57 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 16:50 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 14:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 14:34 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-22 09:16 -------- d-------- C:\Program Files\Common Files
2006-09-22 00:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 23:01 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 15:01 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-09-20 23:02 -------- d-------- C:\Program Files\Google
2006-09-20 22:38 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Apple Computer
2006-09-20 20:31 -------- d-------- C:\Program Files\Zoom Player
2006-09-20 18:04 -------- d-------- C:\Program Files\Mame32
2006-09-19 18:34 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-18 22:53 -------- d-------- C:\Program Files\vso
2006-09-17 21:16 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 20:21 -------- d-------- C:\Program Files\ClicPic
2006-09-16 16:09 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-15 21:43 -------- d-------- C:\Program Files\Yahoo!
2006-09-14 22:39 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Google
2006-09-14 17:34 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-14 00:17 81920 --a------ C:\Documents and Settings\scott caines\Application Data\ezpinst.exe
2006-09-14 00:17 7176 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.cat
2006-09-14 00:17 47360 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.sys
2006-09-14 00:17 33 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.log
2006-09-14 00:17 1144 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.inf
2006-09-14 00:17 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Vso
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-12 17:54 -------- d-------- C:\Documents and Settings\scott caines\Application Data\AOL
2006-09-05 22:25 -------- d-------- C:\Program Files\Belarc
2006-08-31 21:55 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 16:43 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Avant Browser
2006-08-30 23:39 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-08-29 21:37 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-27 11:50 -------- d-------- C:\Program Files\Real
2006-08-27 11:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-27 11:49 -------- d-------- C:\Program Files\Common Files\Real
2006-08-27 11:27 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Real
2006-08-26 22:30 -------- d-------- C:\Program Files\WinAVI VideoConverter
2006-08-26 22:12 -------- d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2006-08-26 14:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd4365.sys
2006-08-26 14:46 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:17 -------- d-------- C:\Program Files\Washer
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 01:58 -------- d-------- C:\Program Files\Opera
2006-08-09 03:57 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-09 03:57 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 21:41 -------- d---s---- C:\Program Files\Xfire
2006-07-28 21:41 -------- d-------- C:\Program Files\QuickTime
2006-07-28 21:41 -------- d-------- C:\Program Files\NetMeeting
2006-07-28 21:41 -------- d-------- C:\Program Files\KnightOnline
2006-07-28 21:41 -------- d-------- C:\Program Files\AOL
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:33 613888 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 12:08 286720 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"EPSON Stylus C40 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /A \"C:\\WINDOWS\\System32\\E_S102.tmp\""
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /M \"Stylus D68\" /EF \"HKCU\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"DSLAGENTEXE"="dslagent.exe USB"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"nwiz"="nwiz.exe /install"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KAZAA"="C:\\Program Files\\KaZaA\\kazaa.exe /SYSTRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB002\" /M \"Stylus C42\""
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\9.bin\\mwsoemon.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMOAgent.exe\" /run"
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\PCClient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\pccguide.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Admanager Controller"="C:\\Program Files\\Admanager Controller\\AdManCtl.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Voyager100Test\\fts.exe\""
"DriverMagicLogon"="\"C:\\Program Files\\SymplisIT\\DriverMagic\\dmschedule.exe\" /boot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144493714\\ee\\AOLSoftware.exe"
"PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"
"Videora"="C:\\Program Files\\Videora\\Videora.exe -t"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /O6 \"USB002\" /M \"Stylus D68\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"EPSON Stylus D68 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P32 \"EPSON Stylus D68 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus D68\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"CTFMon"="C:\\WINDOWS\\system32\\CTF\\ctfmon.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"SubscribedURL"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9e,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,b5,05,0f

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 26/09/2006 16:02:21.73
ComboFix.txt
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-26-2006, 03:29 PM   #14 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


Kaspersky online scanner result is below

http://members.aol.com/scaines/Kaspersky_Scanner.txt
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-26-2006, 07:52 PM   #15 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


Did you run the regdel.reg before or after combofix? If you ran it after, please run combofix again and post that new log. Thanks
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-27-2006, 01:23 AM   #16 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


scott caines - 06-09-27 8:20:13.64 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\scott caines\Desktop\Daniels"

((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))


2006-09-26 15:27 20,480 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-09-09 17:04 34,308 --a------ C:\WINDOWS\system32\Chip.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-27 08:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-27 04:19 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-27 00:03 -------- d-------- C:\Program Files\Video Joiner
2006-09-26 23:34 -------- d-------- C:\Program Files\avijoin
2006-09-26 23:17 -------- d-------- C:\Program Files\bobyte
2006-09-26 22:47 -------- d-------- C:\Documents and Settings\scott caines\Application Data\SlySoft
2006-09-26 22:34 -------- d-------- C:\Program Files\Trillian
2006-09-26 22:32 -------- d-------- C:\Program Files\Washer
2006-09-26 21:34 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Adobe
2006-09-26 17:49 -------- d-------- C:\Program Files\ClicPic
2006-09-26 16:52 -------- d-------- C:\Program Files\Google
2006-09-26 16:51 -------- d-------- C:\Program Files\AOL Toolbar
2006-09-26 16:51 -------- d-------- C:\Program Files\AOL
2006-09-26 15:52 -------- d-------- C:\Program Files\Windows Defender
2006-09-26 15:31 -------- d---s---- C:\Documents and Settings\scott caines\Application Data\Microsoft
2006-09-26 15:30 44288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-09-26 15:22 -------- d-------- C:\Program Files\WordSearch
2006-09-26 15:22 -------- d-------- C:\Program Files\Windows Media Player
2006-09-26 15:22 -------- d-------- C:\Program Files\Voyager100Test
2006-09-26 15:22 -------- d-------- C:\Program Files\ToolbarCounter
2006-09-26 15:22 -------- d-------- C:\Program Files\quicksnooker
2006-09-26 15:22 -------- d-------- C:\Program Files\Netscape Online
2006-09-26 15:22 -------- d-------- C:\Program Files\Movie Maker
2006-09-26 15:22 -------- d-------- C:\Program Files\Microsoft Works
2006-09-26 15:22 -------- d-------- C:\Program Files\Messenger
2006-09-26 15:16 -------- d-------- C:\Documents and Settings\scott caines\Application Data\wsInspector
2006-09-26 00:01 -------- d-------- C:\Program Files\Trend Micro
2006-09-25 23:23 125 ---hs---- C:\Documents and Settings\scott caines\Application Data\.zreglib
2006-09-25 16:59 -------- d-------- C:\Program Files\AOL 9.0b
2006-09-25 16:59 -------- d-------- C:\Program Files\AOL 9.0a
2006-09-25 16:58 -------- d-------- C:\Program Files\AOL 9.0
2006-09-25 00:36 -------- d-------- C:\Program Files\Auction Sentry
2006-09-24 22:20 -------- d-------- C:\Program Files\MSN Messenger
2006-09-24 19:06 -------- d-------- C:\Documents and Settings\scott caines\Application Data\teamspeak2
2006-09-24 17:15 -------- d-------- C:\Program Files\WinZip
2006-09-24 17:15 -------- d-------- C:\Program Files\WinRAR
2006-09-24 17:10 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 16:57 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 16:50 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 14:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 14:34 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-22 09:16 -------- d-------- C:\Program Files\Common Files
2006-09-22 00:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 23:01 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 15:01 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-09-20 22:38 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Apple Computer
2006-09-20 20:31 -------- d-------- C:\Program Files\Zoom Player
2006-09-20 18:04 -------- d-------- C:\Program Files\Mame32
2006-09-19 18:34 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-18 22:53 -------- d-------- C:\Program Files\vso
2006-09-17 21:16 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-09-16 16:09 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-15 21:43 -------- d-------- C:\Program Files\Yahoo!
2006-09-14 22:39 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Google
2006-09-14 17:34 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-14 00:17 81920 --a------ C:\Documents and Settings\scott caines\Application Data\ezpinst.exe
2006-09-14 00:17 7176 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.cat
2006-09-14 00:17 47360 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.sys
2006-09-14 00:17 33 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.log
2006-09-14 00:17 1144 --a------ C:\Documents and Settings\scott caines\Application Data\pcouffin.inf
2006-09-14 00:17 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Vso
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-12 18:05 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-12 17:54 -------- d-------- C:\Documents and Settings\scott caines\Application Data\AOL
2006-09-05 22:25 -------- d-------- C:\Program Files\Belarc
2006-08-31 21:55 -------- d-------- C:\Program Files\CleanUp!
2006-08-31 16:43 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Avant Browser
2006-08-30 23:39 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-08-29 21:37 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-27 11:50 -------- d-------- C:\Program Files\Real
2006-08-27 11:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-27 11:49 -------- d-------- C:\Program Files\Common Files\Real
2006-08-27 11:27 -------- d-------- C:\Documents and Settings\scott caines\Application Data\Real
2006-08-26 22:30 -------- d-------- C:\Program Files\WinAVI VideoConverter
2006-08-26 22:12 -------- d-------- C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2006-08-26 14:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd4365.sys
2006-08-26 14:46 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 01:58 -------- d-------- C:\Program Files\Opera
2006-08-09 03:57 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 21:41 -------- d---s---- C:\Program Files\Xfire
2006-07-28 21:41 -------- d-------- C:\Program Files\QuickTime
2006-07-28 21:41 -------- d-------- C:\Program Files\NetMeeting
2006-07-28 21:41 -------- d-------- C:\Program Files\KnightOnline
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:33 613888 --a------ C:\WINDOWS\system32\urlmon(2).dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 12:08 286720 --------- C:\WINDOWS\Setup1.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"EPSON Stylus C40 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /A \"C:\\WINDOWS\\System32\\E_S102.tmp\""
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /M \"Stylus D68\" /EF \"HKCU\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SMSystemAnalyzer.exe\""
"AnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"DSLAGENTEXE"="dslagent.exe USB"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"nwiz"="nwiz.exe /install"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOL Spyware Protection"="C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KAZAA"="C:\\Program Files\\KaZaA\\kazaa.exe /SYSTRAY"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB002\" /M \"Stylus C42\""
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Internet Security\\TMOAgent.exe\" /run"
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\PCClient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\pccguide.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"%FP%Friendly fts.exe"="\"C:\\Program Files\\Voyager100Test\\fts.exe\""
"DriverMagicLogon"="\"C:\\Program Files\\SymplisIT\\DriverMagic\\dmschedule.exe\" /boot"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1144493714\\ee\\AOLSoftware.exe"
"PSPVideo9"="C:\\Program Files\\pspvideo9\\pspVideo9.exe -t"
"Videora"="C:\\Program Files\\Videora\\Videora.exe -t"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"EPSON Stylus D68 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P23 \"EPSON Stylus D68 Series\" /O6 \"USB002\" /M \"Stylus D68\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"EPSON Stylus D68 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAE.EXE /P32 \"EPSON Stylus D68 Series (Copy 1)\" /O5 \"LPT1:\" /M \"Stylus D68\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"CTFMon"="C:\\WINDOWS\\system32\\CTF\\ctfmon.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"Register C:\\Program Files\\Common Files\\AOL\\AOL Toolbar\\AOLHelper.dll"="\"C:\\WINDOWS\\system32\\rundll32.exe\" \"C:\\Program Files\\Common Files\\AOL\\AOL Toolbar\\AOLHelper.dll\",DllRegisterServer"
"AOLRebootNeeded"="regsvr32.exe /S"
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce\not active]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"scott caines\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"SubscribedURL"="http://www.rockfm.co.uk/common/images/i_toplcnr_listenfull.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,14,02,00,00,27,00,00,00,78,00,00,00,2e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9e,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,b5,05,0f

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,4b,00,00,00,00,00,00,00,b5,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,96,00,00,00,00,00,00,00,6a,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 27/09/2006 8:22:40.40
ComboFix.txt
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-27-2006, 01:40 PM   #17 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


How is your system behaving now? Any more popups? Let's try to remove Kazaa once more. Please let me know if you have any errors and what those errors are. Also, please check to see if you have the folder C:\Program Files\Kazaa and let me know

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Tools

Kazaa Begone

Run KazaaBegone.exe
Select "Search and destroy all installed components"then click "Go.
====================================================================================================

Rebooting in Safe Mode

Next, reboot your computer in SafeMode :
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.
====================================================================================================

Deleting Files and Folders

Delete the following Folders indicated in BLUE if they still exist.

C:\Program Files\Kazaa
====================================================================================================

Rebooting in Normal Mode


Reboot your system in Normal Mode.
====================================================================================================

Summary: Please make sure you have completed all of the steps above and include the following in your next post

- If Kazaa uninstalled, if not what errors you received
- If the folder C:\Program Files\Kazaa existed
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-27-2006, 03:27 PM   #18 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win xp sp2


Hi, PC is running perfect now thanks to the time and help from yourself. I have run kazaabegone and nothing was found. I no longer have the kazaa folder. I do need a recommendation for software which would have stopped this happening in the first place whether it be free or paid for. I appreciate all your help you have given me
rotisman38 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-27-2006, 03:31 PM   #19 (permalink)
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


I am glad that everything is running good now. Below I will make some recommendations for some software that can help you from getting infected in the future. All of the programs listed below are free and will work just as good as any of the ones you have to pay for in my opinion. Have a good one rotisman

Now please follow the next steps to prevent further infections:


Rehide System and hidden files
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Setting a clean restore point

To turn off System Restoreclick Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

To turn System Restore back on Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.


Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Spyware Prevention

This is a good time to set up protection against further attacks. Read How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard, to prevent spyware intrusions. IE-Spyad is another excellent program that places over 4000 websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. All of the above have good free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

More information and downloads are available at the following links:

Spyware Blaster
Spyware Guard
IE-Spyad

Let me know if you have any other problems. If not you should be good to go.
Eclipse2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:06 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85