My computer has a mind of its' own

[crazycavgirl]

I'm sorry that I haven't responded earlier. For some reason, I have not been getting reply notifications (and they're not in my spam folder, either). I WAS getting them, then it just stopped, so I assumed that you were still waiting to hear back about the combofix problem. I got a few spare minutes today and decided to look at the site and saw that there were updates. I will re-subscribe to the thread now.

I cleaned my temp files and cleaned out and reset System Restore.

I can't find a file called C:\subs to delete nor could I find c:\ComboLog

I'm working on the combofix after I post this. I assume that since my only user account is the one that I'm using, I will have to boot to safe mode as administrator. After I do this, I will post what happened back here.

Thanks,
Crystal

[crazycavgirl]

ComboFix log:

Administrator - 06-12-03 12:59:19.92 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-12-03 11:07 <DIR> d-------- C:\Start Menu
2006-12-03 11:07 <DIR> d-------- C:\Program Files\MTV Networks
2006-11-30 16:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2006-11-30 09:19 <DIR> d-------- C:\Program Files\WinZip
2006-11-30 09:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2006-11-30 08:23 <DIR> d-------- C:\Program Files\HijackThis
2006-11-29 18:36 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-29 18:36 <DIR> d-------- C:\Program Files\Grisoft
2006-11-29 18:35 <DIR> d-------- C:\Program Files\CleanUp!
2006-11-29 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-11-27 16:06 <DIR> d-------- C:\Program Files\CCleaner
2006-11-27 14:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2006-11-23 21:15 41,984 --------- C:\WINDOWS\Ctregrun.exe
2006-11-23 21:14 65,696 --------- C:\WINDOWS\SYSTEM32\DRIVERS\StMp3Rec.sys
2006-11-23 21:13 <DIR> d-------- C:\Program Files\Creative
2006-11-22 20:57 <DIR> d-------- C:\Program Files\MySpace
2006-11-15 18:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 18:13 <DIR> d-------- C:\df4c6e8e99dd4ecc7c8e4469cefbef29
2006-11-09 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avanquest Software
2006-11-07 13:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-11-07 13:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2006-11-07 13:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-03 12:55 -------- d-------- C:\Program Files\Trillian
2006-12-03 11:16 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-30 23:05 -------- d-------- C:\Program Files\ICQLite
2006-11-29 20:54 -------- d-------- C:\Program Files\Windows Media Player
2006-11-29 20:54 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-29 20:44 -------- d-------- C:\Program Files\Internet Explorer
2006-11-29 20:39 -------- d-------- C:\Program Files\AlienGUIse
2006-11-28 17:22 -------- d-------- C:\Program Files\PC Health Plan
2006-11-27 13:59 -------- d-------- C:\Program Files\Sonic
2006-11-27 13:52 -------- d-------- C:\Program Files\Common Files\Intuit
2006-11-27 13:52 -------- d-------- C:\Program Files\Common Files
2006-11-27 13:49 -------- d-------- C:\Program Files\Flock
2006-11-27 13:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-22 21:03 -------- d-------- C:\Program Files\Java
2006-10-27 15:09 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-18 22:58 8704 --a------ C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\SYSTEM32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\SYSTEM32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 22:47 535040 --a------ C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVE.DLL
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP43DMOD.dll
2006-10-18 22:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --a------ C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\SYSTEM32\WMASF.dll
2006-10-18 22:47 212992 --a------ C:\WINDOWS\SYSTEM32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 22:47 204288 --a------ C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --a------ C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\SYSTEM32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\SYSTEM32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 21:00 38528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys
2006-10-18 21:00 249856 --a------ C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-10-14 22:13 -------- d-------- C:\Program Files\LimeWire
2006-10-13 07:35 65536 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\SYSTEM32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nwrdr.sys
2006-10-09 16:15 1669632 --a------ C:\WINDOWS\SYSTEM32\msvidctl.dll
2006-10-09 16:12 456192 --a------ C:\WINDOWS\SYSTEM32\encdec.dll
2006-10-09 16:12 291840 --a------ C:\WINDOWS\SYSTEM32\sbe.dll
2006-10-09 16:12 235008 --------- C:\WINDOWS\SYSTEM32\psisdecd.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\SYSTEM32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\SYSTEM32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\SYSTEM32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\SYSTEM32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\SYSTEM32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\mcafee\\SPAMKI~1\\mskagent.exe"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ICQ Lite"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
MHN


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (JACOB-CRYSTAL-Jacob & Crystal).job

Completion time: 06-12-03 13:00:52.18

[crazycavgirl]

GMER log:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-03 13:21:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Real\RealPlayer\realplay.exe[268] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01B73E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[420] WS2_32.dll!connect 71AB406A 5 Bytes JMP 04DD3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[464] WS2_32.dll!connect 71AB406A 5 Bytes JMP 04413E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[464] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 01D31270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[464] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 01D31280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[492] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1268] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1268] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1268] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\AlienGUIse\wbload.exe[1596] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[1684] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[1684] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[1684] WS2_32.dll!connect 71AB406A 5 Bytes JMP 03943E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\EXPLORER.EXE[1784] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\WINDOWS\EXPLORER.EXE[1784] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\WINDOWS\EXPLORER.EXE[1784] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01AF3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1912] WS2_32.dll!connect 71AB406A 5 Bytes JMP 016C3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe[1920] WS2_32.dll!connect 71AB406A 5 Bytes JMP 010F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1928] WS2_32.dll!connect 71AB406A 5 Bytes JMP 02383E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1928] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1928] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\WINDOWS\SYSTEM32\igfxpers.exe[2000] WS2_32.dll!connect 71AB406A 5 Bytes JMP 011E3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\SYSTEM32\hkcmd.exe[2008] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01163E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2024] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\EHOME\ehtray.exe[2032] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Trillian\trillian.exe[2072] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01E93E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Trillian\trillian.exe[2072] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\Trillian\trillian.exe[2072] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2100] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2100] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2100] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01E63E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Documents and Settings\Jacob & Crystal\My Documents\Unzipped\gmer\gmer.exe[2476] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Documents and Settings\Jacob & Crystal\My Documents\Unzipped\gmer\gmer.exe[2476] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Documents and Settings\Jacob & Crystal\My Documents\Unzipped\gmer\gmer.exe[2476] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\EHOME\ehmsas.exe[3360] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4056] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4056] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4056] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE A89D6C8A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE A89D37C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ A89CF60A
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE A89CFAED
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION A89DA958
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION A89DD821
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA A89E638A
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA A89E5D49
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS A89DFBBE
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION A89E0331
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION A89EE4F4
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL A89D6B37
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL A89D2948
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL A89DC46B
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN A89ED79D
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL A89ECC4A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP A89D32FD
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP A89ED1DB
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible A89E81F9

---- EOF - GMER 1.0.12 ----

[fredmh]

Congratulations. Your logs are now clean. Please complete the next "housekeeping" steps and read through the
information below

----------------------------------------

Windows XP - Reset Hidden Files

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

----------------------------------------

RE-ENABLE ANTI-SPYWARE APPLICATIONS

If you were instructed to dis-able Anti-spyware applications during this fix, you may re-enable them

----------------------------------------

Please read through the following information to help protect your computer in the future.


KEEP YOUR OPERATING SYSTEM UPDATED

Please ensure that you have already patched your system against the recent WMF exploit. Go to this page to get the KB912919 patch

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser
up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft
and download all the critical updates to help prevent possible re-infection.


ENABLE WINDOWS AUTO UPDATE

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".


TOOLS TO HELP KEEP YOUR SYSTEM CLEAN

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.

• Install & update SpywareBlaster with the latest definitions.
• After you have updated, click the button - enable protection for all unprotected items

SpywareGuard to catch and block spyware before it can execute.


SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its
TeaTimer option.
This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with
the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here


AD-AWARE Download and install Ad-Aware. You should use this program to scan
your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product
can be found here


IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

• Download IE-SpyAD - Extract the contents to a new folder
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list.
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain

A tutorial for IE-SPYAD can be found here


MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file
with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to
those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

• Download Host.zip to your desktop.
• From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
  
• Click Next, click Next, select the option:
  "Show Extracted files"
• Click Finish

This will open the newly created hosts folder on your Desktop.

Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated
HOSTS file to the correct location on your machine.


MCAFEE SITE ADVISOR SITE ADVISOR is a free IE plug-in (also suport for Firefox browser)
which is used in conjunction with the Google search engine. It advises which web sites are considered safe and which sites could pose a problem.
It also shows what problems were encountered with each site, such as malicious downloads, spam, and related links.


ANTI-VIRUS AND FIREWALL PROGRAMS


ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial

Here are some very good free Antivirus products which are available:

• Avast!
  
• AVG
  

If you do not have a firewall, here are 4 free ones available for personal use:

Understanding and Using Firewalls

• ZoneAlarm
• Avast Antivirus/Firewall
• Tiny Personal Firewall
• OutPost Firewall

INFORMATIONAL READING


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

• PC SAFETY AND SECURITY
• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER
• INVASION OF THE COMPUTER SNATCHERS
• The Cookie Concept

Please respond one more time and let me know you received this post so it can be marked resolved



If you feel that we have helped you, please help us keep this site free for all. Please visit our DONATION PAGE.

[crazycavgirl]

Thank you very much for helping me! I will definitely stay on top of things better now and you've helped me figure out a lot of what I was doing wrong (and not doing at all!!)

I will definitely take your final advice and I will check out those websites that you listed at the end.

I can't say thanks enough!!
-Crystal