Couple Microsoft Errors(MOVED FROM WINDOWS)

[joshthemaster06]

OK! I need help with these two errors. When you reply please indentify the choice of error.

Error #1: Error loading w02c8d0.dll
The specified module could not be found.

Error #2: The procedure entry point GetProcessImageFileNameW could not be located in the dynamic link libary PSAPI.DLL

If needed, ill take the time to do a HiJack log

Thanks,
Josh

[DumbTerminal]

Quote:

Originally Posted by joshthemaster06

If needed, ill take the time to do a HiJack log

Thanks,
Josh

I would strongly suggest that, as those types of errors are generally related to malware that is trying to run at startup.

[joshthemaster06]

OK please wait while i gather everything

[joshthemaster06]

Logfile of HijackThis v1.99.1
Scan saved at 9:14:13 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Slide\Slide.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBCPSWX.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [soyde34e] "RUNDLL32.EXE" w0d2c8d0.dll,n 002de34c000000030d2c8d0
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Slide.exe.lnk = C:\Program Files\Slide\Slide.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet...ller_2-0-0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161218848359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155281428203
O17 - HKLM\System\CCS\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: App Paths - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[DumbTerminal]

Unfortunately you've posted this in the wrong forum. I'll flag someone down to move it for you. I'm not qualified to read logs, but your problem is evidenced there and someone will move this for you and get you taken care of.

[joshthemaster06]

srry im new at these fourms

[joshthemaster06]

Bump!

[joshthemaster06]

Bump!

[Ried]

Hello joshthemaster06 and welcome,

Patience, please.

Please refer to the Posting Rules found here Please, Read This Before Posting A Hijackthis Log.

Quote:

Posting Rules

2. Please be considerate of the fact that the people helping you are not being paid for this, and in fact usually have a job, and have a limited amount of time to help, and can only do so much. If no one has replied to your thread within 48hrs after you posted it, please reply in your thread with the word BUMP. to move it forward.

DO NOT Bump the thread unless 48 hours has passed. We work from oldest to newest posts... so your wait will be longer if you bump it forward before the 48 hours is up.

As you can see, we are quite busy in this forum. One of the Analysts will get to your log as soon as possible.

[joshthemaster06]

srry someone told me 24 hours thats why i bumped it

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Before you do anything else, create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

---------------------------------------------------------------------------------------------

1. Download combofix.exe to your desktop.
2. Double click on combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):


O4 - HKLM\..\Run: [soyde34e] "RUNDLL32.EXE" w0d2c8d0.dll,n 002de34c000000030d2c8d0
O20 - Winlogon Notify: App Paths - C:\WINDOWS\


Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------------------------------------

Delete the following if they exist:

w0d2c8d0.dll<<<Find via Start>Search>All Files and Folders

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with logs from:

C:\ComboFix.txt
HJT

[joshthemaster06]

@="C:\\WINDOWS\\system32\\cQtsrvut.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting SeDebugPrivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\REGEDIT.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\DOCUME~1\LOCALS~1\Application Data\NetMon
C:\Program Files\Common Files\{20A73~1
C:\Program Files\outlook
C:\Program Files\winupdates


((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))


2007-01-17 17:59 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-01-17 17:57 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-17 16:17 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\Motive
2007-01-16 20:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-16 20:27 <DIR> d-------- C:\Program Files\MTV Networks
2007-01-15 16:34 <DIR> d----c--- C:\DOCUME~1\Guest\Application Data\Webroot
2007-01-15 16:18 <DIR> d----c--- C:\DOCUME~1\Parents\Application Data\MusicNet
2007-01-15 14:55 <DIR> d----c--- C:\DOCUME~1\Owner\undefined
2007-01-14 21:52 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
2007-01-14 21:07 <DIR> d----c--- C:\DOCUME~1\Parents\Application Data\Webroot
2007-01-14 15:50 <DIR> d-------- C:\WINDOWS\system32\slideApp
2007-01-11 23:45 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-01-11 23:03 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-01-11 23:03 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo!
2007-01-11 23:01 <DIR> d-------- C:\Program Files\Slide
2007-01-11 20:15 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 18:34 <DIR> d-------- C:\Program Files\Skype
2007-01-11 18:30 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-01-11 18:27 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-01-11 16:58 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-01-10 22:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-10 22:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-10 22:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-10 21:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-01-10 21:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-10 21:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-10 21:39 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-10 21:39 114,856 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-10 21:39 <DIR> d-------- C:\Program Files\illiminable
2007-01-10 21:39 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-01-10 21:38 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo
2007-01-10 21:32 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-10 21:26 <DIR> d-------- C:\Program Files\Yahoo!
2007-01-10 15:50 <DIR> d-------- C:\WINDOWS\Motive
2007-01-10 15:49 <DIR> d-------- C:\Program Files\ALLTEL DSL Check-up Center
2007-01-10 15:48 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\MotiveSysIDs
2007-01-10 15:47 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2007-01-10 15:47 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2007-01-08 16:34 <DIR> d-------- C:\WINDOWS\Performance
2007-01-02 12:27 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-12-29 16:30 589,824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll
2006-12-29 16:30 28,005 -ra------ C:\WINDOWS\system32\drivers\enethusb.sys
2006-12-29 16:30 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Motive
2006-12-29 16:30 <DIR> d-------- C:\Program Files\Common Files\Motive
2006-12-29 16:27 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-12-29 16:27 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-12-29 16:27 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-12-29 16:27 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-12-29 16:27 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-12-29 16:27 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-12-29 16:27 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-12-29 16:27 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-12-29 16:27 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-12-29 16:27 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-12-29 16:27 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-12-29 16:27 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-12-29 16:27 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-12-29 16:27 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-12-29 16:27 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-12-29 16:27 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-12-24 03:56 <DIR> d----c--- C:\Programs Files
2006-12-24 03:56 <DIR> d----c--- C:\MasterBot
2006-12-19 17:50 <DIR> d----c--- C:\Nap
2006-12-18 16:23 <DIR> d-------- C:\Program Files\QBot


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-17 17:23 -------- d-------- C:\Program Files\mirc
2007-01-17 16:26 -------- d-------- C:\Program Files\msn messenger
2007-01-17 16:17 -------- d----c--- C:\Documents and Settings\Owner\Application Data\motive
2007-01-11 17:17 -------- d----c--- C:\Documents and Settings\Owner\Application Data\free download manager
2007-01-04 21:45 -------- d-------- C:\Program Files\free download manager
2007-01-02 18:01 -------- d----c--- C:\Documents and Settings\Owner\Application Data\corel
2007-01-01 18:58 -------- d-------- C:\Program Files\Common Files\real
2007-01-01 18:57 -------- d---sc--- C:\Documents and Settings\Owner\Application Data\microsoft
2007-01-01 18:57 -------- d-------- C:\Program Files\opera
2006-12-12 17:26 2661663 --a------ C:\WINDOWS\system32\slidess.scr
2006-12-05 00:09 -------- d-------- C:\Program Files\microsoft plus!
2006-12-04 17:41 -------- d----c--- C:\Documents and Settings\Owner\Application Data\opera
2006-12-01 04:17 -------- d-------- C:\Program Files\messenger
2006-11-28 21:01 -------- d----c--- C:\Documents and Settings\Owner\Application Data\the labyrinth plus! edition
2006-11-20 02:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-17 16:05 15872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-11-17 16:05 15360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-11-17 16:05 14848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-11-17 16:05 122368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"soyde34e"="\"RUNDLL32.EXE\" w0d2c8d0.dll,n 002de34c000000030d2c8d0"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="\"C:\\Program Files\\Logitech\\Video\\ISStart.exe\" "
"LogitechVideoTray"="\"C:\\Program Files\\Logitech\\Video\\LogiTray.exe\""
"zBrowser Launcher"="\"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"Motive SmartBridge"="C:\\PROGRA~1\\ALLTEL~1\\SMARTB~1\\MotiveSB.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Common Files\teny.html

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ C:\Program Files\ComPlus Applications\ryloja.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\mIRC.job
C:\WINDOWS\tasks\wrSpySweeper_44D2FA5B7E6D40C9BC2D5A56B981F597.job

Completion time: 07-01-17 23:18:04

[joshthemaster06]

Logfile of HijackThis v1.99.1
Scan saved at 11:25:39 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Slide\Slide.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Slide.exe.lnk = C:\Program Files\Slide\Slide.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://care.alltel.com
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet...ller_2-0-0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161218848359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155281428203
O17 - HKLM\System\CCS\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[joshthemaster06]

YAY now both error messages are gone. Is there anything else i need to fix or remove?

[tetonbob]

Hi joshthemaster06 -

Glad to hear the error messages have stopped.

I will likely request that you run another couple of tools to complete the cleaning.

It seems that not all of the ComboFix log got copied here. Can you please reopen it, and copy/paste all of it here?

It's located at C:\ComboFix.txt

When you open that file, press Ctrl+A to select all, Ctrl+C to copy all, then Ctrl+V to paste all into this thread.

I'll then have a bit more work for you to do, as Combo found quite a few nasties on this machine.

[joshthemaster06]

"Owner" - 07-01-18 15:41:47 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18 ))))))))))))))))))))))))))))))))))


2007-01-17 17:59 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-01-17 16:17 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\Motive
2007-01-16 20:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-16 20:27 <DIR> d-------- C:\Program Files\MTV Networks
2007-01-15 16:34 <DIR> d----c--- C:\DOCUME~1\Guest\Application Data\Webroot
2007-01-15 16:18 <DIR> d----c--- C:\DOCUME~1\Parents\Application Data\MusicNet
2007-01-15 14:55 <DIR> d----c--- C:\DOCUME~1\Owner\undefined
2007-01-14 21:52 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
2007-01-14 21:07 <DIR> d----c--- C:\DOCUME~1\Parents\Application Data\Webroot
2007-01-14 15:50 <DIR> d-------- C:\WINDOWS\system32\slideApp
2007-01-11 23:45 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-01-11 23:03 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-01-11 23:03 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo!
2007-01-11 23:01 <DIR> d-------- C:\Program Files\Slide
2007-01-11 20:15 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 18:34 <DIR> d-------- C:\Program Files\Skype
2007-01-11 18:30 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-01-11 18:27 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-01-11 16:58 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-01-10 22:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-10 22:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-10 22:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-10 21:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-01-10 21:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-10 21:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-10 21:39 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-10 21:39 114,856 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-10 21:39 <DIR> d-------- C:\Program Files\illiminable
2007-01-10 21:39 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-01-10 21:38 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo
2007-01-10 21:32 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-10 21:26 <DIR> d-------- C:\Program Files\Yahoo!
2007-01-10 15:50 <DIR> d-------- C:\WINDOWS\Motive
2007-01-10 15:49 <DIR> d-------- C:\Program Files\ALLTEL DSL Check-up Center
2007-01-10 15:48 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\MotiveSysIDs
2007-01-10 15:47 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2007-01-10 15:47 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2007-01-08 16:34 <DIR> d-------- C:\WINDOWS\Performance
2007-01-02 12:27 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-12-29 16:30 589,824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll
2006-12-29 16:30 28,005 -ra------ C:\WINDOWS\system32\drivers\enethusb.sys
2006-12-29 16:30 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Motive
2006-12-29 16:30 <DIR> d-------- C:\Program Files\Common Files\Motive
2006-12-29 16:27 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-12-29 16:27 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-12-29 16:27 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-12-29 16:27 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-12-29 16:27 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-12-29 16:27 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-12-29 16:27 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-12-29 16:27 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-12-29 16:27 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-12-29 16:27 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-12-29 16:27 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-12-29 16:27 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-12-29 16:27 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-12-29 16:27 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-12-29 16:27 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-12-29 16:27 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-12-24 03:56 <DIR> d----c--- C:\Programs Files
2006-12-24 03:56 <DIR> d----c--- C:\MasterBot
2006-12-19 17:50 <DIR> d----c--- C:\Nap
2006-12-18 16:23 <DIR> d-------- C:\Program Files\QBot


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-18 15:36 -------- d-------- C:\Program Files\mirc
2007-01-17 16:26 -------- d-------- C:\Program Files\msn messenger
2007-01-11 17:17 -------- d----c--- C:\DOCUME~1\Owner\Application Data\free download manager
2007-01-04 21:45 -------- d-------- C:\Program Files\free download manager
2007-01-02 18:01 -------- d----c--- C:\DOCUME~1\Owner\Application Data\corel
2007-01-01 18:58 -------- d-------- C:\Program Files\Common Files\real
2007-01-01 18:57 -------- d---sc--- C:\DOCUME~1\Owner\Application Data\microsoft
2007-01-01 18:57 -------- d-------- C:\Program Files\opera
2006-12-12 17:26 2661663 --a------ C:\WINDOWS\system32\slidess.scr
2006-12-05 00:09 -------- d-------- C:\Program Files\microsoft plus!
2006-12-04 17:41 -------- d----c--- C:\DOCUME~1\Owner\Application Data\opera
2006-12-01 04:17 -------- d-------- C:\Program Files\messenger
2006-11-28 21:01 -------- d----c--- C:\DOCUME~1\Owner\Application Data\the labyrinth plus! edition
2006-11-20 02:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="\"C:\\Program Files\\Logitech\\Video\\ISStart.exe\" "
"LogitechVideoTray"="\"C:\\Program Files\\Logitech\\Video\\LogiTray.exe\""
"zBrowser Launcher"="\"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"Motive SmartBridge"="C:\\PROGRA~1\\ALLTEL~1\\SMARTB~1\\MotiveSB.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Common Files\teny.html

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ C:\Program Files\ComPlus Applications\ryloja.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\mIRC.job
C:\WINDOWS\tasks\wrSpySweeper_44D2FA5B7E6D40C9BC2D5A56B981F597.job

Completion time: 07-01-18 15:44:44
C:\ComboFix2.txt ... 07-01-17 23:18





There thats all of it. How are these "nasties" getting on my computer?

[tetonbob]

It seems as though, rather than posting the log I asked for, you ran ComboFix again, and posted that log.

Completion time: 07-01-18 15:44:44
C:\ComboFix2.txt ... 07-01-17 23:18

I'd really like a look at C:\ComboFix2.txt now, please.

[joshthemaster06]

"Owner" - 07-01-17 23:13:16 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{aa62b7a0-f3f6-4db4-bdf0-4342897b0056}]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa62b7a0-f3f6-4db4-bdf0-4342897b0056}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa62b7a0-f3f6-4db4-bdf0-4342897b0056}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa62b7a0-f3f6-4db4-bdf0-4342897b0056}\InprocServer32]
@="C:\\WINDOWS\\system32\\cQtsrvut.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting SeDebugPrivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\REGEDIT.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\DOCUME~1\LOCALS~1\Application Data\NetMon
C:\Program Files\Common Files\{20A73~1
C:\Program Files\outlook
C:\Program Files\winupdates


((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))


2007-01-17 17:59 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-01-17 17:57 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-17 16:17 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\Motive
2007-01-16 20:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-16 20:27 <DIR> d-------- C:\Program Files\MTV Networks
2007-01-15 16:34 <DIR> d----c--- C:\DOCUME~1\Guest\Application Data\Webroot
2007-01-15 16:18 <DIR> d----c--- C:\DOCUME~1\Parents\Application Data\MusicNet
2007-01-15 14:55 <DIR> d----c--- C:\DOCUME~1\Owner\undefined
2007-01-14 21:52 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
2007-01-14 21:07 <DIR> d----c--- C:\DOCUME~1\Parents\Application Data\Webroot
2007-01-14 15:50 <DIR> d-------- C:\WINDOWS\system32\slideApp
2007-01-11 23:45 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-01-11 23:03 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-01-11 23:03 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo!
2007-01-11 23:01 <DIR> d-------- C:\Program Files\Slide
2007-01-11 20:15 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 18:34 <DIR> d-------- C:\Program Files\Skype
2007-01-11 18:30 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-01-11 18:27 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-01-11 16:58 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-01-10 22:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-10 22:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-10 22:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-10 21:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-01-10 21:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-10 21:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-10 21:39 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-10 21:39 114,856 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-10 21:39 <DIR> d-------- C:\Program Files\illiminable
2007-01-10 21:39 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-01-10 21:38 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo
2007-01-10 21:32 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-10 21:26 <DIR> d-------- C:\Program Files\Yahoo!
2007-01-10 15:50 <DIR> d-------- C:\WINDOWS\Motive
2007-01-10 15:49 <DIR> d-------- C:\Program Files\ALLTEL DSL Check-up Center
2007-01-10 15:48 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\MotiveSysIDs
2007-01-10 15:47 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2007-01-10 15:47 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2007-01-08 16:34 <DIR> d-------- C:\WINDOWS\Performance
2007-01-02 12:27 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-12-29 16:30 589,824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll
2006-12-29 16:30 28,005 -ra------ C:\WINDOWS\system32\drivers\enethusb.sys
2006-12-29 16:30 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Motive
2006-12-29 16:30 <DIR> d-------- C:\Program Files\Common Files\Motive
2006-12-29 16:27 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2006-12-29 16:27 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-12-29 16:27 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-12-29 16:27 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-12-29 16:27 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-12-29 16:27 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-12-29 16:27 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-12-29 16:27 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-12-29 16:27 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-12-29 16:27 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-12-29 16:27 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-12-29 16:27 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-12-29 16:27 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2006-12-29 16:27 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-12-29 16:27 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-12-29 16:27 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-12-24 03:56 <DIR> d----c--- C:\Programs Files
2006-12-24 03:56 <DIR> d----c--- C:\MasterBot
2006-12-19 17:50 <DIR> d----c--- C:\Nap
2006-12-18 16:23 <DIR> d-------- C:\Program Files\QBot


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-17 17:23 -------- d-------- C:\Program Files\mirc
2007-01-17 16:26 -------- d-------- C:\Program Files\msn messenger
2007-01-17 16:17 -------- d----c--- C:\Documents and Settings\Owner\Application Data\motive
2007-01-11 17:17 -------- d----c--- C:\Documents and Settings\Owner\Application Data\free download manager
2007-01-04 21:45 -------- d-------- C:\Program Files\free download manager
2007-01-02 18:01 -------- d----c--- C:\Documents and Settings\Owner\Application Data\corel
2007-01-01 18:58 -------- d-------- C:\Program Files\Common Files\real
2007-01-01 18:57 -------- d---sc--- C:\Documents and Settings\Owner\Application Data\microsoft
2007-01-01 18:57 -------- d-------- C:\Program Files\opera
2006-12-12 17:26 2661663 --a------ C:\WINDOWS\system32\slidess.scr
2006-12-05 00:09 -------- d-------- C:\Program Files\microsoft plus!
2006-12-04 17:41 -------- d----c--- C:\Documents and Settings\Owner\Application Data\opera
2006-12-01 04:17 -------- d-------- C:\Program Files\messenger
2006-11-28 21:01 -------- d----c--- C:\Documents and Settings\Owner\Application Data\the labyrinth plus! edition
2006-11-20 02:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-17 16:05 15872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-11-17 16:05 15360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-11-17 16:05 14848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-11-17 16:05 122368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"soyde34e"="\"RUNDLL32.EXE\" w0d2c8d0.dll,n 002de34c000000030d2c8d0"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="\"C:\\Program Files\\Logitech\\Video\\ISStart.exe\" "
"LogitechVideoTray"="\"C:\\Program Files\\Logitech\\Video\\LogiTray.exe\""
"zBrowser Launcher"="\"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"Motive SmartBridge"="C:\\PROGRA~1\\ALLTEL~1\\SMARTB~1\\MotiveSB.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Common Files\teny.html

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ C:\Program Files\ComPlus Applications\ryloja.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\mIRC.job
C:\WINDOWS\tasks\wrSpySweeper_44D2FA5B7E6D40C9BC2D5A56B981F597.job

Completion time: 07-01-17 23:18:04

thats whats under Combofix2.txt i still have the other one that i must have looked over it if u want i can post it

[tetonbob]

That's the one I want to see.

[tetonbob]

Stop posting logs now.

I will return with a fix later.