"has encountered an error and needs to close" error

beandox · 11-26-2007, 05:47 PM

I'm having problems trying to convert xvid files into mpeg4 (ipod) format. i've downloaded and tried to use 3 different programs and all of them seem to crash randomly sometime throughout the transering process.

Heres the files I've tried to use:

winavi mp4 converter
avs video tools converter
twins video to ipd

all of these are some top notch programs however I can't seem to get them to run properly. The programs either just shut down during the transfer or i get the dreaded "this program has encountered an error and needs to close" error message.

any suggestions would be very helpful...heres my hi jack this log...

Logfile of HijackThis v1.99.1
Scan saved at 7:44:47 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\?ymbols\l?gonui.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {B6FDFC46-1CDA-3678-DC5D-39E6708F0C99} - C:\WINDOWS\system32\jgqxbxfv.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Clock Tray Skins\ClockTraySkins.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vff] C:\WINDOWS\system32\?ymbols\l?gonui.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe"
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1184867848406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184867816656
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports.texasroadhouse.com/R...lientprint.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

beandox · 11-26-2007, 06:57 PM

this error message appears with many programs, not just the programs i mentioned.

**Pancake** · 11-28-2007, 08:21 PM

You have a bit of malware that may be affecting things....

Download SDFix and save it to your desktop. http://downloads.andymanchesta.com/R...ools/SDFix.zip

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.

=====================

This will help to identify any malware on your system.
Please download Combofix from HERE or HERE

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

beandox · 11-30-2007, 10:47 AM

sdfix log...

SDFix: Version 1.116

Run by Administrator on Fri 11/30/2007 at 12:27 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 12:35:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\(uTorrent)\\utorrent.exe"="C:\\Program Files\\(uTorrent)\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Files with Hidden Attributes:

Wed 18 Jul 2007 26,624 ...H. --- "C:\Documents and Settings\Administrator\My Documents\~WRL0001.tmp"
Sat 26 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 14 Jun 2007 1,594 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Mon 22 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT4E.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS03366114-E968-4E04-A64D-06699D2F822B.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS07CCF161-C28E-4032-8124-49E309ADB96F.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0A42179B-6FA4-49B6-8A47-586BC44EC73A.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS10664C37-82CC-4486-BCA3-36748408512C.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS11E1EC7C-EEAF-4529-9F46-E8EF5DBDED38.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS145DDE98-64AA-41AF-BC01-BE29B9DD45C9.tmp"
Thu 23 Aug 2007 2,162,688 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS14915E16-1E18-4EDE-9CB5-0B0216D648CD.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1690CC5B-03AD-4BA6-83CB-7A6F75A53719.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1BFFB673-1248-490D-A92A-2B639E060CED.tmp"
Thu 23 Aug 2007 1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C07C6BD-FD57-45C1-B13E-A3F5AFE17455.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D7FAD5E-5B90-4645-956F-CA468A96FBAF.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D3952F4-71E7-455E-A3EA-62E07CDBB6C0.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D3A2116-95D4-4165-B8C1-1F1A8EBA7F46.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1E2265F7-6187-45BC-8252-D51A1AF4E550.tmp"
Thu 23 Aug 2007 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS211479CD-A69F-4D73-AF25-B483957B9FD1.tmp"
Thu 23 Aug 2007 2,162,688 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2764AE69-38AA-4280-B74C-944E6258FDE4.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS273E06F8-A966-4B7F-A20F-7389EA58A74C.tmp"
Thu 23 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2AC7AD6A-AD65-41C7-B47C-44F75E2F8752.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2C2D8687-36A6-4D0B-80B7-47505AE9383E.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E7C82C4-F47E-403E-A5DD-78AF0BF2FCCC.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS330E93BA-9190-4309-AC94-961B9D222A5B.tmp"
Thu 23 Aug 2007 1,179,648 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS367E4873-7376-4060-BB58-F1BC1F072DFC.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3888AAE9-EBFC-4F4E-B62D-6AA8526A46A5.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS38A7FA8E-0211-4E22-A50B-A4873CD686E2.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3AC3C142-7EA2-4BFD-8650-1A84AB1D1592.tmp"
Thu 23 Aug 2007 1,638,400 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3CD15C92-FD5F-4A49-B77F-879C1D88ABEB.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D625F58-5171-4B1F-974E-767C54AAFF0B.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4106AD4E-D27B-4E85-ABAB-EEC7BA9A881D.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS411EEDCF-C8D3-45C2-809F-FEA62F94B02E.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42309621-5C5E-49A0-B1B8-88DCD027E8C0.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS45377580-B955-4830-A128-7C99FDE5D619.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46F23FD4-CF83-49ED-8318-9CAD62BB01D9.tmp"
Thu 23 Aug 2007 1,900,544 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS463E8BCB-DE57-4519-9CB2-C8E3F99D4184.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46FA8A39-AAC9-4B15-B977-97DB2059DC78.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS472B0FFB-2328-4905-888A-350F0BE5B6BE.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS48E4FBB5-BAA2-4DAF-A095-2C7C3CB78A13.tmp"
Thu 23 Aug 2007 3,014,656 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS51E5E9CE-9CE7-451A-96F7-B9725C433321.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5202502D-1A12-4F85-814C-2C8895FD430A.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54185171-E9FE-4C74-B805-630F010F4303.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5789F899-4BA5-4D28-8F3C-946B777A39A2.tmp"
Thu 23 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS57499EBD-217B-47E0-8002-D064B109D8CB.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS582CC1A5-F263-4463-92FD-4F13DDD906C9.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5A5A79D1-0DC6-4A88-B9B1-D9AB656168E2.tmp"
Thu 23 Aug 2007 1,376,256 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5C37817A-1A1B-4304-92FC-A750CECAE2E0.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5CABE0EB-A5F7-481A-BD1B-B65A22D5AA3C.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS602EE9D1-4655-4942-8C67-50F26F9A5E97.tmp"
Thu 23 Aug 2007 327,680 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS605D8E72-1D5E-48F8-8051-E246DEA810EE.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6877ED13-686D-4127-B802-EADEC97640E6.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6E6A730D-C4AD-4C5A-A05E-94B3281F9564.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6EA9CD4B-3DE0-49F5-B914-7FC20E424829.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS70E26A4D-D73C-473E-AD99-A697E9862DF4.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7176C274-275B-4949-A888-A34777E7FC9A.tmp"
Thu 23 Aug 2007 458,752 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7CDA8E5E-8B7B-497E-8414-E61A0FACF6BB.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8864CE38-41C0-4B43-9822-B9582E23F7F4.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8D5A2691-8314-4697-81E7-AC1546449E42.tmp"
Thu 23 Aug 2007 851,968 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8FCF9514-2AFD-4262-AB38-F600075D2F8D.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS907AD058-D375-4908-8BE3-1DF48F153CBC.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9217E66A-C807-48AF-8F08-689904FD96B2.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS93915F36-2D9D-417D-92A1-F4173E47E104.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9457E8DA-8A5C-4CFB-AE5E-50EFAD168883.tmp"
Thu 23 Aug 2007 720,896 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9C1303B1-2ADE-4153-B930-34CA35082517.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9DD0ED3C-71D1-4A2C-B1A5-0206D292FAEB.tmp"
Thu 23 Aug 2007 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9FA01BA9-776A-4AD9-9FEF-334C3131850D.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA217FF1F-7DD0-4299-BB22-75C9E1D6D2AE.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA2DFDEB4-A8CB-45DC-98EC-841A5F74DD76.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABEB0D42-080F-4EE5-B835-426377604DCA.tmp"
Thu 23 Aug 2007 1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAC724451-BCEC-417F-99D4-5E6737E0B779.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAC0A2B96-5FE6-4DED-B1AF-04F31A6A92CB.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBE960DCF-2D9A-4305-8000-5E9B9B520C6E.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFF7DC5D-01EB-4AD5-84A1-E022E226F87E.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC22BF82E-156E-4E0A-A088-F139E0E75317.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC48237A0-32E6-4FD1-973A-5EAFE586D52D.tmp"
Thu 23 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC8BC9248-038C-4C2B-AEBD-90D6F23A8AE5.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCE8E4CDD-6A53-4CAC-9FFD-B0ED23DB968E.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3BF6189-FEDC-4DD2-AD9F-B1E5986ADB09.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD39089B7-8C23-4B03-A7B6-5380E2AE0B74.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD4F50691-5949-4884-AA6D-9D50459256E6.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5C67A7C-939B-4935-8553-73F2B225046D.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDA14657D-5972-476C-9FE5-90777ED585E1.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC460760-6EC7-46BE-BE78-F463758F5C23.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDDA731A2-57F2-4603-ADF4-B1333FDFABEA.tmp"
Thu 23 Aug 2007 393,216 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDE5E4DB5-1035-4BC1-87BE-FAEB67DD5176.tmp"
Thu 23 Aug 2007 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE1FCF675-7C0D-406B-AF0D-9368BCBDEE54.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE4D17397-73D3-4024-ACEE-174C9478F713.tmp"
Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF1ADD9CC-C5DE-4090-9FC9-E9DCEE11E46D.tmp"
Thu 23 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF1064C60-42B8-4B78-B98A-4A6266510940.tmp"
Thu 23 Aug 2007 458,752 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFCB4BFB0-99C6-4877-B5E5-9F025AC3F9E6.tmp"
Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC05B48C-F98A-49C8-8F13-9E32FF02310F.tmp"
Thu 23 Aug 2007 5,898,240 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFD051DB7-48B5-4C53-868B-2B8A4CB31484.tmp"
Mon 23 Jul 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Mon 23 Jul 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"

Finished!

combo fix log...

ComboFix 07-11-19.4 - Administrator 2007-11-30 12:46:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-30 12:27 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-29 23:54 <DIR> d-------- C:\Program Files\iTunes
2007-11-29 23:54 <DIR> d-------- C:\Program Files\iPod
2007-11-29 16:51 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-29 16:49 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-28 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-28 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-28 01:33 <DIR> d-------- C:\Program Files\QuickTime
2007-11-28 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-28 01:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 00:16 <DIR> d-------- C:\ConverterOutput
2007-11-27 00:15 <DIR> d-------- C:\Program Files\Cucusoft
2007-11-27 00:15 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2007-11-27 00:15 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-27 00:15 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-11-27 00:12 4,286 --a------ C:\WINDOWS\system32\callwavefax.32x32.ico
2007-11-26 15:28 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2007-11-26 14:32 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-25 12:15 <DIR> d-------- C:\Program Files\Realtek AC97(2)
2007-11-24 02:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVSMedia
2007-11-23 02:12 <DIR> d-------- C:\Program Files\AVSMedia
2007-11-23 02:11 <DIR> d-------- C:\Music
2007-11-23 01:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
2007-11-23 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-23 01:33 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-11-23 01:32 <DIR> d-------- C:\Program Files\AVS4YOU
2007-11-23 01:32 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-11-23 01:32 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-11-23 01:32 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-11-23 01:32 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-11-23 01:32 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-23 01:32 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-23 01:32 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-11-21 02:53 <DIR> d-------- C:\Program Files\Twins Software
2007-11-21 02:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Twins Software
2007-11-21 02:53 2,912,256 --a------ C:\WINDOWS\system32\MediaInfo.dll
2007-11-21 02:53 57,344 --a------ C:\WINDOWS\system32\CMDRedirect.dll
2007-11-17 13:45 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-15 16:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint
2007-11-15 14:49 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-11-15 14:32 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2007-11-15 14:32 <DIR> d-------- C:\Program Files\Burn4Free
2007-11-15 14:21 <DIR> d-------- C:\Program Files\Burn4Free(2)
2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-14 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-13 13:35 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2007-11-11 04:23 <DIR> d-------- C:\Program Files\Join Split Convert Video
2007-11-11 04:23 794,624 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2007-11-11 04:23 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2007-11-11 02:16 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2007-11-11 02:16 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2007-11-11 02:16 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2007-11-11 02:16 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2007-11-10 13:43 <DIR> d-------- C:\Program Files\SmartSound Software
2007-11-10 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-10 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-10 13:34 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-11-09 21:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2007-11-09 15:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-11-09 12:20 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-09 12:20 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-09 12:11 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-09 12:11 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-09 12:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-11-09 12:11 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-09 12:11 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-11-09 12:11 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-09 12:11 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-09 12:11 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-11-06 04:04 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-11-05 18:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-05 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.KOR
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.JPN
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.JP
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.ITA
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.IT
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.FRA
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.FR
2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.NLD
2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.NL
2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.KO
2007-11-02 00:04 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-11-01 23:38 <DIR> d-------- C:\WINDOWS\avdv.drv
2007-11-01 23:38 256,113 --a------ C:\WINDOWS\system32\drivers\LStone2k.sys
2007-11-01 23:35 898,736 --------- C:\WINDOWS\system32\Ltr13n.dll
2007-11-01 23:35 298,168 --------- C:\WINDOWS\system32\Ltrio13n.dll
2007-11-01 23:35 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-11-01 23:35 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2007-11-01 23:35 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2007-11-01 23:35 40,960 --a------ C:\WINDOWS\system32\langserv.dll
2007-11-01 23:30 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-01 23:30 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 19:07 --------- d-----w C:\Program Files\Debugging Tools for Windows
2007-11-30 06:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-30 05:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-11-29 23:50 --------- d-----w C:\Program Files\Java
2007-11-29 02:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-15 21:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2007-11-15 21:17 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-15 03:44 --------- d-----w C:\Program Files\Lavasoft
2007-11-14 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 18:13 --------- d-----w C:\Program Files\ICQ6
2007-11-02 20:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-30 17:00 10 ----a-w C:\Program Files\.autoreg
2007-10-26 06:34 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-18 05:41 --------- d-----w C:\Program Files\Red Chair Software
2007-10-18 05:39 --------- d---a-w C:\Program Files\Google
2007-10-14 18:39 --------- d-----w C:\Program Files\ICQToolbar
2007-09-05 01:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
2007-08-21 06:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-14 02:37 2,873,940 ----a-w C:\Program Files\Version Tracker Pro 3.6.1.msi
.

((((((((((((((((((((((((((((( snapshot@2007-11-27_22.09.50.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-29 01:53:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-30 19:27:37 8,396,800 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-11-30 19:27:37 335,872 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-29 01:53:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-30 19:27:26 8,396,800 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-11-30 19:27:26 335,872 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-11-28 08:05:07 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2007-11-29 02:17:29 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-29 02:17:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-29 02:17:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-11-29 21:16:56 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2007-10-31 21:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2006-07-26 07:25:56 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-07-26 07:26:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-07-26 09:03:16 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-11-28 04:32:02 64,614 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-30 19:45:12 64,614 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-28 04:32:03 406,410 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-30 19:45:12 406,410 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-26 21:33:28 2,691,164 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-11-30 19:01:28 115,708 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2006-10-01 06:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:51]
"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [2007-11-16 14:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:30 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:30 C:\WINDOWS\system32\rundll32.exe]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"dpmrvufa"="C:\xjhwukop.bat" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 18:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 16:14]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-04 01:30 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Anapod Manager.lnk - C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [2007-08-05 16:07:02]
YouTube Uploader.lnk - C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
backup=C:\WINDOWS\pss\Photo Loader supervisory.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTracker Pro.lnk
backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-06-19 12:03 2321600 --a------ C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 01:30 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-24 04:15 50760 --a------ C:\Program Files\Common Files\AOL\1181875786\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-07-11 05:06 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\rayiou.exe

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys
R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys
R2 ONSIO;ONSIO;\??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS
S0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 20:26:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 12:48:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 12:49:11
C:\ComboFix2.txt ... 2007-11-29 16:57
C:\ComboFix3.txt ... 2007-11-27 22:11
.
--- E O F ---

hjt log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:39 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dpmrvufa] C:\xjhwukop.bat
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Clock Tray Skins\ClockTraySkins.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1184867848406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184867816656
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports.texasroadhouse.com/R...lientprint.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8535 bytes

**Pancake** · 11-30-2007, 02:54 PM

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [dpmrvufa] C:\xjhwukop.bat

=======================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dpmrvufa"=-

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

beandox · 12-01-2007, 11:42 AM

combo fix log...

ComboFix 07-11-19.4 - Administrator 2007-12-01 13:35:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-11-30 12:27 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-29 23:54 <DIR> d-------- C:\Program Files\iTunes
2007-11-29 23:54 <DIR> d-------- C:\Program Files\iPod
2007-11-29 16:51 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-29 16:49 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-28 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-28 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-28 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-28 01:33 <DIR> d-------- C:\Program Files\QuickTime
2007-11-28 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-28 01:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 00:16 <DIR> d-------- C:\ConverterOutput
2007-11-27 00:15 <DIR> d-------- C:\Program Files\Cucusoft
2007-11-27 00:15 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2007-11-27 00:15 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-11-27 00:12 4,286 --a------ C:\WINDOWS\system32\callwavefax.32x32.ico
2007-11-26 15:28 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2007-11-26 14:32 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-25 12:15 <DIR> d-------- C:\Program Files\Realtek AC97(2)
2007-11-24 02:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVSMedia
2007-11-23 02:12 <DIR> d-------- C:\Program Files\AVSMedia
2007-11-23 02:11 <DIR> d-------- C:\Music
2007-11-23 01:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
2007-11-23 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-23 01:33 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-11-23 01:32 <DIR> d-------- C:\Program Files\AVS4YOU
2007-11-23 01:32 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-11-23 01:32 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-11-23 01:32 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-11-23 01:32 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-21 02:53 <DIR> d-------- C:\Program Files\Twins Software
2007-11-21 02:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Twins Software
2007-11-21 02:53 2,912,256 --a------ C:\WINDOWS\system32\MediaInfo.dll
2007-11-21 02:53 57,344 --a------ C:\WINDOWS\system32\CMDRedirect.dll
2007-11-17 13:45 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-15 16:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint
2007-11-15 14:49 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-11-15 14:32 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2007-11-15 14:32 <DIR> d-------- C:\Program Files\Burn4Free
2007-11-15 14:21 <DIR> d-------- C:\Program Files\Burn4Free(2)
2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-14 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-13 13:35 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2007-11-11 04:23 <DIR> d-------- C:\Program Files\Join Split Convert Video
2007-11-11 04:23 794,624 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2007-11-11 04:23 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2007-11-11 02:16 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2007-11-11 02:16 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2007-11-11 02:16 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2007-11-10 13:43 <DIR> d-------- C:\Program Files\SmartSound Software
2007-11-10 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-10 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-10 13:34 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-11-09 21:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2007-11-09 15:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-11-09 12:20 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-09 12:20 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-09 12:11 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-09 12:11 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-09 12:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-11-09 12:11 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-09 12:11 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-11-09 12:11 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-09 12:11 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-09 12:11 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-11-06 04:04 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-11-05 18:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-05 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.KOR
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.JPN
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.JP
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.ITA
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.IT
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.FRA
2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.FR
2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.NLD
2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.NL
2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.KO
2007-11-02 00:04 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-11-01 23:38 <DIR> d-------- C:\WINDOWS\avdv.drv
2007-11-01 23:38 256,113 --a------ C:\WINDOWS\system32\drivers\LStone2k.sys
2007-11-01 23:35 898,736 --------- C:\WINDOWS\system32\Ltr13n.dll
2007-11-01 23:35 298,168 --------- C:\WINDOWS\system32\Ltrio13n.dll
2007-11-01 23:35 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-11-01 23:35 40,960 --a------ C:\WINDOWS\system32\langserv.dll
2007-11-01 23:30 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-01 23:30 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-11-01 23:30 204,881 --a------ C:\WINDOWS\system32\DiskIO.dll
2007-11-01 23:30 155,721 --a------ C:\WINDOWS\system32\RALMain.dll
2007-11-01 23:30 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2007-11-01 23:30 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2007-11-01 23:30 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2007-11-01 23:30 32,838 --a------ C:\WINDOWS\system32\Cachex.dll
2007-11-01 23:30 32,768 --a------ C:\WINDOWS\system32\MLPagAx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 06:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-11-30 19:07 --------- d-----w C:\Program Files\Debugging Tools for Windows
2007-11-30 06:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-29 23:50 --------- d-----w C:\Program Files\Java
2007-11-29 02:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-15 21:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2007-11-15 21:17 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-15 03:44 --------- d-----w C:\Program Files\Lavasoft
2007-11-14 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 19:21 --------- d-----w C:\Program Files\DivX
2007-11-09 19:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Vso
2007-11-08 18:13 --------- d-----w C:\Program Files\ICQ6
2007-11-02 20:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-30 17:00 10 ----a-w C:\Program Files\.autoreg
2007-10-26 06:34 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-10-26 06:34 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2007-10-26 06:34 --------- d-----w C:\Program Files\VSO
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 18:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VersionTracker Pro
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-18 07:11 --------- d-----w C:\Program Files\TechTracker
2007-10-18 05:41 --------- d-----w C:\Program Files\Red Chair Software
2007-10-18 05:39 --------- d---a-w C:\Program Files\Google
2007-10-18 03:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SlySoft
2007-10-14 18:39 --------- d-----w C:\Program Files\ICQToolbar
2007-10-09 00:45 131 ----a-w C:\Program Files\Version Tracker Pro 3.6.1.reg
2007-09-05 01:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
2007-04-14 02:37 2,873,940 ----a-w C:\Program Files\Version Tracker Pro 3.6.1.msi
2007-04-14 02:36 24,576 ----a-w C:\Program Files\Crack.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-27_22.09.50.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-29 01:53:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-30 19:27:37 8,396,800 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-11-30 19:27:37 335,872 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-29 01:53:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-30 19:27:26 8,396,800 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-11-30 19:27:26 335,872 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-11-28 08:05:07 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2007-11-29 02:17:29 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-29 02:17:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-29 02:17:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-11-29 21:16:56 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2007-10-31 21:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2006-07-26 07:25:56 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-07-26 07:26:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-07-26 09:03:16 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-11-28 04:32:02 64,614 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-01 19:04:08 64,614 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-28 04:32:03 406,410 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-01 19:04:08 406,410 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-26 21:33:28 2,691,164 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-11-30 19:01:28 115,708 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2006-10-01 06:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:30]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:51]
"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [2007-11-16 14:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:30 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:30 C:\WINDOWS\system32\rundll32.exe]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 18:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 16:14]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-04 01:30 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Anapod Manager.lnk - C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [2007-08-05 16:07:02]
YouTube Uploader.lnk - C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
backup=C:\WINDOWS\pss\Photo Loader supervisory.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTracker Pro.lnk
backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-06-19 12:03 2321600 --a------ C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 01:30 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-24 04:15 50760 --a------ C:\Program Files\Common Files\AOL\1181875786\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-07-11 05:06 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\rayiou.exe

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys
R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys
R2 ONSIO;ONSIO;\??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS
S0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 20:26:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 13:37:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-01 13:38:41
C:\ComboFix2.txt ... 2007-11-30 12:49
C:\ComboFix3.txt ... 2007-11-29 16:57
.
--- E O F ---

hjt log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:51 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Clock Tray Skins\ClockTraySkins.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1184867848406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184867816656
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports.texasroadhouse.com/R...lientprint.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8518 bytes

**Pancake** · 12-01-2007, 02:27 PM

That looks fine now...I dont see anymore problems.

beandox · 12-02-2007, 12:05 PM

the problem still isn't fixed though...I still receive the dreaded ".exe has encountered an error and needs to close."

**Pancake** · 12-02-2007, 02:17 PM

None of your problem appears to be malware related.Looks like you will need to look elsewhere....

11-26-2007, 05:47 PM	#1 (permalink)
beandox Registered User Join Date: Nov 2007 Posts: 5 OS: win xp pro	"has encountered an error and needs to close" error I'm having problems trying to convert xvid files into mpeg4 (ipod) format. i've downloaded and tried to use 3 different programs and all of them seem to crash randomly sometime throughout the transering process. Heres the files I've tried to use: winavi mp4 converter avs video tools converter twins video to ipd all of these are some top notch programs however I can't seem to get them to run properly. The programs either just shut down during the transfer or i get the dreaded "this program has encountered an error and needs to close" error message. any suggestions would be very helpful...heres my hi jack this log... Logfile of HijackThis v1.99.1 Scan saved at 7:44:47 PM, on 11/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Clock Tray Skins\ClockTraySkins.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\?ymbols\l?gonui.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {B6FDFC46-1CDA-3678-DC5D-39E6708F0C99} - C:\WINDOWS\system32\jgqxbxfv.dll O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Vff] C:\WINDOWS\system32\?ymbols\l?gonui.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1184867848406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184867816656 O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports.texasroadhouse.com/R...lientprint.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

11-26-2007, 06:57 PM	#2 (permalink)
beandox Registered User Join Date: Nov 2007 Posts: 5 OS: win xp pro	Re: "has encountered an error and needs to close" error this error message appears with many programs, not just the programs i mentioned.

11-28-2007, 08:21 PM	#3 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: "has encountered an error and needs to close" error You have a bit of malware that may be affecting things.... Download SDFix and save it to your desktop. http://downloads.andymanchesta.com/R...ools/SDFix.zip Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. In Safe Mode, right click the SDFix.zip folder and choose Extract All, Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum. ===================== This will help to identify any malware on your system. Please download Combofix from HERE or HERE Save ComboFix to the desktop. 1. Double click on combo.exe & follow the prompts. 2. When finished, it will produce a logfile located at C:\ComboFix.txt. 3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for. Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. __________________ Eddy

11-30-2007, 10:47 AM	#4 (permalink)
beandox Registered User Join Date: Nov 2007 Posts: 5 OS: win xp pro	Re: "has encountered an error and needs to close" error sdfix log... SDFix: Version 1.116 Run by Administrator on Fri 11/30/2007 at 12:27 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 12:35:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\(uTorrent)\\utorrent.exe"="C:\\Program Files\\(uTorrent)\\utorrent.exe::Enabled:µTorrent" "C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe::Enabled:Anapod Xtreamer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Wed 18 Jul 2007 26,624 ...H. --- "C:\Documents and Settings\Administrator\My Documents\~WRL0001.tmp" Sat 26 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 14 Jun 2007 1,594 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK" Mon 22 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT4E.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS03366114-E968-4E04-A64D-06699D2F822B.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS07CCF161-C28E-4032-8124-49E309ADB96F.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0A42179B-6FA4-49B6-8A47-586BC44EC73A.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS10664C37-82CC-4486-BCA3-36748408512C.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS11E1EC7C-EEAF-4529-9F46-E8EF5DBDED38.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS145DDE98-64AA-41AF-BC01-BE29B9DD45C9.tmp" Thu 23 Aug 2007 2,162,688 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS14915E16-1E18-4EDE-9CB5-0B0216D648CD.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1690CC5B-03AD-4BA6-83CB-7A6F75A53719.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1BFFB673-1248-490D-A92A-2B639E060CED.tmp" Thu 23 Aug 2007 1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C07C6BD-FD57-45C1-B13E-A3F5AFE17455.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D7FAD5E-5B90-4645-956F-CA468A96FBAF.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D3952F4-71E7-455E-A3EA-62E07CDBB6C0.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D3A2116-95D4-4165-B8C1-1F1A8EBA7F46.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1E2265F7-6187-45BC-8252-D51A1AF4E550.tmp" Thu 23 Aug 2007 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS211479CD-A69F-4D73-AF25-B483957B9FD1.tmp" Thu 23 Aug 2007 2,162,688 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2764AE69-38AA-4280-B74C-944E6258FDE4.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS273E06F8-A966-4B7F-A20F-7389EA58A74C.tmp" Thu 23 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2AC7AD6A-AD65-41C7-B47C-44F75E2F8752.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2C2D8687-36A6-4D0B-80B7-47505AE9383E.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E7C82C4-F47E-403E-A5DD-78AF0BF2FCCC.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS330E93BA-9190-4309-AC94-961B9D222A5B.tmp" Thu 23 Aug 2007 1,179,648 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS367E4873-7376-4060-BB58-F1BC1F072DFC.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3888AAE9-EBFC-4F4E-B62D-6AA8526A46A5.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS38A7FA8E-0211-4E22-A50B-A4873CD686E2.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3AC3C142-7EA2-4BFD-8650-1A84AB1D1592.tmp" Thu 23 Aug 2007 1,638,400 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3CD15C92-FD5F-4A49-B77F-879C1D88ABEB.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D625F58-5171-4B1F-974E-767C54AAFF0B.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4106AD4E-D27B-4E85-ABAB-EEC7BA9A881D.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS411EEDCF-C8D3-45C2-809F-FEA62F94B02E.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42309621-5C5E-49A0-B1B8-88DCD027E8C0.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS45377580-B955-4830-A128-7C99FDE5D619.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46F23FD4-CF83-49ED-8318-9CAD62BB01D9.tmp" Thu 23 Aug 2007 1,900,544 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS463E8BCB-DE57-4519-9CB2-C8E3F99D4184.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46FA8A39-AAC9-4B15-B977-97DB2059DC78.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS472B0FFB-2328-4905-888A-350F0BE5B6BE.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS48E4FBB5-BAA2-4DAF-A095-2C7C3CB78A13.tmp" Thu 23 Aug 2007 3,014,656 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS51E5E9CE-9CE7-451A-96F7-B9725C433321.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5202502D-1A12-4F85-814C-2C8895FD430A.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54185171-E9FE-4C74-B805-630F010F4303.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5789F899-4BA5-4D28-8F3C-946B777A39A2.tmp" Thu 23 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS57499EBD-217B-47E0-8002-D064B109D8CB.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS582CC1A5-F263-4463-92FD-4F13DDD906C9.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5A5A79D1-0DC6-4A88-B9B1-D9AB656168E2.tmp" Thu 23 Aug 2007 1,376,256 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5C37817A-1A1B-4304-92FC-A750CECAE2E0.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5CABE0EB-A5F7-481A-BD1B-B65A22D5AA3C.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS602EE9D1-4655-4942-8C67-50F26F9A5E97.tmp" Thu 23 Aug 2007 327,680 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS605D8E72-1D5E-48F8-8051-E246DEA810EE.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6877ED13-686D-4127-B802-EADEC97640E6.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6E6A730D-C4AD-4C5A-A05E-94B3281F9564.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6EA9CD4B-3DE0-49F5-B914-7FC20E424829.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS70E26A4D-D73C-473E-AD99-A697E9862DF4.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7176C274-275B-4949-A888-A34777E7FC9A.tmp" Thu 23 Aug 2007 458,752 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7CDA8E5E-8B7B-497E-8414-E61A0FACF6BB.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8864CE38-41C0-4B43-9822-B9582E23F7F4.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8D5A2691-8314-4697-81E7-AC1546449E42.tmp" Thu 23 Aug 2007 851,968 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8FCF9514-2AFD-4262-AB38-F600075D2F8D.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS907AD058-D375-4908-8BE3-1DF48F153CBC.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9217E66A-C807-48AF-8F08-689904FD96B2.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS93915F36-2D9D-417D-92A1-F4173E47E104.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9457E8DA-8A5C-4CFB-AE5E-50EFAD168883.tmp" Thu 23 Aug 2007 720,896 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9C1303B1-2ADE-4153-B930-34CA35082517.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9DD0ED3C-71D1-4A2C-B1A5-0206D292FAEB.tmp" Thu 23 Aug 2007 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9FA01BA9-776A-4AD9-9FEF-334C3131850D.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA217FF1F-7DD0-4299-BB22-75C9E1D6D2AE.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA2DFDEB4-A8CB-45DC-98EC-841A5F74DD76.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABEB0D42-080F-4EE5-B835-426377604DCA.tmp" Thu 23 Aug 2007 1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAC724451-BCEC-417F-99D4-5E6737E0B779.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAC0A2B96-5FE6-4DED-B1AF-04F31A6A92CB.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBE960DCF-2D9A-4305-8000-5E9B9B520C6E.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFF7DC5D-01EB-4AD5-84A1-E022E226F87E.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC22BF82E-156E-4E0A-A088-F139E0E75317.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC48237A0-32E6-4FD1-973A-5EAFE586D52D.tmp" Thu 23 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC8BC9248-038C-4C2B-AEBD-90D6F23A8AE5.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCE8E4CDD-6A53-4CAC-9FFD-B0ED23DB968E.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3BF6189-FEDC-4DD2-AD9F-B1E5986ADB09.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD39089B7-8C23-4B03-A7B6-5380E2AE0B74.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD4F50691-5949-4884-AA6D-9D50459256E6.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5C67A7C-939B-4935-8553-73F2B225046D.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDA14657D-5972-476C-9FE5-90777ED585E1.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC460760-6EC7-46BE-BE78-F463758F5C23.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDDA731A2-57F2-4603-ADF4-B1333FDFABEA.tmp" Thu 23 Aug 2007 393,216 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDE5E4DB5-1035-4BC1-87BE-FAEB67DD5176.tmp" Thu 23 Aug 2007 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE1FCF675-7C0D-406B-AF0D-9368BCBDEE54.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE4D17397-73D3-4024-ACEE-174C9478F713.tmp" Thu 23 Aug 2007 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF1ADD9CC-C5DE-4090-9FC9-E9DCEE11E46D.tmp" Thu 23 Aug 2007 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF1064C60-42B8-4B78-B98A-4A6266510940.tmp" Thu 23 Aug 2007 458,752 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFCB4BFB0-99C6-4877-B5E5-9F025AC3F9E6.tmp" Thu 23 Aug 2007 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC05B48C-F98A-49C8-8F13-9E32FF02310F.tmp" Thu 23 Aug 2007 5,898,240 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFD051DB7-48B5-4C53-868B-2B8A4CB31484.tmp" Mon 23 Jul 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Mon 23 Jul 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Finished! combo fix log... ComboFix 07-11-19.4 - Administrator 2007-11-30 12:46:38.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367 [GMT -7:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))) . 2007-11-30 12:27 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-29 23:54 <DIR> d-------- C:\Program Files\iTunes 2007-11-29 23:54 <DIR> d-------- C:\Program Files\iPod 2007-11-29 16:51 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-29 16:49 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-28 23:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-28 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-11-28 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-28 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2007-11-28 01:33 <DIR> d-------- C:\Program Files\QuickTime 2007-11-28 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-28 01:04 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-27 00:16 <DIR> d-------- C:\ConverterOutput 2007-11-27 00:15 <DIR> d-------- C:\Program Files\Cucusoft 2007-11-27 00:15 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax 2007-11-27 00:15 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2007-11-27 00:15 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg 2007-11-27 00:12 4,286 --a------ C:\WINDOWS\system32\callwavefax.32x32.ico 2007-11-26 15:28 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter 2007-11-26 14:32 <DIR> d-------- C:\Program Files\Realtek AC97 2007-11-25 12:15 <DIR> d-------- C:\Program Files\Realtek AC97(2) 2007-11-24 02:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVSMedia 2007-11-23 02:12 <DIR> d-------- C:\Program Files\AVSMedia 2007-11-23 02:11 <DIR> d-------- C:\Music 2007-11-23 01:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVS4YOU 2007-11-23 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2007-11-23 01:33 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2007-11-23 01:32 <DIR> d-------- C:\Program Files\AVS4YOU 2007-11-23 01:32 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-11-23 01:32 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-11-23 01:32 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2007-11-23 01:32 82,944 --a------ C:\WINDOWS\system32\vct3216.acm 2007-11-23 01:32 53,248 --a------ C:\WINDOWS\system32\xvid.ax 2007-11-23 01:32 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-11-23 01:32 13,239 --a------ C:\WINDOWS\system32\Scg726.acm 2007-11-21 02:53 <DIR> d-------- C:\Program Files\Twins Software 2007-11-21 02:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Twins Software 2007-11-21 02:53 2,912,256 --a------ C:\WINDOWS\system32\MediaInfo.dll 2007-11-21 02:53 57,344 --a------ C:\WINDOWS\system32\CMDRedirect.dll 2007-11-17 13:45 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico 2007-11-15 16:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-11-15 14:49 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2007-11-15 14:32 <DIR> d-------- C:\Program Files\Burn4Free Toolbar 2007-11-15 14:32 <DIR> d-------- C:\Program Files\Burn4Free 2007-11-15 14:21 <DIR> d-------- C:\Program Files\Burn4Free(2) 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-11-14 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7 2007-11-13 13:35 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico 2007-11-11 04:23 <DIR> d-------- C:\Program Files\Join Split Convert Video 2007-11-11 04:23 794,624 --a------ C:\WINDOWS\system32\mpgfiltr.ax 2007-11-11 04:23 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax 2007-11-11 02:16 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL 2007-11-11 02:16 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll 2007-11-11 02:16 44,544 --------- C:\WINDOWS\system32\msxml4a.dll 2007-11-11 02:16 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll 2007-11-10 13:43 <DIR> d-------- C:\Program Files\SmartSound Software 2007-11-10 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2007-11-10 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2007-11-10 13:34 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL 2007-11-09 21:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab 2007-11-09 15:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX 2007-11-09 12:20 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-09 12:20 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-09 12:11 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-09 12:11 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-11-09 12:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm 2007-11-09 12:11 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-11-09 12:11 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-09 12:11 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-09 12:11 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-11-09 12:11 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2007-11-06 04:04 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2007-11-05 18:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-11-05 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.KOR 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.JPN 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.JP 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.ITA 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.IT 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.FRA 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.FR 2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.NLD 2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.NL 2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.KO 2007-11-02 00:04 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys 2007-11-01 23:38 <DIR> d-------- C:\WINDOWS\avdv.drv 2007-11-01 23:38 256,113 --a------ C:\WINDOWS\system32\drivers\LStone2k.sys 2007-11-01 23:35 898,736 --------- C:\WINDOWS\system32\Ltr13n.dll 2007-11-01 23:35 298,168 --------- C:\WINDOWS\system32\Ltrio13n.dll 2007-11-01 23:35 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-11-01 23:35 81,920 --------- C:\WINDOWS\system32\vdrmux.dll 2007-11-01 23:35 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll 2007-11-01 23:35 40,960 --a------ C:\WINDOWS\system32\langserv.dll 2007-11-01 23:30 <DIR> d-------- C:\Program Files\Pinnacle 2007-11-01 23:30 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-30 19:07 --------- d-----w C:\Program Files\Debugging Tools for Windows 2007-11-30 06:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2007-11-30 05:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-11-29 23:50 --------- d-----w C:\Program Files\Java 2007-11-29 02:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-15 21:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound 2007-11-15 21:17 --------- d-----w C:\Program Files\NCH Swift Sound 2007-11-15 03:44 --------- d-----w C:\Program Files\Lavasoft 2007-11-14 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-11 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-08 18:13 --------- d-----w C:\Program Files\ICQ6 2007-11-02 20:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire 2007-10-30 17:00 10 ----a-w C:\Program Files\.autoreg 2007-10-26 06:34 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-10-18 05:41 --------- d-----w C:\Program Files\Red Chair Software 2007-10-18 05:39 --------- d---a-w C:\Program Files\Google 2007-10-14 18:39 --------- d-----w C:\Program Files\ICQToolbar 2007-09-05 01:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll 2007-08-21 06:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-14 02:37 2,873,940 ----a-w C:\Program Files\Version Tracker Pro 3.6.1.msi . ((((((((((((((((((((((((((((( snapshot@2007-11-27_22.09.50.10 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-29 01:53:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-11-30 19:27:37 8,396,800 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2007-11-30 19:27:37 335,872 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-11-29 01:53:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-11-30 19:27:26 8,396,800 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2007-11-30 19:27:26 335,872 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2007-11-28 08:05:07 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe + 2007-11-29 02:17:29 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe + 2007-11-29 02:17:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2007-11-29 02:17:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2007-11-29 21:16:56 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat + 2007-10-31 21:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys - 2006-07-26 07:25:56 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-07-26 07:26:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-07-26 09:03:16 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2007-11-28 04:32:02 64,614 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-11-30 19:45:12 64,614 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-11-28 04:32:03 406,410 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-11-30 19:45:12 406,410 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-11-26 21:33:28 2,691,164 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2007-11-30 19:01:28 115,708 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2006-10-01 06:00] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:30] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:51] "Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [2007-11-16 14:37] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:30 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:30 C:\WINDOWS\system32\rundll32.exe] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 16:14] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "dpmrvufa"="C:\xjhwukop.bat" [] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 18:55] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 16:14] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide3"="cmd.exe" [2004-08-04 01:30 C:\WINDOWS\system32\cmd.exe] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Anapod Manager.lnk - C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [2007-08-05 16:07:02] YouTube Uploader.lnk - C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk backup=C:\WINDOWS\pss\Photo Loader supervisory.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTracker Pro.lnk backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2007-06-19 12:03 2321600 --a------ C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 01:30 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-05-24 04:15 50760 --a------ C:\Program Files\Common Files\AOL\1181875786\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2002-07-11 05:06 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider] C:\Program Files\Insider\Insider.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\rayiou.exe R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys R2 ONSIO;ONSIO;\??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS S0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS . Contents of the 'Scheduled Tasks' folder "2007-11-28 20:26:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************ catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 12:48:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-30 12:49:11 C:\ComboFix2.txt ... 2007-11-29 16:57 C:\ComboFix3.txt ... 2007-11-27 22:11 . --- E O F --- hjt log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50:39 PM, on 11/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Clock Tray Skins\ClockTraySkins.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [dpmrvufa] C:\xjhwukop.bat O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user') O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1184867848406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184867816656 O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports.texasroadhouse.com/R...lientprint.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8535 bytes

12-01-2007, 11:42 AM	#6 (permalink)
beandox Registered User Join Date: Nov 2007 Posts: 5 OS: win xp pro	Re: "has encountered an error and needs to close" error combo fix log... ComboFix 07-11-19.4 - Administrator 2007-12-01 13:35:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT -7:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))) . 2007-11-30 12:27 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-29 23:54 <DIR> d-------- C:\Program Files\iTunes 2007-11-29 23:54 <DIR> d-------- C:\Program Files\iPod 2007-11-29 16:51 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-29 16:49 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-28 23:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-28 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-11-28 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-28 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2007-11-28 01:33 <DIR> d-------- C:\Program Files\QuickTime 2007-11-28 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-28 01:04 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-27 00:16 <DIR> d-------- C:\ConverterOutput 2007-11-27 00:15 <DIR> d-------- C:\Program Files\Cucusoft 2007-11-27 00:15 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax 2007-11-27 00:15 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg 2007-11-27 00:12 4,286 --a------ C:\WINDOWS\system32\callwavefax.32x32.ico 2007-11-26 15:28 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter 2007-11-26 14:32 <DIR> d-------- C:\Program Files\Realtek AC97 2007-11-25 12:15 <DIR> d-------- C:\Program Files\Realtek AC97(2) 2007-11-24 02:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVSMedia 2007-11-23 02:12 <DIR> d-------- C:\Program Files\AVSMedia 2007-11-23 02:11 <DIR> d-------- C:\Music 2007-11-23 01:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVS4YOU 2007-11-23 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2007-11-23 01:33 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2007-11-23 01:32 <DIR> d-------- C:\Program Files\AVS4YOU 2007-11-23 01:32 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-11-23 01:32 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-11-23 01:32 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2007-11-23 01:32 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-11-21 02:53 <DIR> d-------- C:\Program Files\Twins Software 2007-11-21 02:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Twins Software 2007-11-21 02:53 2,912,256 --a------ C:\WINDOWS\system32\MediaInfo.dll 2007-11-21 02:53 57,344 --a------ C:\WINDOWS\system32\CMDRedirect.dll 2007-11-17 13:45 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico 2007-11-15 16:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint 2007-11-15 14:49 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2007-11-15 14:32 <DIR> d-------- C:\Program Files\Burn4Free Toolbar 2007-11-15 14:32 <DIR> d-------- C:\Program Files\Burn4Free 2007-11-15 14:21 <DIR> d-------- C:\Program Files\Burn4Free(2) 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-11-14 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-11-14 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7 2007-11-13 13:35 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico 2007-11-11 04:23 <DIR> d-------- C:\Program Files\Join Split Convert Video 2007-11-11 04:23 794,624 --a------ C:\WINDOWS\system32\mpgfiltr.ax 2007-11-11 04:23 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax 2007-11-11 02:16 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll 2007-11-11 02:16 44,544 --------- C:\WINDOWS\system32\msxml4a.dll 2007-11-11 02:16 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll 2007-11-10 13:43 <DIR> d-------- C:\Program Files\SmartSound Software 2007-11-10 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2007-11-10 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2007-11-10 13:34 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL 2007-11-09 21:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab 2007-11-09 15:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX 2007-11-09 12:20 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-09 12:20 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-09 12:11 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-09 12:11 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-11-09 12:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm 2007-11-09 12:11 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-11-09 12:11 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-09 12:11 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-09 12:11 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-11-09 12:11 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2007-11-06 04:04 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2007-11-05 18:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-11-05 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.KOR 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.JPN 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.JP 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.ITA 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.IT 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.FRA 2007-11-02 00:04 26,624 --a------ C:\WINDOWS\system32\PSDrvCheck.FR 2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.NLD 2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.NL 2007-11-02 00:04 16,896 --a------ C:\WINDOWS\system32\PSDrvCheck.KO 2007-11-02 00:04 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys 2007-11-01 23:38 <DIR> d-------- C:\WINDOWS\avdv.drv 2007-11-01 23:38 256,113 --a------ C:\WINDOWS\system32\drivers\LStone2k.sys 2007-11-01 23:35 898,736 --------- C:\WINDOWS\system32\Ltr13n.dll 2007-11-01 23:35 298,168 --------- C:\WINDOWS\system32\Ltrio13n.dll 2007-11-01 23:35 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-11-01 23:35 40,960 --a------ C:\WINDOWS\system32\langserv.dll 2007-11-01 23:30 <DIR> d-------- C:\Program Files\Pinnacle 2007-11-01 23:30 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-11-01 23:30 204,881 --a------ C:\WINDOWS\system32\DiskIO.dll 2007-11-01 23:30 155,721 --a------ C:\WINDOWS\system32\RALMain.dll 2007-11-01 23:30 114,759 --------- C:\WINDOWS\system32\Aviprax.dll 2007-11-01 23:30 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll 2007-11-01 23:30 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll 2007-11-01 23:30 32,838 --a------ C:\WINDOWS\system32\Cachex.dll 2007-11-01 23:30 32,768 --a------ C:\WINDOWS\system32\MLPagAx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-01 06:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-11-30 19:07 --------- d-----w C:\Program Files\Debugging Tools for Windows 2007-11-30 06:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2007-11-29 23:50 --------- d-----w C:\Program Files\Java 2007-11-29 02:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-15 21:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound 2007-11-15 21:17 --------- d-----w C:\Program Files\NCH Swift Sound 2007-11-15 03:44 --------- d-----w C:\Program Files\Lavasoft 2007-11-14 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-11 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-09 19:21 --------- d-----w C:\Program Files\DivX 2007-11-09 19:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Vso 2007-11-08 18:13 --------- d-----w C:\Program Files\ICQ6 2007-11-02 20:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire 2007-10-30 17:00 10 ----a-w C:\Program Files\.autoreg 2007-10-26 06:34 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-10-26 06:34 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys 2007-10-26 06:34 --------- d-----w C:\Program Files\VSO 2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-10-18 18:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VersionTracker Pro 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-10-18 07:11 --------- d-----w C:\Program Files\TechTracker 2007-10-18 05:41 --------- d-----w C:\Program Files\Red Chair Software 2007-10-18 05:39 --------- d---a-w C:\Program Files\Google 2007-10-18 03:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SlySoft 2007-10-14 18:39 --------- d-----w C:\Program Files\ICQToolbar 2007-10-09 00:45 131 ----a-w C:\Program Files\Version Tracker Pro 3.6.1.reg 2007-09-05 01:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll 2007-04-14 02:37 2,873,940 ----a-w C:\Program Files\Version Tracker Pro 3.6.1.msi 2007-04-14 02:36 24,576 ----a-w C:\Program Files\Crack.exe . ((((((((((((((((((((((((((((( snapshot@2007-11-27_22.09.50.10 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-29 01:53:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-11-30 19:27:37 8,396,800 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2007-11-30 19:27:37 335,872 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-11-29 01:53:00 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-11-30 19:27:26 8,396,800 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2007-11-30 19:27:26 335,872 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2007-11-28 08:05:07 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe + 2007-11-29 02:17:29 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe + 2007-11-29 02:17:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2007-11-29 02:17:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2007-11-29 21:16:56 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat + 2007-10-31 21:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys - 2006-07-26 07:25:56 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-07-26 07:26:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-07-26 09:03:16 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2007-11-28 04:32:02 64,614 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-01 19:04:08 64,614 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-11-28 04:32:03 406,410 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-01 19:04:08 406,410 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-11-26 21:33:28 2,691,164 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2007-11-30 19:01:28 115,708 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2006-10-01 06:00] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:30] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:51] "Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" [2007-11-16 14:37] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:30 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:30 C:\WINDOWS\system32\rundll32.exe] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 16:14] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 18:55] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 16:14] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide3"="cmd.exe" [2004-08-04 01:30 C:\WINDOWS\system32\cmd.exe] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Anapod Manager.lnk - C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [2007-08-05 16:07:02] YouTube Uploader.lnk - C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk backup=C:\WINDOWS\pss\Photo Loader supervisory.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTracker Pro.lnk backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2007-06-19 12:03 2321600 --a------ C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 01:30 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-05-24 04:15 50760 --a------ C:\Program Files\Common Files\AOL\1181875786\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2002-07-11 05:06 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider] C:\Program Files\Insider\Insider.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\rayiou.exe R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys R2 ONSIO;ONSIO;\??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS S0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS . Contents of the 'Scheduled Tasks' folder "2007-11-28 20:26:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************ catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-01 13:37:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-01 13:38:41 C:\ComboFix2.txt ... 2007-11-30 12:49 C:\ComboFix3.txt ... 2007-11-29 16:57 . --- E O F --- hjt log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:45:51 PM, on 12/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Clock Tray Skins\ClockTraySkins.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.0.91.0\GoogleUpdate.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user') O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1184867848406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184867816656 O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports.texasroadhouse.com/R...lientprint.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8518 bytes

12-01-2007, 02:27 PM	#7 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: "has encountered an error and needs to close" error That looks fine now...I dont see anymore problems. __________________ Eddy

12-02-2007, 12:05 PM	#8 (permalink)
beandox Registered User Join Date: Nov 2007 Posts: 5 OS: win xp pro	Re: "has encountered an error and needs to close" error the problem still isn't fixed though...I still receive the dreaded ".exe has encountered an error and needs to close."

12-02-2007, 02:17 PM	#9 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: "has encountered an error and needs to close" error None of your problem appears to be malware related.Looks like you will need to look elsewhere.... __________________ Eddy