Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Macromedia Flashplayer Problems


  • This topic is locked This topic is locked
9 replies to this topic

#1 lizmeredith

lizmeredith

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:09:51 AM

Posted 01 August 2008 - 05:08 PM

I recently had my computer cleaned for viruses. A friend did it for me, then set me up with a CA security (including spyware and firewall protection). Since I got my computer back, I am unable to watch movies on internet sites such a youtube or aolvideo (when using IE7). I also cannot use certain applications on facebook or other sites that require the macromedia flash plugin. When I right click on where the video should be, it says "cannot load movie" and "about flashplayer". I have googled this problem and tried everything under the sun to fix it including...

1. Uninstalling flashplayer (using adobe's uninstall) and then reinstalling it
2. Uninstalling java and then reinstalling it to the current updated version
3. Downloading safari and firefox and still not being able to view it
4. Making sure that java and javascript are enabled under internet options
5. I have run Registryfix6, Spyware Doctor, CCleaner, and Vundofix

I ran DSS and my Hijackthis log is below. Can anyone please help me solve this problem?


Deckard's System Scanner v20071014.68
Run by l on 2008-07-31 15:33:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
30: 2008-07-31 22:34:28 UTC - RP30 - Deckard's System Scanner Restore Point
29: 2008-07-31 01:28:19 UTC - RP29 - System Checkpoint
28: 2008-07-29 19:13:40 UTC - RP28 - System Checkpoint
27: 2008-07-28 18:51:27 UTC - RP27 - Removed Java™ SE Runtime Environment 6 Update 1
26: 2008-07-28 16:55:21 UTC - RP26 - System Checkpoint


-- First Restore Point --
1: 2008-07-10 05:04:57 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-31 15:37:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\l\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {b09df0f7-db00-46b7-ab94-4d9ac958345f} - C:\WINDOWS\system32\sqwyzm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\messenger\msmsgs.exe
O11 - Options Group: [TABS] Tabbed Browsing
O15 - Trusted Zone: http://windowsupdate.microsoft.com (HKCU)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ddccyab - C:\WINDOWS\system32\ddccyab.dll (file missing)
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: xxyxXNhg - C:\WINDOWS\system32\xxyxXNhg.dll (file missing)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe


--
End of file - 11071 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vmodem (W2k Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R0 Vpctcom (W2k Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R0 Vvoice (W2k Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>
R3 ac97intc (Intel® 82801 Audio Driver Install Service (WDM)) - c:\windows\system32\drivers\ac97intc.sys <Not Verified; Intel Corporation; Intel® Integrated Controller Hub Audio Driver>
R3 AR5211 (TP-LINK Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\windows\system32\drivers\el90xbc5.sys <Not Verified; 3Com Corporation; 3Com EtherLink PCI>
R3 Ptserial (W2K Pctel Serial Device Driver) - c:\windows\system32\drivers\ptserial.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-15 14:57:38 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-09 07:04:39 506 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as l at 8 27 PM.job
2008-07-09 03:30:08 394 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job


-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-30 08:40:46 0 d-------- C:\WINDOWS\LastGood
2008-07-28 12:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-28 12:05:07 0 dr-h----- C:\Documents and Settings\l\Recent
2008-07-28 11:54:41 0 d-------- C:\Program Files\Yahoo!
2008-07-28 11:54:14 0 d-------- C:\Program Files\CCleaner
2008-07-28 11:38:43 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-23 12:55:33 0 d-------- C:\Program Files\Safari
2008-07-23 12:53:42 0 d-------- C:\Program Files\Bonjour
2008-07-21 20:15:02 0 d-------- C:\WINDOWS\Sun
2008-07-21 20:15:01 0 d-------- C:\Documents and Settings\l\Application Data\Sun
2008-07-18 11:02:11 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-18 11:01:16 0 d-------- C:\Documents and Settings\l\Application Data\Mozilla
2008-07-15 19:11:16 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-15 14:56:33 0 d-------- C:\Program Files\Apple Software Update
2008-07-14 14:52:00 0 d-------- C:\Program Files\Common Files\PC Tools
2008-07-14 14:51:36 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-13 09:05:03 0 d-------- C:\WINDOWS\ERUNT
2008-07-12 13:05:54 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 13:05:11 0 d-------- C:\Program Files\Spyware Doctor
2008-07-12 13:05:11 0 d-------- C:\Documents and Settings\l\Application Data\PC Tools
2008-07-12 11:55:18 0 d-------- C:\WINDOWS\CSC
2008-07-10 20:47:09 0 d-------- C:\Program Files\RegistryFix6
2008-07-10 14:48:54 0 d-------- C:\Program Files\MSXML 4.0
2008-07-10 01:47:14 0 --a------ C:\Documents and Settings\l\core
2008-07-09 21:51:15 0 d-------- C:\WINDOWS\pss
2008-07-09 16:59:20 0 d-------- C:\WINDOWS\CAVTemp
2008-07-09 15:51:01 81184 --a------ C:\WINDOWS\system32\ypcaitfn.dll
2008-07-09 15:50:44 105152 --a------ C:\WINDOWS\system32\sqwyzm.dll
2008-07-09 15:50:35 105152 --a------ C:\WINDOWS\system32\qbekhsrg.dll
2008-07-08 21:00:59 0 d-------- C:\qrnt
2008-07-08 20:26:09 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-08 20:24:54 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-07-08 20:24:51 0 d-------- C:\Program Files\CA
2008-07-08 19:23:55 0 d-------- C:\Documents and Settings\l\Application Data\ErrorSmart
2008-07-08 18:47:28 105296 --a------ C:\WINDOWS\system32\wvqqch.dll
2008-07-08 18:47:25 105296 --a------ C:\WINDOWS\system32\eotaqlen.dll
2008-07-08 17:57:14 0 d-------- C:\WINDOWS\Provisioning
2008-07-03 18:02:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-03 18:01:34 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-07-03 18:01:25 0 d-------- C:\Program Files\twc
2008-07-02 20:38:29 0 d-------- C:\Program Files\Support.com
2008-07-02 20:38:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2008-07-01 19:14:36 90960 --a------ C:\WINDOWS\system32\fcjdcjkf.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-28 11:52:41 0 d-------- C:\Program Files\Java
2008-07-27 12:01:43 0 d-------- C:\Documents and Settings\l\Application Data\U3
2008-07-23 13:03:04 0 d-------- C:\Documents and Settings\l\Application Data\Apple Computer
2008-07-22 10:46:23 0 d-------- C:\Program Files\QuickTime
2008-07-14 14:52:00 0 d-------- C:\Program Files\Common Files
2008-07-09 17:19:00 620090 --ahs---- C:\WINDOWS\system32\BcdKnnnn.ini2
2008-07-09 16:20:30 0 d-------- C:\Documents and Settings\l\Application Data\AVG7
2008-06-29 19:51:33 105856 --a------ C:\WINDOWS\system32\cundka.dll
2008-06-29 19:51:33 105856 --a------ C:\WINDOWS\system32\ahxhbupq.dll
2008-06-26 13:13:54 107968 --a------ C:\WINDOWS\system32\ucurwwic.dll
2008-06-25 18:36:12 0 d-------- C:\Documents and Settings\l\Application Data\SpywareStop
2008-06-25 18:22:38 0 d-------- C:\Documents and Settings\l\Application Data\??sks
2008-06-25 12:06:22 107936 --a------ C:\WINDOWS\system32\fbtyfscn.dll
2008-06-25 12:05:13 91472 --a------ C:\WINDOWS\system32\bdhvpopq.dll
2008-06-25 10:39:40 0 d-------- C:\Documents and Settings\l\Application Data\LimeWire
2008-06-24 19:16:24 0 d-------- C:\Documents and Settings\l\Application Data\W Photo Studio Viewer
2008-06-12 12:10:39 0 d-------- C:\Program Files\Red Kawa
2008-05-06 22:18:48 1287680 --a------ C:\WINDOWS\system32\quartz.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b09df0f7-db00-46b7-ab94-4d9ac958345f}]
07/09/2008 03:50 PM 105152 --a------ C:\WINDOWS\system32\sqwyzm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:19 PM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [07/08/2008 08:28 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 01:36 PM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [07/08/2008 08:34 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [07/08/2008 08:34 PM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [07/08/2008 08:34 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccyab]
ddccyab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxXNhg]
xxyxXNhg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnKdcB
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"medicsp2"=C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{062b5641-128e-11d6-83d4-00065be3442d}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-31 15:55:35 ------------

Attached Files



BC AdBot (Login to Remove)

 


m

#2 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 10 August 2008 - 07:43 AM

Hi lizmeredith, I see infections that are still present and also noted that you have AVG Anti-Virus along with CA's suite. However, I don't see the uninstall entry in Add or Remove Programs for AVG. It's not advisable to be running more than one AV at a time as this can cause system performance problems, lockups, etc. If you have a subscription for CA, it would be a good idea to uninstall AVG. You can look for an installer/uninstaller for it in AVG's Program Files folder. Try looking here: C:\Program Files\Grisoft\AVG7

Now, let's move on to cleaning up.

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you. Please include the report (located at C:\ComboFix.txt) in your next response.

Next

Please download Malwarebytes' Anti-Malware and save it to your Desktop.
Alternate download location
Alternate download location

Double-click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please post that log in your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.



In your next response, please be sure to include the logs from ComboFix and MBAM and let me know how you made out with the AVG issue.

#3 lizmeredith

lizmeredith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:09:51 AM

Posted 12 August 2008 - 03:44 PM

Ok, sorry that it took so long to reply back. Removing AVG was difficult because I didn't have the uninstall file but I finally was able to get it all off my computer (I think). I successfully ran Combofix in recovery mode and have included the log below. I also ran MBAM and included the log too. Everything seemed to run successfully, but I am still unable to watch flash videos =(

ComboFix 08-08-10.06 - l 2008-08-12 9:50:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.143 [GMT -7:00]
Running from: C:\Documents and Settings\l\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\l\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\l\Application Data\SKS~1
C:\WINDOWS\BMaf688fa4.txt
C:\WINDOWS\BMaf688fa4.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahxhbupq.dll
C:\WINDOWS\system32\BcdKnnnn.ini
C:\WINDOWS\system32\BcdKnnnn.ini2
C:\WINDOWS\system32\bdhvpopq.dll
C:\WINDOWS\system32\cundka.dll
C:\WINDOWS\system32\ewylkons.ini
C:\WINDOWS\system32\fbtyfscn.dll
C:\WINDOWS\system32\fcjdcjkf.dll
C:\WINDOWS\system32\fprokhrv.ini
C:\WINDOWS\system32\fwfwdrxj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mplefsom.ini
C:\WINDOWS\system32\nftiacpy.ini
C:\WINDOWS\system32\rcvfeoin.ini
C:\WINDOWS\system32\ucurwwic.dll
C:\WINDOWS\system32\ufklnyhc.ini
C:\WINDOWS\system32\uxxbc.ini
C:\WINDOWS\system32\uxxbc.ini2
C:\WINDOWS\system32\whirvqaf.ini
C:\WINDOWS\system32\wjfksvlr.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-11 20:20 . 2008-08-12 08:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-11 18:36 . 2008-08-11 18:36 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-08-08 17:51 . 2008-08-08 17:51 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-08 17:50 . 2008-08-08 17:50 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-08 17:50 . 2008-08-08 17:50 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-08 16:20 . 2008-08-08 16:20 <DIR> d-------- C:\WINDOWS\EHome
2008-08-06 00:40 . 2008-08-06 00:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-06 00:11 . 2008-08-06 00:11 <DIR> d-------- C:\Program Files\iTunes
2008-08-06 00:11 . 2008-08-06 00:11 <DIR> d-------- C:\Program Files\iPod
2008-08-04 17:10 . 2008-04-13 17:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-04 17:10 . 2008-04-13 17:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-04 17:10 . 2008-04-13 17:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-04 17:10 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-04 17:10 . 2008-04-13 17:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-08-04 17:10 . 2008-04-13 17:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-04 17:09 . 2008-04-13 17:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-04 17:09 . 2008-04-13 17:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-08-04 17:09 . 2008-04-13 17:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-08-04 17:09 . 2008-04-13 17:12 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-08-04 17:09 . 2008-04-13 17:12 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-08-04 17:09 . 2008-04-13 17:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-08-04 17:09 . 2008-04-13 17:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-08-04 17:09 . 2008-04-13 17:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-08-04 17:09 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-08-04 17:08 . 2008-04-13 17:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-04 17:08 . 2008-04-13 17:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-04 17:08 . 2008-04-13 17:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-08-04 17:08 . 2008-04-13 17:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-08-04 17:08 . 2008-04-13 17:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-08-04 17:08 . 2008-04-13 17:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-08-04 17:08 . 2008-04-13 10:27 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-08-04 17:08 . 2008-04-13 10:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-04 17:08 . 2008-04-13 11:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-08-04 17:08 . 2008-04-13 17:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-08-04 17:07 . 2008-04-13 17:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-04 17:07 . 2008-04-13 17:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-04 17:07 . 2008-04-13 17:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-04 17:07 . 2008-04-13 17:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-04 17:07 . 2008-04-13 17:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-04 17:06 . 2008-04-13 17:10 102,912 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-08-04 17:06 . 2008-04-13 17:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-04 17:06 . 2008-04-13 17:09 24,064 -----c--- C:\WINDOWS\system32\dllcache\pidgen.dll
2008-08-04 17:06 . 2008-04-13 17:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-08-04 17:06 . 2008-04-13 17:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-08-04 17:06 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-04 17:06 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-04 17:06 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-04 17:06 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-04 17:06 . 2007-06-20 22:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-08-04 17:04 . 2008-04-13 17:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-08-04 17:04 . 2008-04-13 17:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-04 17:04 . 2008-04-13 17:11 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-08-04 17:04 . 2008-04-13 17:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-07-31 15:32 . 2008-07-31 15:32 <DIR> d-------- C:\Deckard
2008-07-28 12:34 . 2008-07-28 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-28 11:54 . 2008-07-28 11:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-28 11:54 . 2008-07-28 11:56 <DIR> d-------- C:\Program Files\CCleaner
2008-07-28 11:38 . 2008-08-12 09:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-23 12:53 . 2008-07-23 12:53 <DIR> d-------- C:\Program Files\Bonjour
2008-07-21 20:15 . 2008-07-21 20:15 <DIR> d-------- C:\WINDOWS\Sun
2008-07-18 11:02 . 2008-07-18 11:02 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-15 19:11 . 2008-07-18 13:55 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-14 14:58 . 2008-08-05 06:45 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-14 14:52 . 2008-07-14 15:11 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-14 14:51 . 2008-07-14 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-13 09:05 . 2008-07-13 09:05 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-13 09:00 . 2008-07-13 09:37 <DIR> d-------- C:\SDFix
2008-07-12 13:05 . 2008-08-12 08:51 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-12 13:05 . 2008-07-12 13:05 <DIR> d-------- C:\Documents and Settings\l\Application Data\PC Tools
2008-07-12 13:05 . 2008-08-12 11:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 13:05 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-12 13:05 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-12 13:05 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-12 13:05 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 18:52 --------- d-----w C:\Program Files\Java
2008-07-27 19:01 --------- d-----w C:\Documents and Settings\l\Application Data\U3
2008-07-23 20:03 --------- d-----w C:\Documents and Settings\l\Application Data\Apple Computer
2008-07-22 17:46 --------- d-----w C:\Program Files\QuickTime
2008-07-12 20:18 --------- d-----w C:\Program Files\RegistryFix6
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-07-11 00:43 43,786 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-07-10 21:48 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-09 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-07-09 03:34 880,560 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys
2008-07-09 03:34 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys
2008-07-09 03:26 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-09 03:26 --------- d-----w C:\Program Files\CA
2008-07-09 02:23 --------- d-----w C:\Documents and Settings\l\Application Data\ErrorSmart
2008-07-04 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-04 01:01 --------- d-----w C:\Program Files\twc
2008-07-04 01:01 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-07-03 03:38 --------- d-----w C:\Program Files\Support.com
2008-07-03 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com
2008-06-27 03:32 274,432 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-06-26 01:36 --------- d-----w C:\Documents and Settings\l\Application Data\SpywareStop
2008-06-25 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 17:39 --------- d-----w C:\Documents and Settings\l\Application Data\LimeWire
2008-06-25 02:16 --------- d-----w C:\Documents and Settings\l\Application Data\W Photo Studio Viewer
2008-06-25 02:10 256,528 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
2008-06-25 02:10 117,264 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
2008-06-25 02:08 93,712 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
2008-06-25 02:08 88,816 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys
2008-06-25 02:08 66,576 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys
2008-06-25 02:08 63,504 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys
2008-06-25 02:08 45,584 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys
2008-06-25 02:08 134,648 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
2008-06-25 02:08 115,216 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 21:11 22,512 ----a-w C:\WINDOWS\system32\drivers\spywarestop.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.
<pre>
----a-w			39,792 2008-02-16 19:43:34  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w			65,536 2008-02-16 19:43:20  C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe
----a-w		   385,024 2008-02-16 19:43:32  C:\Program Files\QuickTime\qttask   .exe
----a-w		   744,960 2008-02-16 19:43:20  C:\Program Files\QuickTime\qttask  .exe
----a-w		   744,960 2002-02-03 22:34:19  C:\Program Files\QuickTime\qttask .exe
----a-w		   319,488 2008-02-16 19:43:32  C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon .exe
----a-w		   868,352 2008-02-16 19:43:26  C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:19 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-07-08 20:28 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:36 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-01 17:28 1193200]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-01 17:28 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-01 17:28 259312]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"medicsp2"=C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 19:08]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 19:08]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 19:08]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 19:08]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-08-05 06:45]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 19:08]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 19:08]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 11:54]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 19:10]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 19:08]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 21:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{062b5641-128e-11d6-83d4-00065be3442d}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-07-09 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as l at 8 27 PM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 21:10]

2008-07-09 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart\ErrorSmart.exe []

2008-07-09 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart []
.
- - - - ORPHANS REMOVED - - - -

Notify-ddccyab - ddccyab.dll
Notify-xxyxXNhg - xxyxXNhg.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\l\Application Data\Mozilla\Firefox\Profiles\wlu02eoq.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 11:45:37
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-12 12:07:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 19:05:14

Pre-Run: 18,006,986,752 bytes free
Post-Run: 17,970,032,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

283 --- E O F --- 2008-08-09 22:26:56


Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 3

1:29:57 PM 8/12/2008
mbam-log-8-12-2008 (13-29-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 76739
Time elapsed: 1 hour(s), 7 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{DA1585FC-C6BA-4E26-BBCC-F9EF25321C5E}\RP35\A0036756.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA1585FC-C6BA-4E26-BBCC-F9EF25321C5E}\RP35\A0036758.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\L1C5D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Attached Files


Edited by drex23, 22 August 2008 - 01:16 PM.


#4 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 17 August 2008 - 03:26 PM

I'm sorry for the delay here, I somehow either forgot to track this topic or cleaned it off my list by accident. I'll work something up as soon as I can. :thumbsup:

#5 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 18 August 2008 - 07:17 PM

Hi again, let's do this:

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quote box below into it:

RenV::
----a-w 39,792 2008-02-16 19:43:34 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 65,536 2008-02-16 19:43:20 C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe
----a-w 385,024 2008-02-16 19:43:32 C:\Program Files\QuickTime\qttask .exe
----a-w 744,960 2008-02-16 19:43:20 C:\Program Files\QuickTime\qttask .exe
----a-w 744,960 2002-02-03 22:34:19 C:\Program Files\QuickTime\qttask .exe
----a-w 319,488 2008-02-16 19:43:32 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon .exe
----a-w 868,352 2008-02-16 19:43:26 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post that in your next response.


Next


Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next response, please be sure to paste the results of both ComboFix and Kaspersky.

#6 lizmeredith

lizmeredith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:09:51 AM

Posted 20 August 2008 - 10:45 AM

Thanks so much for your help =) I did the combofix procedure and I posted the log below. I am trying to run Kaspersky but it takes an extremely long time and unfortunately my roomate closed the window before I could view the report. I will post it as soon as I can complete another scan...it's taking about 3 hours it seems.


ComboFix 08-08-18.04 - l 2008-08-19 9:49:32.3 - NTFSx86
Running from: C:\Documents and Settings\l\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\l\UserData
C:\Documents and Settings\l\UserData\index.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))
.

2008-08-13 19:42 . 2008-08-13 19:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-13 06:04 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 06:03 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 12:10 . 2008-08-12 12:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 12:10 . 2008-08-12 12:10 <DIR> d-------- C:\Documents and Settings\l\Application Data\Malwarebytes
2008-08-12 12:10 . 2008-08-12 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 12:10 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 12:10 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-11 20:20 . 2008-08-12 08:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-11 18:36 . 2008-08-11 18:36 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-08-08 17:51 . 2008-08-08 17:51 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-08 17:50 . 2008-08-08 17:50 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-08 17:50 . 2008-08-08 17:50 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-08 16:20 . 2008-08-08 16:20 <DIR> d-------- C:\WINDOWS\EHome
2008-08-06 00:40 . 2008-08-06 00:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-06 00:11 . 2008-08-06 00:11 <DIR> d-------- C:\Program Files\iTunes
2008-08-06 00:11 . 2008-08-06 00:11 <DIR> d-------- C:\Program Files\iPod
2008-08-04 17:10 . 2008-04-13 17:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-04 17:10 . 2008-04-13 17:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-04 17:10 . 2008-04-13 17:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-04 17:10 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-04 17:10 . 2008-04-13 17:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-08-04 17:10 . 2008-04-13 17:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-04 17:09 . 2008-04-13 17:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-04 17:09 . 2008-04-13 17:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-08-04 17:09 . 2008-04-13 17:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-08-04 17:09 . 2008-04-13 17:12 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-08-04 17:09 . 2008-04-13 17:12 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-08-04 17:09 . 2008-04-13 17:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-08-04 17:09 . 2008-04-13 17:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-08-04 17:09 . 2008-04-13 17:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-08-04 17:09 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-08-04 17:08 . 2008-04-13 17:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-04 17:08 . 2008-04-13 17:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-04 17:08 . 2008-04-13 17:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-08-04 17:08 . 2008-04-13 17:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-08-04 17:08 . 2008-04-13 17:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-08-04 17:08 . 2008-04-13 17:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-08-04 17:08 . 2008-04-13 10:27 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-08-04 17:08 . 2008-04-13 10:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-04 17:08 . 2008-04-13 11:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-08-04 17:08 . 2008-04-13 17:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-08-04 17:07 . 2008-04-13 17:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-04 17:07 . 2008-04-13 17:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-04 17:07 . 2008-04-13 17:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-04 17:07 . 2008-04-13 17:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-04 17:07 . 2008-04-13 17:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-04 17:06 . 2008-04-13 17:10 102,912 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-08-04 17:06 . 2008-04-13 17:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-04 17:06 . 2008-04-13 17:09 24,064 -----c--- C:\WINDOWS\system32\dllcache\pidgen.dll
2008-08-04 17:06 . 2008-04-13 17:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-08-04 17:06 . 2008-04-13 17:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-08-04 17:06 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-04 17:06 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-04 17:06 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-04 17:06 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-04 17:06 . 2007-06-20 22:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-08-04 17:04 . 2008-04-13 17:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-08-04 17:04 . 2008-04-13 17:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-04 17:04 . 2008-04-13 17:11 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-08-04 17:04 . 2008-04-13 17:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-07-31 15:32 . 2008-07-31 15:32 <DIR> d-------- C:\Deckard
2008-07-28 12:34 . 2008-07-28 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-28 11:54 . 2008-07-28 11:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-28 11:54 . 2008-07-28 11:56 <DIR> d-------- C:\Program Files\CCleaner
2008-07-28 11:38 . 2008-08-18 08:29 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-23 12:53 . 2008-07-23 12:53 <DIR> d-------- C:\Program Files\Bonjour
2008-07-21 20:15 . 2008-07-21 20:15 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 16:30 --------- d-----w C:\Program Files\QuickTime
2008-08-19 15:53 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-19 14:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-05 13:45 160,792 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-28 18:52 --------- d-----w C:\Program Files\Java
2008-07-27 19:01 --------- d-----w C:\Documents and Settings\l\Application Data\U3
2008-07-23 20:03 --------- d-----w C:\Documents and Settings\l\Application Data\Apple Computer
2008-07-14 22:11 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-07-14 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-12 20:18 --------- d-----w C:\Program Files\RegistryFix6
2008-07-12 20:05 --------- d-----w C:\Documents and Settings\l\Application Data\PC Tools
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-07-11 00:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-07-11 00:43 43,786 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-07-10 21:48 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-09 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-07-09 03:34 880,560 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys
2008-07-09 03:34 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys
2008-07-09 03:26 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-09 03:26 --------- d-----w C:\Program Files\CA
2008-07-09 02:23 --------- d-----w C:\Documents and Settings\l\Application Data\ErrorSmart
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-04 01:01 --------- d-----w C:\Program Files\twc
2008-07-04 01:01 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-07-03 03:38 --------- d-----w C:\Program Files\Support.com
2008-07-03 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com
2008-06-27 03:32 274,432 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-06-26 01:36 --------- d-----w C:\Documents and Settings\l\Application Data\SpywareStop
2008-06-25 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 17:39 --------- d-----w C:\Documents and Settings\l\Application Data\LimeWire
2008-06-25 02:16 --------- d-----w C:\Documents and Settings\l\Application Data\W Photo Studio Viewer
2008-06-25 02:10 256,528 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
2008-06-25 02:10 117,264 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
2008-06-25 02:08 93,712 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
2008-06-25 02:08 88,816 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys
2008-06-25 02:08 66,576 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys
2008-06-25 02:08 63,504 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys
2008-06-25 02:08 45,584 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys
2008-06-25 02:08 134,648 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
2008-06-25 02:08 115,216 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
<pre>
----a-w		   385,024 2008-02-16 19:43:32  C:\Program Files\QuickTime\qttask   .exe
----a-w		   385,024 2008-02-16 19:43:20  C:\Program Files\QuickTime\qttask  .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-08-12_11.53.49.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 02:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-24 05:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
+ 2007-05-31 20:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
- 2008-07-14 22:50:16 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-08-14 02:53:42 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-14 22:50:15 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-14 02:53:41 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-14 22:50:17 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-08-14 02:53:42 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-14 22:50:17 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-14 02:53:42 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-14 22:50:18 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-14 02:53:43 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-14 22:50:18 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-14 02:53:43 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-14 22:50:15 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-08-14 02:53:42 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-14 22:50:20 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-14 02:53:43 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-14 22:50:14 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-14 02:53:41 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-14 22:50:14 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-08-14 02:53:41 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:26:58 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
- 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-24 16:43:16 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-24 05:16:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 17:57:40 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-04-14 00:11:54 691,712 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-07-31 22:11:46 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-08-18 15:30:54 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-24 05:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 17:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-04-14 00:12:38 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:19 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-07-08 20:28 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:36 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-01 17:28 1193200]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-01 17:28 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-01 17:28 259312]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2002-02-03 15:34 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"medicsp2"=C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{062b5641-128e-11d6-83d4-00065be3442d}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-07-09 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as l at 8 27 PM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 21:10]

2008-07-09 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart\ErrorSmart.exe []

2008-07-09 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart []
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 07:44:06
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-19 8:03:40 - machine was rebooted [l]
ComboFix-quarantined-files.txt 2008-08-19 15:01:20
ComboFix2.txt 2008-08-12 19:08:09

Pre-Run: 18,455,363,584 bytes free
Post-Run: 18,460,995,584 bytes free

413 --- E O F --- 2008-08-14 02:56:12

Attached Files

  • Attached File  log.txt   30.17KB   25 downloads

Edited by drex23, 22 August 2008 - 01:17 PM.


#7 lizmeredith

lizmeredith
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:09:51 AM

Posted 20 August 2008 - 06:50 PM

Here's the result f the Kaspersky Scan


KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 20, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 20, 2008 14:03:41
Records in database: 1113861
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 38004
Threat name 5
Infected objects 5
Suspicious objects 0
Duration of the scan 02:03:16

File name Threat name Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\bdhvpopq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeqd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fbtyfscn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bxi 1
C:\WINDOWS\system32\L771E.tmp Infected: not-a-virus:AdWare.Win32.AdBand.q 1
C:\WINDOWS\system32\L771E.tmp Infected: not-a-virus:AdWare.Win32.Agent.bgv 1
C:\WINDOWS\system32\L771E.tmp Infected: not-a-virus:AdWare.Win32.Agent.aev 1
The selected area was scanned.

Attached Files


Edited by drex23, 22 August 2008 - 01:18 PM.


#8 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 22 August 2008 - 03:08 PM

Hi, just wanted to let you know I saw your post and am working on getting something for you.

#9 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 23 August 2008 - 03:03 PM

Hi again, looks like there's just a bit of cleaning up to do.

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

File::
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\WINDOWS\system32\L771E.tmp

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post that in your next response.

Please reboot after the CFScript has completed.

Then, try to use Flash Player again. If it still doesn't work, I would visit this page and follow the instructions there. Hopefully, since you should be clean it will work now.

#10 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:51 PM

Posted 01 September 2008 - 05:14 AM

Edit: The original poster has contacted me during my absence and informed me that their issues are now resolved. -drex23

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please send me a PM and I will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

Edited by drex23, 14 September 2008 - 01:35 PM.

If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users