Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 won't open


  • Please log in to reply
9 replies to this topic

#1 R_Osterlund

R_Osterlund

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 14 June 2009 - 07:04 PM

I've run spybot, ad-aware, stinger. iolo AV and still can't find the problem that is stopping IE from opening. All other programs open and run fine. I need help understanding the HJT log attached below. -Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:07 PM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
I:\WINDOWS\stsystra.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
I:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
I:\Program Files\HP\hpcoretech\hpcmpmgr.exe
I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
I:\WINDOWS\ehome\ehtray.exe
I:\Program Files\dvd43\dvd43_tray.exe
I:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
I:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
I:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\iolo\common\lib\ioloServiceManager.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\ehome\mcrdsvc.exe
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Windows Live\Mail\wlmail.exe
I:\Program Files\Windows Live\Contacts\wlcomm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RoxWatchTray] "I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [masqform.exe] I:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [ISUSScheduler] "I:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "I:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "I:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dvd43] I:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [DMXLauncher] "I:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "I:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [Ad-Watch] I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iolo Personal Firewall] "I:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.cab
O18 - Protocol: ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O18 - Protocol: x-ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - I:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - I:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - I:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

--
End of file - 10287 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 AM

Posted 15 June 2009 - 06:50 AM

Hello R_Osterlund,

Posted Image

How long have you had/used IE8 please?

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 R_Osterlund

R_Osterlund
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 16 June 2009 - 07:22 PM

I never got ie8 to run. I thought that was the problem so I uninstalled it and reinstalled ie7 (No Luck). Now I can't open the internet options icon in the control panel either. I ran MBAM and attached the log below. I also attached a new HJT Log.

Thanks for the help




Malwarebytes' Anti-Malware 1.37
Database version: 2285
Windows 5.1.2600 Service Pack 3

6/16/2009 5:15:19 AM
mbam-log-2009-06-16 (05-15-19).txt

Scan type: Full Scan (I:\|J:\|)
Objects scanned: 169761
Time elapsed: 30 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:50 PM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
I:\WINDOWS\stsystra.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
I:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
I:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
I:\Program Files\HP\hpcoretech\hpcmpmgr.exe
I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
I:\WINDOWS\ehome\ehtray.exe
I:\Program Files\dvd43\dvd43_tray.exe
I:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
I:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
I:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\iolo\common\lib\ioloServiceManager.exe
I:\Program Files\SEC\Natural Color Pro\NCProTray.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\ehome\mcrdsvc.exe
I:\WINDOWS\system32\wbem\unsecapp.exe
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\drwtsn32.exe
I:\WINDOWS\system32\drwtsn32.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RoxWatchTray] "I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [masqform.exe] I:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [ISUSScheduler] "I:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "I:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "I:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dvd43] I:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [DMXLauncher] "I:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "I:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [Ad-Watch] I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iolo Personal Firewall] "I:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.cab
O18 - Protocol: ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O18 - Protocol: x-ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - I:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - I:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - I:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

--
End of file - 10637 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 AM

Posted 17 June 2009 - 11:19 AM

Hello,

Okay then, I see you have Firefox. Don't worry about IE until we know your system is clean, then we'll see about getting IE all up to date. I'm curious now, though....are you able to do your Windows updates?

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 R_Osterlund

R_Osterlund
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 19 June 2009 - 11:19 PM

Tea

Automatic updates are working because my computer downloaded and reinstalled ie8 by itself. But, I can't go to the update website by clicking the link in my control panel. Attached below are the ComboFix and HJT logs.


ComboFix 09-06-18.02 - Ryan 06/19/2009 19:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1866 [GMT -7:00]
Running from: i:\documents and settings\Ryan\Desktop\ComboFix.exe
AV: iolo AntiVirusŪ *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal FirewallŪ *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-19 13:23 . 2009-06-19 13:26 -------- dc-h--w- i:\windows\ie8
2009-06-19 13:23 . 2009-06-19 13:23 -------- d-----w- i:\windows\LastGood
2009-06-18 11:47 . 2008-04-13 17:45 15104 -c--a-w- i:\windows\system32\dllcache\usbscan.sys
2009-06-18 11:47 . 2008-04-13 17:45 15104 ----a-w- i:\windows\system32\drivers\usbscan.sys
2009-06-18 11:47 . 2001-08-18 05:36 5632 ----a-w- i:\windows\system32\ptpusb.dll
2009-06-18 11:47 . 2008-04-13 23:12 159232 ----a-w- i:\windows\system32\ptpusd.dll
2009-06-17 03:27 . 2009-06-17 03:27 -------- d-----w- i:\program files\CCleaner
2009-06-16 06:10 . 2009-06-16 06:10 -------- d-sh--w- i:\documents and settings\LocalService\IETldCache
2009-06-16 04:16 . 2009-06-16 04:16 -------- d-----w- i:\documents and settings\Ryan\Application Data\Malwarebytes
2009-06-16 04:15 . 2009-05-26 20:20 40160 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 04:15 . 2009-06-16 04:15 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 04:15 . 2009-05-26 20:19 19096 ----a-w- i:\windows\system32\drivers\mbam.sys
2009-06-16 04:15 . 2009-06-16 04:16 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2009-06-16 03:54 . 2009-06-16 03:54 -------- d-----w- i:\documents and settings\Melissa\Local Settings\Application Data\Mozilla
2009-06-14 21:31 . 2009-06-14 21:31 -------- d-----w- i:\program files\Trend Micro
2009-06-14 21:23 . 2009-06-14 21:23 -------- d-sh--w- i:\windows\system32\config\systemprofile\IETldCache
2009-06-14 21:23 . 2009-06-14 18:56 15688 ----a-w- i:\windows\system32\lsdelete.exe
2009-06-14 18:57 . 2009-06-17 03:32 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-14 18:57 . 2009-06-14 19:01 -------- d-----w- i:\program files\Spybot - Search & Destroy
2009-06-14 18:54 . 2009-06-14 18:54 -------- dc-h--w- i:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 18:54 . 2009-03-12 08:17 2902048 -c--a-w- i:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-14 18:54 . 2009-06-14 18:54 -------- d-----w- i:\program files\Lavasoft
2009-06-14 18:54 . 2009-06-14 18:54 -------- d-----w- i:\documents and settings\All Users\Application Data\Lavasoft
2009-06-14 18:53 . 2009-06-14 18:53 0 ----a-w- i:\windows\nsreg.dat
2009-06-14 18:53 . 2009-06-14 18:53 -------- d-----w- i:\documents and settings\Ryan\Local Settings\Application Data\Mozilla
2009-06-12 12:28 . 2009-04-30 21:22 12800 -c----w- i:\windows\system32\dllcache\xpshims.dll
2009-06-12 12:28 . 2009-04-30 21:22 246272 -c----w- i:\windows\system32\dllcache\ieproxy.dll
2009-06-09 12:11 . 2009-06-09 12:11 -------- d-sh--w- i:\documents and settings\Quincy\IETldCache
2009-06-08 03:27 . 2009-06-08 03:27 -------- d-sh--w- i:\documents and settings\Melissa\IECompatCache
2009-06-08 03:27 . 2009-06-08 03:27 -------- d-sh--w- i:\documents and settings\Melissa\PrivacIE
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-----w- i:\documents and settings\Melissa\Application Data\MSN6
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-----w- i:\documents and settings\Melissa\Application Data\MSNInstaller
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-sh--w- i:\documents and settings\Melissa\IETldCache
2009-06-05 04:31 . 2009-06-05 04:31 -------- d-----w- i:\documents and settings\Ryan\Local Settings\Application Data\PCHealth
2009-06-05 02:41 . 2009-06-14 19:06 -------- d-----w- i:\documents and settings\Ryan\Tracing
2009-06-05 02:35 . 2009-06-14 18:56 -------- dc----w- i:\windows\system32\DRVSTORE
2009-06-05 02:35 . 2009-02-07 01:08 55152 ----a-w- i:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-05 02:34 . 2009-06-05 02:34 -------- d-----w- i:\program files\Microsoft Sync Framework
2009-06-05 02:29 . 2009-06-05 02:29 -------- d-----w- i:\documents and settings\Ryan\Application Data\MSNInstaller
2009-06-05 02:24 . 2009-06-14 18:28 -------- d-----w- i:\documents and settings\Ryan\Application Data\MSN6
2009-06-05 02:24 . 2009-06-05 02:24 -------- d-----w- i:\documents and settings\All Users\Application Data\MSN6
2009-06-05 01:41 . 2009-06-05 01:41 -------- d-sh--w- i:\documents and settings\Ryan\IECompatCache
2009-06-05 00:54 . 2009-06-05 00:54 -------- d-----w- i:\documents and settings\NetworkService\Application Data\iolo
2009-06-05 00:08 . 2009-05-12 05:11 102912 -c----w- i:\windows\system32\dllcache\iecompat.dll
2009-06-02 12:50 . 2009-06-02 12:50 -------- d-----w- i:\windows\system32\wbem\Repository
2009-06-01 11:50 . 2009-06-01 11:50 -------- d-sh--w- i:\documents and settings\NetworkService\IETldCache
2009-06-01 11:50 . 2009-06-01 11:50 -------- d-sh--w- i:\documents and settings\Ryan\IETldCache
2009-05-31 22:31 . 2009-06-19 13:26 -------- d-----w- i:\windows\ie8updates
2009-05-30 04:42 . 2009-05-30 04:42 -------- d-----w- i:\documents and settings\Quincy\Application Data\Roxio
2009-05-30 04:42 . 2009-06-09 12:11 -------- d-----w- i:\documents and settings\Quincy\Application Data\PureEdge

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 22:25 . 2009-04-30 15:45 9618 ----a-w- i:\documents and settings\All Users\Application Data\DVDXStudio\CloneDVD4\MainApp.dll
2009-06-13 10:05 . 2009-03-29 22:38 -------- d-----w- i:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-05 12:31 . 2009-03-29 20:19 86240 ----a-w- i:\documents and settings\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 05:28 . 2009-04-13 19:52 1521 ----a-w- i:\documents and settings\Ryan\Application Data\iolo\restore.bat
2009-06-05 03:41 . 2009-03-29 22:41 -------- d-----w- i:\program files\Microsoft Works
2009-06-05 03:38 . 2009-03-29 20:34 -------- d-----w- i:\documents and settings\Ryan\Application Data\iolo
2009-06-05 03:38 . 2009-03-29 20:34 -------- d-----w- i:\documents and settings\All Users\Application Data\iolo
2009-06-05 02:35 . 2009-04-13 17:59 -------- d-----w- i:\program files\Windows Live
2009-05-30 04:42 . 2009-03-31 17:53 86240 ----a-w- i:\documents and settings\Quincy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 22:54 . 2009-03-29 21:10 940896 ----a-w- i:\windows\system32\Incinerator.dll
2009-05-21 02:44 . 2009-04-21 04:21 86240 ----a-w- i:\documents and settings\Melissa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 20:38 . 2009-05-17 20:38 622 ----a-w- i:\windows\eReg.dat
2009-05-17 20:30 . 2009-05-17 20:30 -------- d-----w- i:\program files\EA Games
2009-05-13 05:15 . 2009-06-19 13:26 915456 ------w- i:\windows\system32\SETE2.tmp
2009-05-13 05:15 . 2009-06-19 13:26 5936128 ------w- i:\windows\system32\SETE4.tmp
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- i:\windows\system32\localspl.dll
2009-04-30 21:22 . 2009-06-19 13:26 1985024 ------w- i:\windows\system32\SETE7.tmp
2009-04-30 21:22 . 2009-06-19 13:26 25600 ------w- i:\windows\system32\SETE5.tmp
2009-04-30 21:22 . 2009-06-19 13:26 1207808 ------w- i:\windows\system32\SETE3.tmp
2009-04-30 21:22 . 2009-06-19 13:26 11064832 ------w- i:\windows\system32\SETE8.tmp
2009-04-30 16:47 . 2009-04-08 19:55 -------- d-----w- i:\documents and settings\Ryan\Application Data\Roxio
2009-04-30 16:21 . 2009-03-30 18:04 -------- d-----w- i:\program files\Roxio
2009-04-30 15:45 . 2009-04-30 15:45 -------- d-----w- i:\documents and settings\Ryan\Application Data\Vso
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\windows\system32\drivers\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\documents and settings\Ryan\Application Data\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\documents and settings\Ryan\Application Data\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:44 -------- d-----w- i:\program files\CloneDVD
2009-04-30 15:44 . 2009-04-30 15:44 -------- d-----w- i:\documents and settings\All Users\Application Data\DVDXStudio
2009-04-29 04:56 . 2006-03-04 03:33 827392 ------w- i:\windows\system32\wininet.dll
2009-04-21 20:29 . 2009-04-21 20:29 -------- d-----w- i:\program files\HP
2009-04-21 20:29 . 2009-04-21 20:29 -------- d-----w- i:\program files\Hewlett-Packard
2009-04-21 04:21 . 2009-04-21 04:21 -------- d-----w- i:\documents and settings\Melissa\Application Data\iolo
2009-04-21 04:21 . 2009-04-21 04:21 -------- d-----w- i:\documents and settings\Melissa\Application Data\PureEdge
2009-04-21 04:21 . 2009-04-21 04:21 -------- d-----w- i:\documents and settings\Melissa\Application Data\Roxio
2009-04-21 04:21 . 2009-04-21 04:21 -------- d-----w- i:\documents and settings\Melissa\Application Data\ATI
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- i:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- i:\windows\system32\rpcrt4.dll
2009-04-08 19:44 . 2009-04-08 19:44 18816 ----a-w- i:\windows\system32\drivers\dvd43llh.sys
2009-04-08 19:20 . 2009-04-08 19:20 10134 ----a-r- i:\documents and settings\Ryan\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-03-30 19:20 . 2009-03-30 19:20 0 ----a-w- i:\windows\ativpsrm.bin
2009-03-29 21:57 . 2009-03-29 19:45 87747 ----a-w- i:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 20:28 . 2009-03-29 20:28 664 ----a-w- i:\windows\system32\d3d9caps.dat
2009-03-29 19:55 . 2009-03-29 19:55 127 ----a-w- i:\documents and settings\Ryan\Local Settings\Application Data\fusioncache.dat
2009-03-29 19:42 . 2009-03-29 19:42 21640 ----a-w- i:\windows\system32\emptyregdb.dat
2009-03-27 00:44 . 2009-03-29 21:05 45070641 ----a-w- i:\documents and settings\Ryan\Application Data\iolo\Installers\SystemMechanicPro.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="i:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="i:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"RoxWatchTray"="i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"masqform.exe"="i:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"ISUSScheduler"="i:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HPDJ Taskbar Utility"="i:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"HP Software Update"="i:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="i:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"GrooveMonitor"="i:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ehTray"="i:\windows\ehome\ehtray.exe" [2005-08-05 64512]


--------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:52 PM, on 6/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\iolo\common\lib\ioloServiceManager.exe
I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
I:\WINDOWS\stsystra.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
I:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
I:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
I:\Program Files\HP\hpcoretech\hpcmpmgr.exe
I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
I:\WINDOWS\ehome\ehtray.exe
I:\Program Files\dvd43\dvd43_tray.exe
I:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
I:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
I:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\SEC\Natural Color Pro\NCProTray.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\ehome\mcrdsvc.exe
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\system32\wbem\unsecapp.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
I:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
I:\WINDOWS\system32\wupdmgr.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RoxWatchTray] "I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [masqform.exe] I:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [ISUSScheduler] "I:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "I:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "I:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dvd43] I:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [DMXLauncher] "I:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "I:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [Ad-Watch] I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iolo Personal Firewall] "I:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.cab
O18 - Protocol: ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O18 - Protocol: x-ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - I:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - I:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - I:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

--
End of file - 10556 bytes


Thanks for all the help -R

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 AM

Posted 20 June 2009 - 10:30 AM

Hello,

You're welcome. :)

The ComboFix log got cut off......could you please post the entire log for me? :thumbup2:

Thank you!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 R_Osterlund

R_Osterlund
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 21 June 2009 - 04:20 PM

ComboFix 09-06-18.02 - Ryan 06/19/2009 19:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1866 [GMT -7:00]
Running from: i:\documents and settings\Ryan\Desktop\ComboFix.exe
AV: iolo AntiVirusŪ *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal FirewallŪ *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-19 13:23 . 2009-06-19 13:26 -------- dc-h--w- i:\windows\ie8
2009-06-19 13:23 . 2009-06-19 13:23 -------- d-----w- i:\windows\LastGood
2009-06-18 11:47 . 2008-04-13 17:45 15104 -c--a-w- i:\windows\system32\dllcache\usbscan.sys
2009-06-18 11:47 . 2008-04-13 17:45 15104 ----a-w- i:\windows\system32\drivers\usbscan.sys
2009-06-18 11:47 . 2001-08-18 05:36 5632 ----a-w- i:\windows\system32\ptpusb.dll
2009-06-18 11:47 . 2008-04-13 23:12 159232 ----a-w- i:\windows\system32\ptpusd.dll
2009-06-17 03:27 . 2009-06-17 03:27 -------- d-----w- i:\program files\CCleaner
2009-06-16 06:10 . 2009-06-16 06:10 -------- d-sh--w- i:\documents and settings\LocalService\IETldCache
2009-06-16 04:16 . 2009-06-16 04:16 -------- d-----w- i:\documents and settings\Ryan\Application Data\Malwarebytes
2009-06-16 04:15 . 2009-05-26 20:20 40160 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 04:15 . 2009-06-16 04:15 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 04:15 . 2009-05-26 20:19 19096 ----a-w- i:\windows\system32\drivers\mbam.sys
2009-06-16 04:15 . 2009-06-16 04:16 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2009-06-16 03:54 . 2009-06-16 03:54 -------- d-----w- i:\documents and settings\Melissa\Local Settings\Application Data\Mozilla
2009-06-14 21:31 . 2009-06-14 21:31 -------- d-----w- i:\program files\Trend Micro
2009-06-14 21:23 . 2009-06-14 21:23 -------- d-sh--w- i:\windows\system32\config\systemprofile\IETldCache
2009-06-14 21:23 . 2009-06-14 18:56 15688 ----a-w- i:\windows\system32\lsdelete.exe
2009-06-14 18:57 . 2009-06-17 03:32 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-14 18:57 . 2009-06-14 19:01 -------- d-----w- i:\program files\Spybot - Search & Destroy
2009-06-14 18:54 . 2009-06-14 18:54 -------- dc-h--w- i:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 18:54 . 2009-03-12 08:17 2902048 -c--a-w- i:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-14 18:54 . 2009-06-14 18:54 -------- d-----w- i:\program files\Lavasoft
2009-06-14 18:54 . 2009-06-14 18:54 -------- d-----w- i:\documents and settings\All Users\Application Data\Lavasoft
2009-06-14 18:53 . 2009-06-14 18:53 0 ----a-w- i:\windows\nsreg.dat
2009-06-14 18:53 . 2009-06-14 18:53 -------- d-----w- i:\documents and settings\Ryan\Local Settings\Application Data\Mozilla
2009-06-12 12:28 . 2009-04-30 21:22 12800 -c----w- i:\windows\system32\dllcache\xpshims.dll
2009-06-12 12:28 . 2009-04-30 21:22 246272 -c----w- i:\windows\system32\dllcache\ieproxy.dll
2009-06-09 12:11 . 2009-06-09 12:11 -------- d-sh--w- i:\documents and settings\Quincy\IETldCache
2009-06-08 03:27 . 2009-06-08 03:27 -------- d-sh--w- i:\documents and settings\Melissa\IECompatCache
2009-06-08 03:27 . 2009-06-08 03:27 -------- d-sh--w- i:\documents and settings\Melissa\PrivacIE
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-----w- i:\documents and settings\Melissa\Application Data\MSN6
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-----w- i:\documents and settings\Melissa\Application Data\MSNInstaller
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-sh--w- i:\documents and settings\Melissa\IETldCache
2009-06-05 04:31 . 2009-06-05 04:31 -------- d-----w- i:\documents and settings\Ryan\Local Settings\Application Data\PCHealth
2009-06-05 02:41 . 2009-06-14 19:06 -------- d-----w- i:\documents and settings\Ryan\Tracing
2009-06-05 02:35 . 2009-06-14 18:56 -------- dc----w- i:\windows\system32\DRVSTORE
2009-06-05 02:35 . 2009-02-07 01:08 55152 ----a-w- i:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-05 02:34 . 2009-06-05 02:34 -------- d-----w- i:\program files\Microsoft Sync Framework
2009-06-05 02:29 . 2009-06-05 02:29 -------- d-----w- i:\documents and settings\Ryan\Application Data\MSNInstaller
2009-06-05 02:24 . 2009-06-14 18:28 -------- d-----w- i:\documents and settings\Ryan\Application Data\MSN6
2009-06-05 02:24 . 2009-06-05 02:24 -------- d-----w- i:\documents and settings\All Users\Application Data\MSN6
2009-06-05 01:41 . 2009-06-05 01:41 -------- d-sh--w- i:\documents and settings\Ryan\IECompatCache
2009-06-05 00:54 . 2009-06-05 00:54 -------- d-----w- i:\documents and settings\NetworkService\Application Data\iolo
2009-06-05 00:08 . 2009-05-12 05:11 102912 -c----w- i:\windows\system32\dllcache\iecompat.dll
2009-06-02 12:50 . 2009-06-02 12:50 -------- d-----w- i:\windows\system32\wbem\Repository
2009-06-01 11:50 . 2009-06-01 11:50 -------- d-sh--w- i:\documents and settings\NetworkService\IETldCache
2009-06-01 11:50 . 2009-06-01 11:50 -------- d-sh--w- i:\documents and settings\Ryan\IETldCache
2009-05-31 22:31 . 2009-06-19 13:26 -------- d-----w- i:\windows\ie8updates
2009-05-30 04:42 . 2009-05-30 04:42 -------- d-----w- i:\documents and settings\Quincy\Application Data\Roxio
2009-05-30 04:42 . 2009-06-09 12:11 -------- d-----w- i:\documents and settings\Quincy\Application Data\PureEdge

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 22:25 . 2009-04-30 15:45 9618 ----a-w- i:\documents and settings\All Users\Application Data\DVDXStudio\CloneDVD4\MainApp.dll
2009-06-13 10:05 . 2009-03-29 22:38 -------- d-----w- i:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-05 12:31 . 2009-03-29 20:19 86240 ----a-w- i:\documents and settings\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 05:28 . 2009-04-13 19:52 1521 ----a-w- i:\documents and settings\Ryan\Application Data\iolo\restore.bat
2009-06-05 03:41 . 2009-03-29 22:41 -------- d-----w- i:\program files\Microsoft Works
2009-06-05 03:38 . 2009-03-29 20:34 -------- d-----w- i:\documents and settings\Ryan\Application Data\iolo
2009-06-05 03:38 . 2009-03-29 20:34 -------- d-----w- i:\documents and settings\All Users\Application Data\iolo
2009-06-05 02:35 . 2009-04-13 17:59 -------- d-----w- i:\program files\Windows Live
2009-05-30 04:42 . 2009-03-31 17:53 86240 ----a-w- i:\documents and settings\Quincy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 22:54 . 2009-03-29 21:10 940896 ----a-w- i:\windows\system32\Incinerator.dll
2009-05-21 02:44 . 2009-04-21 04:21 86240 ----a-w- i:\documents and settings\Melissa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 20:38 . 2009-05-17 20:38 622 ----a-w- i:\windows\eReg.dat
2009-05-17 20:30 . 2009-05-17 20:30 -------- d-----w- i:\program files\EA Games
2009-05-13 05:15 . 2009-06-19 13:26 915456 ------w- i:\windows\system32\SETE2.tmp
2009-05-13 05:15 . 2009-06-19 13:26 5936128 ------w- i:\windows\system32\SETE4.tmp
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- i:\windows\system32\localspl.dll
2009-04-30 21:22 . 2009-06-19 13:26 1985024 ------w- i:\windows\system32\SETE7.tmp
2009-04-30 21:22 . 2009-06-19 13:26 25600 ------w- i:\windows\system32\SETE5.tmp
2009-04-30 21:22 . 2009-06-19 13:26 1207808 ------w- i:\windows\system32\SETE3.tmp
2009-04-30 21:22 . 2009-06-19 13:26 11064832 ------w- i:\windows\system32\SETE8.tmp
2009-04-30 16:47 . 2009-04-08 19:55 -------- d-----w- i:\documents and settings\Ryan\Application Data\Roxio
2009-04-30 16:21 . 2009-03-30 18:04 -------- d-----w- i:\program files\Roxio
2009-04-30 15:45 . 2009-04-30 15:45 -------- d-----w- i:\documents and settings\Ryan\Application Data\Vso
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\windows\system32\drivers\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\documents and settings\Ryan\Application Data\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\documents and settings\Ryan\Application Data\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:44 -------- d-----w- i:\program files\CloneDVD
2009-04-30 15:44 . 2009-04-30 15:44 -------- d-----w- i:\documents and settings\All Users\Application Data\DVDXStudio
2009-04-29 04:56 . 2006-03-04 03:33 827392 ------w- i:\windows\system32\wininet.dll
2009-04-21 20:29 . 2009-04-21 20:29 -------- d-----w- i:\program files\HP
2009-04-21 20:29 . 2009-04-21 20:29 -------- d-----w- i:\program files\Hewlett-Packard
2009-04-21 04:21 . 2009-04-21 04:21 -------- d-----w- i:\documents and settings\Melissa\Application Data\iolo
2009-04-21 04:21 . 2009-04-21 04:21 -------- d-----w- i:\documents and settings\Melissa\Application Data\PureEdge
2009-04-21 04:21 . 2009-04-21 04:21 -------- d-----w- i:\documents and settings\Melissa\Application Data\Roxio
2009-04-21 04:21 . 2009-04-21 04:21 -------- d-----w- i:\documents and settings\Melissa\Application Data\ATI
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- i:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- i:\windows\system32\rpcrt4.dll
2009-04-08 19:44 . 2009-04-08 19:44 18816 ----a-w- i:\windows\system32\drivers\dvd43llh.sys
2009-04-08 19:20 . 2009-04-08 19:20 10134 ----a-r- i:\documents and settings\Ryan\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-03-30 19:20 . 2009-03-30 19:20 0 ----a-w- i:\windows\ativpsrm.bin
2009-03-29 21:57 . 2009-03-29 19:45 87747 ----a-w- i:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 20:28 . 2009-03-29 20:28 664 ----a-w- i:\windows\system32\d3d9caps.dat
2009-03-29 19:55 . 2009-03-29 19:55 127 ----a-w- i:\documents and settings\Ryan\Local Settings\Application Data\fusioncache.dat
2009-03-29 19:42 . 2009-03-29 19:42 21640 ----a-w- i:\windows\system32\emptyregdb.dat
2009-03-27 00:44 . 2009-03-29 21:05 45070641 ----a-w- i:\documents and settings\Ryan\Application Data\iolo\Installers\SystemMechanicPro.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="i:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="i:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"RoxWatchTray"="i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"masqform.exe"="i:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"ISUSScheduler"="i:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HPDJ Taskbar Utility"="i:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"HP Software Update"="i:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="i:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"GrooveMonitor"="i:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ehTray"="i:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dvd43"="i:\program files\dvd43\dvd43_tray.exe" [2008-11-18 827904]
"DMXLauncher"="i:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"ATIPTA"="i:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"iolo AntiVirus"="i:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
"Ad-Watch"="i:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-14 518488]
"iolo Personal Firewall"="i:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2009-05-13 1322848]
"SigmatelSysTrayApp"="stsystra.exe" - i:\windows\stsystra.exe [2005-03-23 339968]

i:\documents and settings\All Users\Start Menu\Programs\Startup\
NCProTray.lnk - i:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-3-31 49220]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"i:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"i:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"i:\\Program Files\\Messenger\\msmsgs.exe"=
"i:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"i:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"i:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"i:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [6/14/2009 11:56 AM 64160]
R0 XPacket;iolo Personal Firewall Driver;i:\windows\system32\xpacket.sys [3/29/2009 2:09 PM 39424]
R2 fssfltr;FssFltr;i:\windows\system32\drivers\fssfltr_tdi.sys [6/4/2009 7:35 PM 55152]
R2 ioloFileInfoList;iolo FileInfoList Service;i:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/29/2009 2:10 PM 600944]
R2 ioloSystemService;iolo System Service;i:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/29/2009 2:10 PM 600944]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
R3 PAC7302;PAC7302 VGA USB Camera;i:\windows\system32\drivers\PAC7302.SYS [4/19/2009 10:50 AM 457856]
R3 RoxMediaDB10;RoxMediaDB10;i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;i:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S2 SessionLauncher;SessionLauncher; [x]
S2 spupdsvc;Windows Service Pack Installer update service;i:\windows\system32\spupdsvc.exe [3/29/2009 12:58 PM 26144]
S3 fsssvc;Windows Live Family Safety;i:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;i:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"i:\windows\system32\rundll32.exe" "i:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-14 i:\windows\Tasks\Ad-Aware Update (Weekly).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:56]

2009-06-18 i:\windows\Tasks\GlaryInitialize.job
- i:\program files\Glary Utilities\initialize.exe [2009-04-08 16:49]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: i:\windows\system32\iavlsp.dll
LSP: i:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath -
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 19:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


i:\docume~1\Ryan\LOCALS~1\Temp\RGI10B.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
i:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(820)
i:\windows\system32\iavlsp.dll
i:\program files\iolo\Common\Firewall\iFW_Xfilter.dll

- - - - - - - > 'explorer.exe'(588)
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-20 19:15
ComboFix-quarantined-files.txt 2009-06-20 02:15
ComboFix2.txt 2009-06-19 13:34

Pre-Run: 618,479,050,752 bytes free
Post-Run: 618,466,476,032 bytes free

220 --- E O F --- 2009-06-19 13:26


Sorry I thought I got it all...

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 AM

Posted 21 June 2009 - 04:53 PM

Hello,

Not a problem. :thumbup2:

Please be sure that TeaTimer and AdWatch are both disabled before you run this.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
i:\docume~1\Ryan\LOCALS~1\Temp\RGI10B.tmp


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 R_Osterlund

R_Osterlund
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 21 June 2009 - 09:08 PM

Here ya go... :thumbup2:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:29 PM, on 6/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
I:\WINDOWS\stsystra.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
I:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
I:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
I:\Program Files\HP\hpcoretech\hpcmpmgr.exe
I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
I:\WINDOWS\ehome\ehtray.exe
I:\Program Files\dvd43\dvd43_tray.exe
I:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
I:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
I:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\SEC\Natural Color Pro\NCProTray.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\iolo\common\lib\ioloServiceManager.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\ehome\mcrdsvc.exe
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RoxWatchTray] "I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [masqform.exe] I:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [ISUSScheduler] "I:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "I:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "I:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dvd43] I:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [DMXLauncher] "I:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "I:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [Ad-Watch] I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iolo Personal Firewall] "I:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\iavlsp.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.cab
O18 - Protocol: ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O18 - Protocol: x-ebahn - {8D32BA61-D15B-11D4-894B-000000000000} - I:\Program Files\eBahn\hsppp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - I:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - I:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - I:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - I:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

--
End of file - 10214 bytes


---------------------------------------------------------------------------------------------------------------------

ComboFix 09-06-20.04 - Ryan 06/21/2009 18:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1991 [GMT -7:00]
Running from: i:\documents and settings\Ryan\Desktop\ComboFix.exe
Command switches used :: i:\documents and settings\Ryan\Desktop\CFScript.txt
AV: iolo AntiVirusŪ *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal FirewallŪ *disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

FILE ::
"i:\docume~1\Ryan\LOCALS~1\Temp\RGI10B.tmp"
.

((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-19 13:23 . 2009-06-19 13:26 -------- dc-h--w- i:\windows\ie8
2009-06-18 11:47 . 2008-04-13 17:45 15104 -c--a-w- i:\windows\system32\dllcache\usbscan.sys
2009-06-18 11:47 . 2008-04-13 17:45 15104 ----a-w- i:\windows\system32\drivers\usbscan.sys
2009-06-18 11:47 . 2001-08-18 05:36 5632 ----a-w- i:\windows\system32\ptpusb.dll
2009-06-18 11:47 . 2008-04-13 23:12 159232 ----a-w- i:\windows\system32\ptpusd.dll
2009-06-17 03:27 . 2009-06-17 03:27 -------- d-----w- i:\program files\CCleaner
2009-06-16 06:10 . 2009-06-16 06:10 -------- d-sh--w- i:\documents and settings\LocalService\IETldCache
2009-06-16 04:16 . 2009-06-16 04:16 -------- d-----w- i:\documents and settings\Ryan\Application Data\Malwarebytes
2009-06-16 04:15 . 2009-05-26 20:20 40160 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 04:15 . 2009-06-16 04:15 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 04:15 . 2009-05-26 20:19 19096 ----a-w- i:\windows\system32\drivers\mbam.sys
2009-06-16 04:15 . 2009-06-16 04:16 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2009-06-16 03:54 . 2009-06-16 03:54 -------- d-----w- i:\documents and settings\Melissa\Local Settings\Application Data\Mozilla
2009-06-14 21:31 . 2009-06-14 21:31 -------- d-----w- i:\program files\Trend Micro
2009-06-14 21:23 . 2009-06-14 21:23 -------- d-sh--w- i:\windows\system32\config\systemprofile\IETldCache
2009-06-14 21:23 . 2009-06-14 18:56 15688 ----a-w- i:\windows\system32\lsdelete.exe
2009-06-14 18:57 . 2009-06-22 00:09 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-14 18:57 . 2009-06-14 19:01 -------- d-----w- i:\program files\Spybot - Search & Destroy
2009-06-14 18:54 . 2009-06-14 18:54 -------- dc-h--w- i:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 18:54 . 2009-03-12 08:17 2902048 -c--a-w- i:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-14 18:54 . 2009-06-14 18:54 -------- d-----w- i:\program files\Lavasoft
2009-06-14 18:54 . 2009-06-14 18:54 -------- d-----w- i:\documents and settings\All Users\Application Data\Lavasoft
2009-06-14 18:53 . 2009-06-14 18:53 0 ----a-w- i:\windows\nsreg.dat
2009-06-14 18:53 . 2009-06-14 18:53 -------- d-----w- i:\documents and settings\Ryan\Local Settings\Application Data\Mozilla
2009-06-12 12:28 . 2009-04-30 21:22 12800 -c----w- i:\windows\system32\dllcache\xpshims.dll
2009-06-12 12:28 . 2009-04-30 21:22 246272 -c----w- i:\windows\system32\dllcache\ieproxy.dll
2009-06-09 12:11 . 2009-06-09 12:11 -------- d-sh--w- i:\documents and settings\Quincy\IETldCache
2009-06-08 03:27 . 2009-06-08 03:27 -------- d-sh--w- i:\documents and settings\Melissa\IECompatCache
2009-06-08 03:27 . 2009-06-08 03:27 -------- d-sh--w- i:\documents and settings\Melissa\PrivacIE
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-----w- i:\documents and settings\Melissa\Application Data\MSN6
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-----w- i:\documents and settings\Melissa\Application Data\MSNInstaller
2009-06-08 03:24 . 2009-06-08 03:24 -------- d-sh--w- i:\documents and settings\Melissa\IETldCache
2009-06-05 04:31 . 2009-06-05 04:31 -------- d-----w- i:\documents and settings\Ryan\Local Settings\Application Data\PCHealth
2009-06-05 02:41 . 2009-06-14 19:06 -------- d-----w- i:\documents and settings\Ryan\Tracing
2009-06-05 02:35 . 2009-06-14 18:56 -------- dc----w- i:\windows\system32\DRVSTORE
2009-06-05 02:35 . 2009-02-07 01:08 55152 ----a-w- i:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-05 02:34 . 2009-06-05 02:34 -------- d-----w- i:\program files\Microsoft Sync Framework
2009-06-05 02:29 . 2009-06-05 02:29 -------- d-----w- i:\documents and settings\Ryan\Application Data\MSNInstaller
2009-06-05 02:24 . 2009-06-14 18:28 -------- d-----w- i:\documents and settings\Ryan\Application Data\MSN6
2009-06-05 02:24 . 2009-06-05 02:24 -------- d-----w- i:\documents and settings\All Users\Application Data\MSN6
2009-06-05 01:41 . 2009-06-05 01:41 -------- d-sh--w- i:\documents and settings\Ryan\IECompatCache
2009-06-05 00:54 . 2009-06-05 00:54 -------- d-----w- i:\documents and settings\NetworkService\Application Data\iolo
2009-06-05 00:08 . 2009-05-12 05:11 102912 -c----w- i:\windows\system32\dllcache\iecompat.dll
2009-06-02 12:50 . 2009-06-02 12:50 -------- d-----w- i:\windows\system32\wbem\Repository
2009-06-01 11:50 . 2009-06-01 11:50 -------- d-sh--w- i:\documents and settings\NetworkService\IETldCache
2009-06-01 11:50 . 2009-06-01 11:50 -------- d-sh--w- i:\documents and settings\Ryan\IETldCache
2009-05-31 22:31 . 2009-06-19 13:26 -------- d-----w- i:\windows\ie8updates
2009-05-30 04:42 . 2009-05-30 04:42 -------- d-----w- i:\documents and settings\Quincy\Application Data\Roxio
2009-05-30 04:42 . 2009-06-09 12:11 -------- d-----w- i:\documents and settings\Quincy\Application Data\PureEdge

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 21:51 . 2009-04-08 19:55 -------- d-----w- i:\documents and settings\Ryan\Application Data\Roxio
2009-06-14 22:25 . 2009-04-30 15:45 9618 ----a-w- i:\documents and settings\All Users\Application Data\DVDXStudio\CloneDVD4\MainApp.dll
2009-06-13 10:05 . 2009-03-29 22:38 -------- d-----w- i:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-05 12:31 . 2009-03-29 20:19 86240 ----a-w- i:\documents and settings\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 05:28 . 2009-04-13 19:52 1521 ----a-w- i:\documents and settings\Ryan\Application Data\iolo\restore.bat
2009-06-05 03:41 . 2009-03-29 22:41 -------- d-----w- i:\program files\Microsoft Works
2009-06-05 03:38 . 2009-03-29 20:34 -------- d-----w- i:\documents and settings\Ryan\Application Data\iolo
2009-06-05 03:38 . 2009-03-29 20:34 -------- d-----w- i:\documents and settings\All Users\Application Data\iolo
2009-06-05 02:35 . 2009-04-13 17:59 -------- d-----w- i:\program files\Windows Live
2009-05-30 04:42 . 2009-03-31 17:53 86240 ----a-w- i:\documents and settings\Quincy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 22:54 . 2009-03-29 21:10 940896 ----a-w- i:\windows\system32\Incinerator.dll
2009-05-21 02:44 . 2009-04-21 04:21 86240 ----a-w- i:\documents and settings\Melissa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 20:38 . 2009-05-17 20:38 622 ----a-w- i:\windows\eReg.dat
2009-05-17 20:30 . 2009-05-17 20:30 -------- d-----w- i:\program files\EA Games
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- i:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- i:\windows\system32\localspl.dll
2009-04-30 16:21 . 2009-03-30 18:04 -------- d-----w- i:\program files\Roxio
2009-04-30 15:45 . 2009-04-30 15:45 -------- d-----w- i:\documents and settings\Ryan\Application Data\Vso
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\windows\system32\drivers\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\documents and settings\Ryan\Application Data\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:45 47360 ----a-w- i:\documents and settings\Ryan\Application Data\pcouffin.sys
2009-04-30 15:45 . 2009-04-30 15:44 -------- d-----w- i:\program files\CloneDVD
2009-04-30 15:44 . 2009-04-30 15:44 -------- d-----w- i:\documents and settings\All Users\Application Data\DVDXStudio
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- i:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- i:\windows\system32\rpcrt4.dll
2009-04-08 19:44 . 2009-04-08 19:44 18816 ----a-w- i:\windows\system32\drivers\dvd43llh.sys
2009-04-08 19:20 . 2009-04-08 19:20 10134 ----a-r- i:\documents and settings\Ryan\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2009-03-30 19:20 . 2009-03-30 19:20 0 ----a-w- i:\windows\ativpsrm.bin
2009-03-29 21:57 . 2009-03-29 19:45 87747 ----a-w- i:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 20:28 . 2009-03-29 20:28 664 ----a-w- i:\windows\system32\d3d9caps.dat
2009-03-29 19:55 . 2009-03-29 19:55 127 ----a-w- i:\documents and settings\Ryan\Local Settings\Application Data\fusioncache.dat
2009-03-29 19:42 . 2009-03-29 19:42 21640 ----a-w- i:\windows\system32\emptyregdb.dat
2009-03-27 00:44 . 2009-03-29 21:05 45070641 ----a-w- i:\documents and settings\Ryan\Application Data\iolo\Installers\SystemMechanicPro.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-19_13.32.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-04 03:33 . 2009-03-08 11:31 46592 i:\windows\system32\pngfilt.dll
+ 2004-08-10 11:00 . 2009-03-08 11:31 48128 i:\windows\system32\mshtmler.dll
- 2004-08-10 11:00 . 2007-08-14 01:01 48128 i:\windows\system32\mshtmler.dll
+ 2006-03-04 03:33 . 2009-03-08 11:31 66560 i:\windows\system32\mshtmled.dll
- 2004-08-10 11:00 . 2007-08-14 01:32 45568 i:\windows\system32\mshta.exe
+ 2004-08-10 11:00 . 2009-03-08 11:31 45568 i:\windows\system32\mshta.exe
+ 2007-08-14 01:36 . 2009-03-08 11:31 13312 i:\windows\system32\msfeedssync.exe
+ 2007-08-14 01:54 . 2009-03-08 11:31 55296 i:\windows\system32\msfeedsbs.dll
+ 2004-08-10 11:00 . 2009-03-08 11:34 43008 i:\windows\system32\licmgr10.dll
+ 2004-08-10 11:00 . 2009-04-30 21:22 25600 i:\windows\system32\jsproxy.dll
+ 2006-03-04 03:33 . 2009-03-08 11:32 94720 i:\windows\system32\inseng.dll
+ 2004-08-10 11:00 . 2009-03-08 11:31 34816 i:\windows\system32\imgutil.dll
+ 2004-08-10 11:00 . 2009-03-08 11:32 71680 i:\windows\system32\iesetup.dll
+ 2004-08-10 11:00 . 2009-03-08 11:32 55808 i:\windows\system32\iernonce.dll
+ 2007-08-14 01:36 . 2009-03-08 11:31 59904 i:\windows\system32\icardie.dll
+ 2007-08-14 01:36 . 2009-03-08 11:31 46592 i:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 01:01 . 2007-08-14 01:01 48128 i:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-14 01:01 . 2009-03-08 11:31 48128 i:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-14 01:54 . 2009-03-08 11:31 66560 i:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 01:32 . 2007-08-14 01:32 45568 i:\windows\system32\dllcache\mshta.exe
+ 2007-08-14 01:32 . 2009-03-08 11:31 45568 i:\windows\system32\dllcache\mshta.exe
+ 2009-03-29 22:15 . 2009-03-08 11:31 55296 i:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 01:44 . 2009-03-08 11:34 43008 i:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 01:39 . 2009-03-08 11:32 94720 i:\windows\system32\dllcache\inseng.dll
+ 2007-08-14 01:36 . 2009-03-08 11:31 34816 i:\windows\system32\dllcache\imgutil.dll
+ 2007-08-14 01:39 . 2009-03-08 11:32 71680 i:\windows\system32\dllcache\iesetup.dll
+ 2007-08-14 01:39 . 2009-03-08 11:32 55808 i:\windows\system32\dllcache\iernonce.dll
+ 2009-03-29 22:15 . 2009-03-08 11:31 59904 i:\windows\system32\dllcache\icardie.dll
+ 2007-08-14 01:18 . 2009-03-08 11:24 68608 i:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-14 01:42 . 2009-03-08 11:33 18944 i:\windows\system32\dllcache\corpol.dll
+ 2007-08-14 01:39 . 2009-03-08 11:32 72704 i:\windows\system32\dllcache\admparse.dll
+ 2004-08-10 11:00 . 2009-03-08 11:33 18944 i:\windows\system32\corpol.dll
+ 2004-08-10 11:00 . 2009-03-08 11:32 72704 i:\windows\system32\admparse.dll
+ 2007-08-14 01:45 . 2009-03-08 11:34 208384 i:\windows\system32\WinFXDocObj.exe
+ 2004-08-10 11:00 . 2009-03-08 11:34 236544 i:\windows\system32\webcheck.dll
+ 2004-08-10 11:00 . 2009-03-08 11:33 420352 i:\windows\system32\vbscript.dll
+ 2004-08-10 11:00 . 2009-03-08 11:34 105984 i:\windows\system32\url.dll
- 2004-08-10 11:00 . 2009-04-29 04:56 105984 i:\windows\system32\url.dll
+ 2004-08-10 11:00 . 2009-03-08 11:34 109568 i:\windows\system32\occache.dll
+ 2006-03-04 03:33 . 2009-03-08 11:32 611840 i:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2009-03-08 11:34 193536 i:\windows\system32\msrating.dll
- 2004-08-10 11:00 . 2007-08-14 01:54 156160 i:\windows\system32\msls31.dll
+ 2004-08-10 11:00 . 2009-03-08 11:22 156160 i:\windows\system32\msls31.dll
+ 2007-08-14 01:54 . 2009-03-08 11:32 594432 i:\windows\system32\msfeeds.dll
+ 2004-08-10 11:00 . 2009-03-08 11:33 726528 i:\windows\system32\jscript.dll
+ 2007-08-14 01:54 . 2009-03-08 11:22 164352 i:\windows\system32\ieui.dll
+ 2006-03-04 03:33 . 2009-03-08 11:31 183808 i:\windows\system32\iepeers.dll
+ 2007-07-11 19:27 . 2009-03-08 11:11 445952 i:\windows\system32\ieapfltr.dll
+ 2004-08-10 11:00 . 2009-03-08 11:32 163840 i:\windows\system32\ieakui.dll
+ 2004-08-10 11:00 . 2009-03-08 11:33 229376 i:\windows\system32\ieaksie.dll
+ 2004-08-10 11:00 . 2009-03-08 11:33 125952 i:\windows\system32\ieakeng.dll
+ 2006-03-04 03:33 . 2009-03-08 11:31 216064 i:\windows\system32\dxtrans.dll
+ 2004-08-10 11:00 . 2009-03-08 11:31 348160 i:\windows\system32\dxtmsft.dll
+ 2007-08-14 01:54 . 2009-03-08 11:34 236544 i:\windows\system32\dllcache\webcheck.dll
+ 2007-08-14 01:54 . 2009-03-08 11:33 759296 i:\windows\system32\dllcache\VGX.dll
+ 2007-08-14 01:54 . 2009-03-08 11:33 420352 i:\windows\system32\dllcache\vbscript.dll
+ 2007-08-14 01:44 . 2009-03-08 11:34 105984 i:\windows\system32\dllcache\url.dll
- 2007-08-14 01:44 . 2009-04-29 04:56 105984 i:\windows\system32\dllcache\url.dll
+ 2007-08-14 01:44 . 2009-03-08 11:34 109568 i:\windows\system32\dllcache\occache.dll
+ 2007-08-14 01:54 . 2009-03-08 11:32 611840 i:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 01:44 . 2009-03-08 11:34 193536 i:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 11:00 . 2009-03-08 11:22 156160 i:\windows\system32\dllcache\msls31.dll
- 2004-08-10 11:00 . 2007-08-14 01:54 156160 i:\windows\system32\dllcache\msls31.dll
+ 2009-03-29 22:15 . 2009-03-08 11:32 594432 i:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-14 01:38 . 2009-03-08 11:33 726528 i:\windows\system32\dllcache\jscript.dll
+ 2007-08-14 01:43 . 2009-03-08 21:09 638816 i:\windows\system32\dllcache\iexplore.exe
+ 2007-08-14 01:54 . 2009-03-08 11:31 183808 i:\windows\system32\dllcache\iepeers.dll
+ 2009-03-29 22:15 . 2009-03-08 11:11 445952 i:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-10 11:00 . 2009-03-08 11:32 163840 i:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 01:39 . 2009-03-08 11:33 229376 i:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 01:39 . 2009-03-08 11:33 125952 i:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 01:35 . 2009-03-08 11:31 216064 i:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 01:35 . 2009-03-08 11:31 348160 i:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-14 01:39 . 2009-03-08 11:32 128512 i:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 11:00 . 2009-03-08 11:32 128512 i:\windows\system32\advpack.dll
+ 2006-03-18 11:09 . 2009-04-30 21:22 1207808 i:\windows\system32\urlmon.dll
+ 2006-03-23 17:32 . 2009-05-13 05:15 5936128 i:\windows\system32\mshtml.dll
+ 2007-08-14 01:34 . 2009-04-30 21:22 1985024 i:\windows\system32\iertutil.dll
+ 2007-08-14 01:54 . 2009-04-30 21:22 11064832 i:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="i:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="i:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"RoxWatchTray"="i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"masqform.exe"="i:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"ISUSScheduler"="i:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HPDJ Taskbar Utility"="i:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"HP Software Update"="i:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="i:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"GrooveMonitor"="i:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ehTray"="i:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dvd43"="i:\program files\dvd43\dvd43_tray.exe" [2008-11-18 827904]
"DMXLauncher"="i:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"ATIPTA"="i:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"iolo AntiVirus"="i:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
"Ad-Watch"="i:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-14 518488]
"iolo Personal Firewall"="i:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2009-05-13 1322848]
"SigmatelSysTrayApp"="stsystra.exe" - i:\windows\stsystra.exe [2005-03-23 339968]

i:\documents and settings\All Users\Start Menu\Programs\Startup\
NCProTray.lnk - i:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-3-31 49220]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"i:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"i:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"i:\\Program Files\\Messenger\\msmsgs.exe"=
"i:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"i:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"i:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"i:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [6/14/2009 11:56 AM 64160]
R0 XPacket;iolo Personal Firewall Driver;i:\windows\system32\xpacket.sys [3/29/2009 2:09 PM 39424]
R2 fssfltr;FssFltr;i:\windows\system32\drivers\fssfltr_tdi.sys [6/4/2009 7:35 PM 55152]
R2 ioloFileInfoList;iolo FileInfoList Service;i:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/29/2009 2:10 PM 600944]
R2 ioloSystemService;iolo System Service;i:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/29/2009 2:10 PM 600944]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
R3 PAC7302;PAC7302 VGA USB Camera;i:\windows\system32\drivers\PAC7302.SYS [4/19/2009 10:50 AM 457856]
R3 RoxMediaDB10;RoxMediaDB10;i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;i:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;i:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S2 SessionLauncher;SessionLauncher; [x]
S3 fsssvc;Windows Live Family Safety;i:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;i:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"i:\windows\system32\rundll32.exe" "i:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-14 i:\windows\Tasks\Ad-Aware Update (Weekly).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:56]

2009-06-21 i:\windows\Tasks\GlaryInitialize.job
- i:\program files\Glary Utilities\initialize.exe [2009-04-08 16:49]
.
.
------- Supplementary Scan -------
.
LSP: i:\windows\system32\iavlsp.dll
LSP: i:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 18:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
i:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(820)
i:\windows\system32\iavlsp.dll
i:\program files\iolo\Common\Firewall\iFW_Xfilter.dll

- - - - - - - > 'explorer.exe'(2036)
i:\windows\system32\WININET.dll
i:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-22 18:33
ComboFix-quarantined-files.txt 2009-06-22 01:33
ComboFix2.txt 2009-06-20 02:15
ComboFix3.txt 2009-06-19 13:34

Pre-Run: 618,666,086,400 bytes free
Post-Run: 618,655,719,424 bytes free

289 --- E O F --- 2009-06-19 13:26

#10 R_Osterlund

R_Osterlund
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 28 June 2009 - 06:38 PM

Finally found the solution for anyone using IOLO firewall. When switching to IE8 IOLO will not allow the program to open. I found this thread from a diffrent forum which corrected my problem.

------------------------------------------------------------------------------------

Re: IE8 won't start
I eventually found out what the problem was, and I figured I would post it so
it may be of use to someone else with the same problem.

I use Iolo System Mechanic Pro to maintain my system and a file that is part
of the firewall conflicts with IE8 and prevents it from running.

I had bought a new harddrive last week and backed up any important stuff and
then I wiped my HD and did a clean install of XP. Once I had my system fully
updated I made an image back up in case something goes wrong.

When I installed IE8 it started up ok.

When I reinstalled the Iolo program I was no longer able to use IE8.
Uninstalling Iolo allowed me to get on IE8 again, so there is the problem. I
contacted Iolo about it and recieved a solution within an hour (kudos to
them, although since an update was released since IE8 came out this should
have been changed already). Anyway I will include a copy of the solution they
sent me in the bottom of this post.

Alas my story doesn't have a happy ending. IE8 looks nice and initially I
liked it but it freezes up way too much. I can't even get my email without it
crashing on me, and that's pretty bad when you have a fresh copy of Xp on
your PC. I couldn't even watch any videos online at first because IE8 would
not play them for some reason (but firefox would). Took me 2 hours to fix it.
Maybe it's a problem with my add ons...

Anyway, here is the solution I was given. Very easy and took me not even 5
minutes to do(I was expecting something more involved lol)

1. Please restart your computer in Windows Safe Mode.
2. Once booted, please navigate to the folder C:\Program
Files\iolo\Common\Lib.

3. Right-click on the file named ioloHL.dll and select Rename.

4. Rename the file with an underscore in front of it (Shift - on the
keyboard)

5. Example: _ioloHL.dll

6. Restart your system normally and try your browser(Internet Explorer 8).


------------------------------------------------------------------------------------------------------

Good luck with IE8 and I hope this helps someone else in need.

PS: Thanks for all the help Tea




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users