wompum13

Members
  • Content Count

    31
  • Joined

  • Last visited

Community Reputation

0 Neutral

About wompum13

  • Rank
    Advanced Member
  • Birthday 04/21/1974

Contact Methods

  • MSN
    wompum13
  • Website URL
    http://
  • ICQ
    0
  • Yahoo
    wompum13

Profile Information

  • Location
    Arizona
  1. No error came up this time . It said something about contact the person that created HJT. I fixed what you said here is my new log. Logfile of HijackThis v1.99.1 Scan saved at 1:24:52 AM, on 11/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINXP2\System32\smss.exe C:\WINXP2\system32\winlogon.exe C:\WINXP2\system32\services.exe C:\WINXP2\system32\lsass.exe C:\WINXP2\system32\svchost.exe C:\WINXP2\System32\svchost.exe C:\WINXP2\system32\spoolsv.exe C:\WINXP2\Explorer.EXE C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE C:\Program Files\Airlink101\AWLL5025\WLService.exe C:\Program Files\Airlink101\AWLL5025\AWLL5025.exe C:\WINXP2\system32\cisvc.exe C:\WINXP2\system32\CTsvcCDA.exe C:\WINXP2\system32\CTHELPER.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINXP2\system32\nvsvc32.exe C:\WINXP2\system32\tcpsvcs.exe C:\WINXP2\system32\tlntsvr.exe C:\WINXP2\system32\MsPMSPSv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINXP2\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINXP2\System32\svchost.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINXP2\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\hijackthis.exe.exe O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINXP2\UpdReg.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP2\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINXP2\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Jet Detection] "D:\sound blaster\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINXP2\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62" O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRA~1\DESKKT~1\datray.exe" -S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP2\system32\ctfmon.exe O4 - HKCU\..\Run: [bengalsScreenServer] "C:\Program Files\BengalsScreenServer\BengalsScreenServer.exe" -tb O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = D:\CalCheck.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155521450937 O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.24.10/ttinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINXP2\SYSTEM32\WgaLogon.dll O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE O23 - Service: Airlink101 USB XR Adapter WLService - Unknown owner - C:\Program Files\Airlink101\AWLL5025\WLService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP2\system32\CTsvcCDA.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP2\system32\nvsvc32.exe
  2. got as far as looking to remove the files in system32 and none of the files you listed were there. Please advise
  3. Ok get a feel for what. I am new at this and what you are asking me to do is completely foriegn to me. If you cant break it down to more of a novice mode I wont be able to do it.
  4. ok thank you for the directions but can I get an easy botton for them. You really lost me....
  5. I amhaving a problem with the HJT fix.When I select the items you toldme too it comes up with an error. And shuts the program down. Can you please give me any advise....
  6. Please help this virus has caused major problems. I need help!!! Its called W32/threat-HLLAU-based!Maximus it comes up with two different file names Serials2005.exe and DVD COPY Plus.exe. I will included a high jack log thank you for any help. Logfile of HijackThis v1.99.1 Scan saved at 5:03:19 PM, on 11/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINXP2\System32\smss.exe C:\WINXP2\system32\winlogon.exe C:\WINXP2\system32\services.exe C:\WINXP2\system32\lsass.exe C:\WINXP2\system32\svchost.exe C:\WINXP2\System32\svchost.exe C:\WINXP2\Explorer.EXE C:\WINXP2\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE C:\Program Files\Airlink101\AWLL5025\WLService.exe C:\Program Files\Airlink101\AWLL5025\AWLL5025.exe C:\WINXP2\system32\cisvc.exe C:\WINXP2\system32\CTsvcCDA.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINXP2\system32\nvsvc32.exe C:\WINXP2\system32\tcpsvcs.exe C:\WINXP2\system32\tlntsvr.exe C:\WINXP2\system32\MsPMSPSv.exe C:\WINXP2\system32\AuthFw.exe C:\WINXP2\System32\svchost.exe C:\WINXP2\system32\cidaemon.exe C:\WINXP2\system32\wscntfy.exe C:\DOCUME~1\Lynie\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRA~1\DESKKT~1\datray.exe" -S O4 - HKCU\..\Run: [bengalsScreenServer] "C:\Program Files\BengalsScreenServer\BengalsScreenServer.exe" -tb O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1 O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155521450937 O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.24.10/ttinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3BBAA892-6C53-4D64-998E-16FFFE28EC88}: NameServer = 207.69.188.186,207.69.188.185 O20 - AppInit_DLLs: WIKI.DLL O20 - Winlogon Notify: WgaLogon - C:\WINXP2\SYSTEM32\WgaLogon.dll O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1.EXE O23 - Service: Airlink101 USB XR Adapter WLService - Unknown owner - C:\Program Files\Airlink101\AWLL5025\WLService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP2\system32\CTsvcCDA.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP2\system32\nvsvc32.exe Advisor edit: Moved to HijacjackThis section of the forum)
  7. I posted Saturday morning and received a response. Read it and did what it said to do regarding my virus went back to respond to it and my post didnt show that I had a response. the person who responded was USHER0001 and I am confused. USHER0001 if you responded to my Java virus please respond again, if not can someone please let me know if I've completely lost my mind
  8. Once again I seem to have a pesky virus that comes in several forms. From what I've seen so far its a Java/Byte Verify and the file its located in is f.jar-71d2F9a7-45af68df.zip. Confused YES!!! Please advise me on what to do next.
  9. Here are the logs you requested Kristie - 06-10-20 20:02:08.95 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Kristie\Desktop\Virus fixing progtams" ((((((((((((((((((((((((((((((( Files Created from 2006-09-20 to 2006-10-20 )))))))))))))))))))))))))))))))))) 2006-10-09 08:46 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-10-09 08:46 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-10-09 08:46 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-10-09 08:46 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-10-09 08:46 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-09-29 05:31 78,488 --a------ C:\WINDOWS\system32\XMD5.dll 2006-09-29 05:31 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll 2006-09-28 22:51 19,328 -ra------ C:\WINDOWS\system32\drivers\IABFilt.sys 2006-09-28 22:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-19 04:08 -------- d-------- C:\Program Files\NoAdware4 2006-10-17 13:33 6049280 --a------ C:\WINDOWS\system32\ieframe.dll 2006-10-17 13:33 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll 2006-10-17 13:33 458752 --a------ C:\WINDOWS\system32\msfeeds.dll 2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-10-17 13:33 180736 --a------ C:\WINDOWS\system32\ieui.dll 2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 13:05 206336 --a------ C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-10-17 12:58 61952 --a------ C:\WINDOWS\system32\icardie.dll 2006-10-17 12:58 12288 --a------ C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2006-10-17 12:57 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 12:27 380928 --a------ C:\WINDOWS\system32\ieapfltr.dll 2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-10-09 11:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-10-09 08:46 -------- d-------- C:\Documents and Settings\Kristie\Application Data\AVG7 2006-10-08 12:44 -------- d-------- C:\Program Files\Java 2006-10-08 12:44 -------- d-------- C:\Program Files\Common Files\Java 2006-10-08 12:39 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Sun 2006-10-04 23:08 -------- d-------- C:\Program Files\Hijackthis 2006-10-02 17:06 -------- d-------- C:\Program Files\Grisoft 2006-10-01 12:59 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Lavasoft 2006-10-01 12:58 -------- d-------- C:\Program Files\Lavasoft 2006-09-28 22:46 -------- d-------- C:\Program Files\Iomega 2006-09-28 15:53 -------- d-------- C:\Program Files\Windows Live Toolbar 2006-09-28 00:10 -------- d-------- C:\Program Files\MSN Messenger 2006-09-27 23:43 -------- d-------- C:\Documents and Settings\Kristie\Application Data\MSNInstaller 2006-09-26 07:00 -------- dr------- C:\Program Files\Support.com 2006-09-21 17:27 -------- d-------- C:\Program Files\Disney Interactive 2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-11 22:50 -------- d-------- C:\Program Files\Ubi Soft 2006-09-11 22:47 -------- d-------- C:\Program Files\QuickTime 2006-09-10 19:24 -------- d-------- C:\Program Files\Ubisoft 2006-09-10 11:36 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2006-09-10 11:30 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-09-07 23:09 -------- d-------- C:\Program Files\Drivers 2006-09-07 22:40 -------- d-------- C:\Program Files\Sierra On-Line 2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2006-09-06 13:38 -------- d-------- C:\Program Files\msn gaming zone 2006-09-04 19:38 -------- d-------- C:\Program Files\motherboard 2006-09-03 16:49 -------- d-------- C:\Program Files\Games 2006-08-31 23:36 -------- d-------- C:\Program Files\Plus! 2006-08-31 23:34 -------- d-------- C:\Program Files\Desktop Architect 2006-08-27 22:44 -------- d-------- C:\Documents and Settings\Kristie\Application Data\AdobeUM 2006-08-27 22:26 -------- d-------- C:\Program Files\Adobe 2006-08-27 21:12 -------- d-------- C:\Program Files\Themes 2006-08-26 18:48 -------- d-------- C:\Program Files\musicmatch 2006-08-26 15:21 -------- d-------- C:\Program Files\Common Files\Adobe 2006-08-26 15:21 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Adobe 2006-08-26 14:49 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Macromedia 2006-08-26 10:34 -------- d-------- C:\Program Files\Yahoo! 2006-08-26 04:32 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-08-26 04:32 -------- d-------- C:\Program Files\Common Files\Designer 2006-08-26 04:29 -------- d-------- C:\Program Files\Office 2006-08-26 02:53 -------- d-------- C:\Program Files\Everest 2006-08-25 08:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-24 22:49 0 --a------ C:\Documents and Settings\Kristie\Application Data\.googlewebacchosts 2006-08-24 22:31 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Snapfish 2006-08-24 20:28 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Simple Star 2006-08-24 20:24 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Ahead 2006-08-24 19:59 -------- d-------- C:\Program Files\Common Files\Ahead 2006-08-24 19:59 -------- d-------- C:\Program Files\Ahead 2006-08-22 05:24 -------- d-------- C:\Documents and Settings\Kristie\Application Data\MSN6 2006-08-22 05:21 -------- d-------- C:\Program Files\Design Science 2006-08-22 05:06 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-22 03:53 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Help 2006-08-22 03:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-08-22 03:23 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Symantec 2006-08-22 03:15 -------- d-------- C:\Program Files\WinZip 2006-08-22 03:13 -------- d-------- C:\Program Files\ParadisePoker 2006-08-21 17:49 -------- d-------- C:\Program Files\Actiontec 2006-08-21 17:46 -------- d--h----- C:\Program Files\Uninstall Information 2006-08-21 17:46 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Identities 2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe 2006-08-21 02:14 128896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2006-08-21 00:23 -------- d-------- C:\Program Files\xerox 2006-08-21 00:23 -------- d-------- C:\Program Files\microsoft frontpage 2006-08-21 00:22 0 -rahs---- C:\MSDOS.SYS 2006-08-21 00:22 0 -rahs---- C:\IO.SYS 2006-08-21 00:22 0 --a------ C:\CONFIG.SYS 2006-08-21 00:22 0 --a------ C:\AUTOEXEC.BAT 2006-08-21 00:16 -------- d--h----- C:\Program Files\WindowsUpdate 2006-08-21 00:14 -------- d-------- C:\Program Files\Common Files\MSSoap 2006-08-21 00:13 -------- d-------- C:\Program Files\Outlook Express 2006-08-21 00:13 -------- d-------- C:\Program Files\NetMeeting 2006-08-21 00:13 -------- d-------- C:\Program Files\Movie Maker 2006-08-21 00:13 -------- d-------- C:\Program Files\Internet Explorer 2006-08-21 00:13 -------- d-------- C:\Program Files\Common Files\System 2006-08-21 00:08 -------- d-------- C:\Program Files\Windows Media Player 2006-08-21 00:08 -------- d-------- C:\Program Files\Messenger 2006-08-21 00:07 -------- d-------- C:\Program Files\Windows NT 2006-08-21 00:07 -------- d-------- C:\Program Files\MSN 2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\SpeechEngines 2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\ODBC 2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files 2006-08-20 23:41 62 --ahs---- C:\Documents and Settings\Kristie\Application Data\desktop.ini 2006-08-20 23:40 -------- d---s---- C:\Documents and Settings\Kristie\Application Data\Microsoft 2006-08-16 04:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\ 73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\ 00 "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job Completion time: Fri 10/20/2006 20:04:19.99 ComboFix3.txt ComboFix2.txt ComboFix.txt Logfile of HijackThis v1.99.1 Scan saved at 8:05:28 PM, on 10/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kristie\Desktop\Virus fixing progtams\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156585333637 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe I hope this helps us get closer to a fix. My computer no longer remember passwords or usernames. HELP
  10. Here is a current log "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "C:\WINDOWS\system32\mobsync.exe /logon" "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind" -> {HKLM...CLSID} = "Microsoft Office Binder Unbind" \InProcServer32\(Default) = "C:\PROGRA~1\Office\Office\1033\UNBIND.DLL" [MS] "{08267B21-223F-11d3-ACD4-004F4902B913}" = "Desktop Architect" -> {HKLM...CLSID} = "Desktop Architect" \InProcServer32\(Default) = "C:\Program Files\Desktop Architect\dadesk.dll" ["Ken Foster"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "My Sharing Folders" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Theme Kristie.bmp" Enabled Scheduled Tasks: ------------------------ "Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
  11. Hello again! I kind of thought It did but I also ran a scan with actually two different scanners and one of them came up with a worm called W.HLLW.Gaobot.CA. Also any clue how to get the other program off. When I even use its own uninstall program it comes back with error message cannot complete uninstall please restart computer to continue. Of course thaty doesnt sound right.... What do you think I also have a log from this scan called silent runner ever heard of it. I know I must sound crazy but there is something really wrong. Hard drive light sometimes starts flickering like to the beat of a heart. when theres nothing being done then shuts computer down. Very Scary
  12. Im so sorry Im back. Been trying to get personal things taken care of. I really have a problem now. First I cant find my XP cd you talked about. 2. computer almost slower than ever. Freezing and forgetting saved passwords. Explorer locking up. Now Im lost
  13. So sorry My daughters school just called have to pick her up real quick. Be right back
  14. Here ya go... Kristie - 06-10-13 11:35:18.42 Service Pack 2 ComboFix 06.10.14 - Running from: "C:\Documents and Settings\Kristie\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 )))))))))))))))))))))))))))))))))) 2006-10-09 08:46 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-10-09 08:46 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-10-09 08:46 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-10-09 08:46 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-10-09 08:46 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-10-08 05:31 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-10-08 05:31 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-10-08 05:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-10-08 05:31 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-09-29 05:31 78,488 --a------ C:\WINDOWS\system32\XMD5.dll 2006-09-29 05:31 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll 2006-09-28 22:51 19,328 -ra------ C:\WINDOWS\system32\drivers\IABFilt.sys 2006-09-28 22:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-12 14:14 -------- d-------- C:\Program Files\Windows Live Favorites 2006-10-09 11:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-10-09 08:46 -------- d-------- C:\Documents and Settings\Kristie\Application Data\AVG7 2006-10-08 12:44 -------- d-------- C:\Program Files\Java 2006-10-08 12:44 -------- d-------- C:\Program Files\Common Files\Java 2006-10-08 12:39 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Sun 2006-10-04 23:08 -------- d-------- C:\Program Files\Hijackthis 2006-10-02 17:06 -------- d-------- C:\Program Files\Grisoft 2006-10-01 12:59 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Lavasoft 2006-10-01 12:58 -------- d-------- C:\Program Files\Lavasoft 2006-09-28 22:46 -------- d-------- C:\Program Files\Iomega 2006-09-28 15:53 -------- d-------- C:\Program Files\Windows Live Toolbar 2006-09-28 00:10 -------- d-------- C:\Program Files\MSN Messenger 2006-09-27 23:43 -------- d-------- C:\Documents and Settings\Kristie\Application Data\MSNInstaller 2006-09-26 07:00 -------- dr------- C:\Program Files\Support.com 2006-09-21 17:27 -------- d-------- C:\Program Files\Disney Interactive 2006-09-16 20:52 -------- d-------- C:\Program Files\exPressit S.E. 2.1 2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-11 22:50 -------- d-------- C:\Program Files\Ubi Soft 2006-09-11 22:47 -------- d-------- C:\Program Files\QuickTime 2006-09-10 19:24 -------- d-------- C:\Program Files\Ubisoft 2006-09-10 11:36 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2006-09-10 11:30 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-09-09 21:26 -------- d-------- C:\Program Files\Sports Mogul 2006-09-09 21:10 -------- d-------- C:\Program Files\Baseball Mogul 2007 2006-09-07 23:09 -------- d-------- C:\Program Files\Drivers 2006-09-07 22:40 -------- d-------- C:\Program Files\Sierra On-Line 2006-09-06 13:38 -------- d-------- C:\Program Files\msn gaming zone 2006-09-04 19:38 -------- d-------- C:\Program Files\motherboard 2006-09-03 16:49 -------- d-------- C:\Program Files\Games 2006-08-31 23:36 -------- d-------- C:\Program Files\Plus! 2006-08-31 23:34 -------- d-------- C:\Program Files\Desktop Architect 2006-08-27 22:44 -------- d-------- C:\Documents and Settings\Kristie\Application Data\AdobeUM 2006-08-27 22:26 -------- d-------- C:\Program Files\Adobe 2006-08-27 21:12 -------- d-------- C:\Program Files\Themes 2006-08-26 18:48 -------- d-------- C:\Program Files\musicmatch 2006-08-26 15:21 -------- d-------- C:\Program Files\Common Files\Adobe 2006-08-26 15:21 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Adobe 2006-08-26 14:49 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Macromedia 2006-08-26 10:34 -------- d-------- C:\Program Files\Yahoo! 2006-08-26 04:32 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-08-26 04:32 -------- d-------- C:\Program Files\Common Files\Designer 2006-08-26 04:29 -------- d-------- C:\Program Files\Office 2006-08-26 02:53 -------- d-------- C:\Program Files\Everest 2006-08-25 08:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-24 22:49 0 --a------ C:\Documents and Settings\Kristie\Application Data\.googlewebacchosts 2006-08-24 22:31 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Snapfish 2006-08-24 20:28 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Simple Star 2006-08-24 20:24 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Ahead 2006-08-24 20:05 -------- d-------- C:\Program Files\Common Files\Nero 2006-08-24 19:59 -------- d-------- C:\Program Files\Common Files\Ahead 2006-08-24 19:59 -------- d-------- C:\Program Files\Ahead 2006-08-23 00:31 5906432 --------- C:\WINDOWS\system32\ieframe.dll 2006-08-23 00:31 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-08-23 00:31 457728 --------- C:\WINDOWS\system32\msfeeds.dll 2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll 2006-08-23 00:31 175616 --------- C:\WINDOWS\system32\ieui.dll 2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll 2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-08-23 00:18 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll 2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll 2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll 2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll 2006-08-23 00:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-08-23 00:11 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-08-23 00:10 61440 --------- C:\WINDOWS\system32\icardie.dll 2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll 2006-08-23 00:09 262656 --------- C:\WINDOWS\system32\iertutil.dll 2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-08-22 23:36 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-08-22 05:24 -------- d-------- C:\Documents and Settings\Kristie\Application Data\MSN6 2006-08-22 05:21 -------- d-------- C:\Program Files\Design Science 2006-08-22 05:06 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-22 03:53 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Help 2006-08-22 03:43 -------- d-------- C:\Program Files\Symantec 2006-08-22 03:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-08-22 03:37 -------- d-------- C:\Program Files\Nortons anti virus 2006-08-22 03:23 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Symantec 2006-08-22 03:15 -------- d-------- C:\Program Files\WinZip 2006-08-22 03:13 -------- d-------- C:\Program Files\ParadisePoker 2006-08-21 17:49 -------- d-------- C:\Program Files\Actiontec 2006-08-21 17:46 -------- d--h----- C:\Program Files\Uninstall Information 2006-08-21 17:46 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Identities 2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe 2006-08-21 02:14 128896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2006-08-21 00:23 -------- d-------- C:\Program Files\xerox 2006-08-21 00:23 -------- d-------- C:\Program Files\microsoft frontpage 2006-08-21 00:22 0 -rahs---- C:\MSDOS.SYS 2006-08-21 00:22 0 -rahs---- C:\IO.SYS 2006-08-21 00:22 0 --a------ C:\CONFIG.SYS 2006-08-21 00:22 0 --a------ C:\AUTOEXEC.BAT 2006-08-21 00:16 -------- d--h----- C:\Program Files\WindowsUpdate 2006-08-21 00:14 -------- d-------- C:\Program Files\Common Files\Services 2006-08-21 00:14 -------- d-------- C:\Program Files\Common Files\MSSoap 2006-08-21 00:13 -------- d-------- C:\Program Files\Outlook Express 2006-08-21 00:13 -------- d-------- C:\Program Files\NetMeeting 2006-08-21 00:13 -------- d-------- C:\Program Files\Movie Maker 2006-08-21 00:13 -------- d-------- C:\Program Files\Internet Explorer 2006-08-21 00:13 -------- d-------- C:\Program Files\Common Files\System 2006-08-21 00:08 -------- d-------- C:\Program Files\Windows Media Player 2006-08-21 00:08 -------- d-------- C:\Program Files\Messenger 2006-08-21 00:07 -------- d-------- C:\Program Files\Windows NT 2006-08-21 00:07 -------- d-------- C:\Program Files\MSN 2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\SpeechEngines 2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\ODBC 2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files 2006-08-20 23:41 62 --ahs---- C:\Documents and Settings\Kristie\Application Data\desktop.ini 2006-08-20 23:40 -------- d---s---- C:\Documents and Settings\Kristie\Application Data\Microsoft 2006-08-16 04:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-08-16 02:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys 2006-08-14 03:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys 2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-14 08:51 121856 --------- C:\WINDOWS\system32\xmllite.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\ 73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\ 00 "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "isamonitor.exe"="C:\\Program Files\\X Password Generator\\isamonitor.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\XoftSpy.job C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job Completion time: 06-10-13 11:37:25.77 C:\ComboFix2.txt ... 06-10-08 06:08 C:\ComboFix.txt ... 06-10-13 11:37