janoona

Members
  • Content Count

    28
  • Joined

  • Last visited

Community Reputation

0 Neutral

About janoona

  • Rank
    Member
  1. The CureIt.log at 33,908kb might be a little big to attach. F-Secure report follows. Scanning Report Monday, December 08, 2008 18:07:18 - 19:34:13 Computer name: USER-F285D9D7D0 Scanning type: Scan system for malware, rootkits Target: C:\ D:\ Result: 6 malware found TrackingCookie.2o7 (spyware) * System TrackingCookie.Atdmt (spyware) * System TrackingCookie.Atwola (spyware) * System TrackingCookie.Revsci (spyware) * System TrackingCookie.Statcounter (spyware) * System TrackingCookie.Webtrends (spyware) * System Statistics Scanned: * Files: 47919 * System: 3401 * Not scanned: 14 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 6 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC1.LNK * C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC2.LNK * C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC3.LNK * C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC4.LNK * C:\FOUND.000\DIR0000.CHK\S-1-5-21-842925246-1897051121-839522115-1008\DC7.JPG * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43B12753FD9996D02D9728C9E9D59650_EBA67B9F-B273-4105-8D81-24441A7939C2 * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFFEEEE11DDE10E9E63FFBB81186C778_EBA67B9F-B273-4105-8D81-24441A7939C2 Options Scanning engines: * F-Secure USS: 2.40.0 * F-Secure Hydra: 2.8.8110, 2008-12-08 * F-Secure AVP: 7.0.171, 2008-12-08 * F-Secure Pegasus: 1.20.0, 2008-11-03 * F-Secure Blacklight: 2.4.1093 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use Advanced heuristics Copyright © 1998-2007 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  2. Logfile of HijackThis v1.99.1 Scan saved at 5:16:06 PM, on 12/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WG311T\wlancfg5.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jeff\My Documents\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
  3. ComboFix 08-12-06.06 - Jeff 2008-12-08 17:07:27.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.154 [GMT -8:00] Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 ))))))))))))))))))))))))))))))) . 2008-12-05 19:09 . 2008-12-05 19:09 <DIR> d--h----- c:\windows\PIF 2008-12-05 19:07 . 2008-12-07 10:57 <DIR> d-------- c:\documents and settings\Jeff\DoctorWeb 2008-11-26 18:24 . 2003-03-24 16:52 188,480 --a--c--- c:\windows\system32\dllcache\cfgwiz.exe 2008-11-26 18:24 . 2003-03-24 16:52 20,540 --a--c--- c:\windows\system32\dllcache\author.dll 2008-11-26 18:24 . 2003-03-24 16:52 16,439 --a--c--- c:\windows\system32\dllcache\author.exe 2008-11-26 18:23 . 2003-03-24 16:52 20,540 --a--c--- c:\windows\system32\dllcache\admin.dll 2008-11-23 11:29 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll 2008-11-23 11:27 . 2003-03-24 16:52 147,513 --a--c--- c:\windows\system32\dllcache\fp4apws.dll 2008-11-23 11:27 . 2003-03-24 16:52 102,509 --a--c--- c:\windows\system32\dllcache\fp4atxt.dll 2008-11-23 11:27 . 2003-03-24 16:52 82,035 --a--c--- c:\windows\system32\dllcache\fp4anscp.dll 2008-11-23 11:27 . 2003-03-24 16:52 49,210 --a--c--- c:\windows\system32\dllcache\fp4areg.dll 2008-11-23 11:27 . 2003-03-24 16:52 41,020 --a--c--- c:\windows\system32\dllcache\fp4avnb.dll 2008-11-23 11:27 . 2003-03-24 16:52 32,826 --a--c--- c:\windows\system32\dllcache\fp4avss.dll 2008-11-23 11:26 . 2004-05-13 00:39 184,435 --a--c--- c:\windows\system32\dllcache\fp4amsft.dll 2008-11-23 11:23 . 2003-03-24 16:52 16,439 --a--c--- c:\windows\system32\dllcache\admin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-09 01:06 --------- d-----w c:\documents and settings\Jeff\Application Data\Spyware Terminator 2008-12-09 01:02 --------- d-----w c:\program files\Mozilla Thunderbird 2008-12-08 00:52 --------- d-----w c:\program files\trend micro 2008-12-05 11:55 --------- d-----w c:\program files\Spyware Terminator 2008-11-30 16:02 --------- d-----w c:\documents and settings\Michelle\Application Data\Spyware Terminator 2008-11-29 14:05 --------- d-----w c:\program files\Common Files\Adobe 2008-11-05 01:52 --------- d-----w c:\program files\UltimateZip 3.0 2008-11-05 00:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator 2008-11-04 04:45 3,592 ----a-w c:\windows\system32\PerfStringBackup.TMP 2008-10-31 01:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-10-31 01:58 --------- d-----w c:\documents and settings\Jeff\Application Data\Malwarebytes 2008-10-31 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-10-30 01:57 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-10-30 01:57 --------- d-----w c:\program files\Java 2008-10-28 13:54 --------- d-----w c:\program files\MSXML 4.0 2008-10-26 13:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-25 16:45 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-25 16:44 --------- d-----w c:\program files\Maxtor 2008-10-25 16:44 --------- d-----w c:\documents and settings\All Users\Application Data\Maxtor 2008-10-22 23:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 23:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-14 07:00 --------- d-----w c:\documents and settings\James\Application Data\Spyware Terminator 2008-10-14 05:45 --------- d-----w c:\documents and settings\James\Application Data\Canon 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2006-12-07 20:10 151 ----a-w c:\documents and settings\Jeff\Application Data\internaldb3635.dat 2006-12-02 22:20 6,144 ----a-w c:\documents and settings\Michelle\Application Data\internaldb7498.dat 2006-11-14 12:39 0 ----a-w c:\documents and settings\Jeff\Application Data\internaldb8253.dat 2006-11-01 01:07 334 ----a-w c:\documents and settings\James\Application Data\internaldb41.dat 2006-11-01 01:07 13,046 ----a-w c:\documents and settings\James\Application Data\internaldb5956.dat 2006-11-01 01:07 0 ----a-w c:\documents and settings\James\Application Data\internaldb889.dat 2006-11-01 00:45 177,152 ----a-w c:\documents and settings\James\Application Data\internaldb6774.dat 2006-10-24 22:49 6,144 ----a-w c:\documents and settings\James\Application Data\internaldb6794.dat 2006-10-24 22:49 0 ----a-w c:\documents and settings\James\Application Data\internaldb9782.dat 2006-10-24 22:49 0 ----a-w c:\documents and settings\James\Application Data\internaldb7397.dat 2006-10-24 22:49 0 ----a-w c:\documents and settings\James\Application Data\internaldb5594.dat 2006-10-24 22:49 0 ----a-w c:\documents and settings\James\Application Data\internaldb1342.dat 2006-09-20 21:05 1,058,588 ----a-w c:\documents and settings\Jeff\mconvert.zip 2004-12-15 00:47 400,096 ----a-w c:\windows\inf\WG311T\WG311T13.sys 2004-10-20 02:58 35,232 ----a-w c:\windows\inf\WG311T\ME_INST.EXE 2004-10-20 02:58 26,112 ----a-w c:\windows\inf\WG311T\install.exe 2004-10-01 23:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((( [email protected]_ 9.32.14.37 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 15:00:00 89,504 ----a-w c:\windows\fdsv.exe + 2000-08-31 16:00:00 89,504 ----a-w c:\windows\fdsv.exe - 2000-08-31 15:00:00 80,412 ----a-w c:\windows\grep.exe + 2000-08-31 16:00:00 80,412 ----a-w c:\windows\grep.exe + 2008-11-29 14:06:29 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe - 2000-08-31 15:00:00 98,816 ----a-w c:\windows\sed.exe + 2000-08-31 16:00:00 98,816 ----a-w c:\windows\sed.exe - 2000-08-31 15:00:00 136,704 ----a-w c:\windows\SWSC.exe + 2000-08-31 16:00:00 136,704 ----a-w c:\windows\SWSC.exe - 2000-08-31 15:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe + 2000-08-31 16:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe + 2008-11-18 17:41:38 1,233,112 ----a-w c:\windows\system32\aswBoot.exe + 2008-11-18 17:35:22 97,480 ----a-w c:\windows\system32\AvastSS.scr + 2008-04-14 00:11:48 136,192 -c--a-w c:\windows\system32\dllcache\aaclient.dll + 2008-04-14 00:11:48 1,852,928 -c--a-w c:\windows\system32\dllcache\acgenral.dll + 2008-04-14 00:11:48 451,072 -c--a-w c:\windows\system32\dllcache\aclayers.dll + 2008-04-14 00:11:48 245,248 -c--a-w c:\windows\system32\dllcache\acspecfc.dll + 2008-04-14 00:11:48 116,224 -c--a-w c:\windows\system32\dllcache\acxtrnal.dll + 2008-04-14 00:12:12 98,304 -c--a-w c:\windows\system32\dllcache\ahui.exe + 2008-04-14 00:11:49 125,952 -c--a-w c:\windows\system32\dllcache\apphelp.dll + 2008-04-14 00:11:49 65,024 -c--a-w c:\windows\system32\dllcache\asycfilt.dll + 2008-04-14 00:11:50 30,208 -c--a-w c:\windows\system32\dllcache\atmlib.dll + 2008-04-14 00:11:50 233,472 -c--a-w c:\windows\system32\dllcache\azroles.dll + 2008-04-14 00:11:50 7,168 -c--a-w c:\windows\system32\dllcache\bitsprx4.dll + 2008-04-14 00:09:05 16,896 -c--a-w c:\windows\system32\dllcache\cfgmgr32.dll + 2008-04-14 00:11:51 617,472 -c--a-w c:\windows\system32\dllcache\comctl32.dll + 2008-04-14 00:11:51 276,992 -c--a-w c:\windows\system32\dllcache\comdlg32.dll + 2008-04-14 00:11:51 252,928 -c--a-w c:\windows\system32\dllcache\compatui.dll + 2008-04-14 00:11:51 599,040 -c--a-w c:\windows\system32\dllcache\crypt32.dll + 2008-04-14 00:11:51 74,752 -c--a-w c:\windows\system32\dllcache\cryptdlg.dll + 2008-04-14 00:11:51 33,280 -c--a-w c:\windows\system32\dllcache\cryptdll.dll + 2008-04-14 00:11:51 53,760 -c--a-w c:\windows\system32\dllcache\cryptext.dll + 2008-04-14 00:11:51 64,512 -c--a-w c:\windows\system32\dllcache\cryptnet.dll + 2008-04-14 00:11:51 62,464 -c--a-w c:\windows\system32\dllcache\cryptsvc.dll + 2008-04-14 00:11:51 512,512 -c--a-w c:\windows\system32\dllcache\cryptui.dll + 2008-04-14 00:11:52 19,456 -c--a-w c:\windows\system32\dllcache\dimsntfy.dll + 2008-04-14 00:11:52 39,936 -c--a-w c:\windows\system32\dllcache\dimsroam.dll + 2008-04-14 00:11:52 32,768 -c--a-w c:\windows\system32\dllcache\dispex.dll + 2008-04-13 17:37:57 138,752 -c--a-w c:\windows\system32\dllcache\dssenh.dll + 2008-04-13 19:14:29 143,744 -c--a-w c:\windows\system32\dllcache\fastfat.sys + 2008-11-18 18:00:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys + 2008-11-18 18:02:43 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys + 2008-11-18 18:04:36 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys + 2008-11-18 18:04:21 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys + 2008-11-18 18:01:09 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys + 2008-11-18 18:03:33 110,160 ----a-w c:\windows\system32\drivers\aswSP.sys + 2008-11-18 18:01:23 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys - 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2008-08-19 05:28:06 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2008-12-06 14:32:44 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2008-12-06 02:19:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_574.dat - 2000-08-31 15:00:00 49,152 ----a-w c:\windows\VFIND.exe + 2000-08-31 16:00:00 49,152 ----a-w c:\windows\VFIND.exe - 2006-06-05 21:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2006-06-05 22:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll - 2006-06-05 21:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 22:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll - 2006-06-05 21:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll + 2006-06-05 22:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll - 2000-08-31 15:00:00 68,096 ----a-w c:\windows\zip.exe + 2000-08-31 16:00:00 68,096 ----a-w c:\windows\zip.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2005-10-11 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-21 589824] "EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-03 2957824] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 185896] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-01-10 c:\windows\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WG311T Wireless Assistant.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2004-12-17 7708672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll "VIDC.HFYU"= huffyuv.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-23 110160] R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2007-12-01 138752] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-23 20560] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312] R2 cx88xbar;FusionHDTV 88x, WDM Crossbar;c:\windows\system32\drivers\zl88xbar.sys [2008-09-13 10368] R2 Zulu88Tune;FusionHDTV 88x, WDM Tuner(DVB-T Plus);c:\windows\system32\drivers\zl88tune.sys [2008-09-13 177280] R2 Zulu88Vid;FusionHDTV 88x, WDM Video Capture;c:\windows\system32\drivers\zl88vcap.sys [2008-09-13 189312] R3 Zulu88BDA;FusionHDTV 88x, BDA DVB Tuner/Demod;c:\windows\system32\drivers\zl88bda.sys [2008-09-13 186752] R3 Zulu88Ts;FusionHDTV 88x, BDA Receiver(DVB-T);c:\windows\system32\drivers\zl88tcap.sys [2008-09-13 19200] S3 CXAVSAUD;FusionHDTV 880, WDM Audio Capture;c:\windows\system32\drivers\zl88aud.sys [2008-09-13 9216] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504] S3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\H10USB.sys [2004-06-23 7552] S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys [] S3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\System32\Drivers\sunkfilt62.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e27a52-b981-11dd-91ef-001485798133}] \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FireFox -: Profile - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-08 17:09:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-08 17:10:13 ComboFix-quarantined-files.txt 2008-12-09 01:09:50 ComboFix2.txt 2008-11-23 17:32:57 Pre-Run: 30,605,680,640 bytes free Post-Run: 30,600,540,160 bytes free 228 --- E O F --- 2008-07-28 15:37:34
  4. The new RIST info.txt file is nowhere to be found. I can find the old on from last time in C:rist \info.txt, but not the one from today. I have also found a a log file under C:---------DrWeb\CureIt.log which contains a LOT of data. Do you want me to post it??
  5. Logfile of random's system information tool 1.04 (written by random/random) Run by Jeff at 2008-12-07 13:52:50 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 29 GB (12%) free of 238 GB Total RAM: 447 MB (33% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:53:00 PM, on 12/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WG311T\wlancfg5.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Jeff\Desktop\RSIT.exe C:\Program Files\trend micro\Jeff.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 7550 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-02 308856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248] "VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-01-10 143360] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536] "RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-21 589824] "EasyTuneV"=C:\Program Files\Gigabyte\ET5\GUI.exe [2004-06-14 200704] "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] "OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088] "RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-03-03 2957824] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-02 185896] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "NBJ"=C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe [2005-10-11 1961984] C:\Documents and Settings\All Users\Start Menu\Programs\Startup NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e27a52-b981-11dd-91ef-001485798133}] shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe ======List of files/folders created in the last 1 months====== 2008-12-05 19:09:42 ----HD---- C:\WINDOWS\PIF 2008-12-05 18:49:41 ----SHD---- C:\RECYCLER 2008-11-28 04:27:18 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-23 10:18:56 ----A---- C:\WINDOWS\system32\aswBoot.exe 2008-11-23 09:32:59 ----D---- C:\WINDOWS\temp 2008-11-23 09:32:57 ----A---- C:\ComboFix.txt 2008-11-23 09:29:00 ----D---- C:\ComboFix 2008-11-08 04:44:07 ----D---- C:\winTows?system32 2008-11-08 04:44:07 ----D---- C:\windowsSsys?em32 2008-11-08 04:44:07 ----D---- C:\WINDOWS\sysWem3? 2008-11-08 04:44:07 ----D---- C:\WINDOWS\system3? 2008-11-08 04:44:07 ----D---- C:\WINDOWS\system32\?windows 2008-11-08 04:44:07 ----D---- C:\WINDOWS\system32\?windows ======List of files/folders modified in the last 1 months====== 2008-12-07 13:53:01 ----D---- C:\WINDOWS\Prefetch 2008-12-07 13:52:53 ----D---- C:\Program Files\trend micro 2008-12-07 13:52:38 ----D---- C:\Program Files\Mozilla Firefox 2008-12-07 11:01:13 ----D---- C:\Documents and Settings\Jeff\Application Data\Spyware Terminator 2008-12-07 09:53:20 ----D---- C:\Program Files\Mozilla Thunderbird 2008-12-06 08:44:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-05 21:01:36 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-05 19:09:42 ----D---- C:\WINDOWS 2008-12-05 03:56:20 ----D---- C:\WINDOWS\system32 2008-12-05 03:55:17 ----D---- C:\Program Files\Spyware Terminator 2008-12-01 19:02:31 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-29 08:01:43 ----SHD---- C:\Config.Msi 2008-11-29 08:01:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-29 06:07:13 ----D---- C:\WINEBASE 2008-11-29 06:06:32 ----SHD---- C:\WINDOWS\Installer 2008-11-29 06:06:01 ----D---- C:\WINDOWS\WinSxS 2008-11-29 06:05:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-11-29 06:05:46 ----D---- C:\Program Files\Common Files\Adobe 2008-11-29 06:05:46 ----D---- C:\Program Files\Adobe 2008-11-29 04:22:27 ----D---- C:\WINDOWS\Minidump 2008-11-23 10:19:06 ----D---- C:\WINDOWS\system32\drivers 2008-11-23 09:33:00 ----D---- C:\Qoobox 2008-11-23 09:31:59 ----A---- C:\WINDOWS\system.ini 2008-11-23 09:31:20 ----D---- C:\WINDOWS\AppPatch 2008-11-23 09:31:20 ----D---- C:\Program Files\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944] R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-03-23 29440] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-23 33536] R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032] R2 cx88xbar;FusionHDTV 88x, WDM Crossbar; C:\WINDOWS\system32\drivers\zl88xbar.sys [2005-10-04 10368] R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-13 41984] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2006-09-29 15781] R2 Zulu88Tune;FusionHDTV 88x, WDM Tuner(DVB-T Plus); C:\WINDOWS\system32\drivers\zl88tune.sys [2005-10-04 177280] R2 Zulu88Vid;FusionHDTV 88x, WDM Video Capture; C:\WINDOWS\system32\drivers\zl88vcap.sys [2005-10-04 189312] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-01-11 3844160] R3 AR5211;NETGEAR WG311T V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WG311T13.sys [2004-12-15 400096] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152] R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys [] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-03-08 172544] R3 Zulu88BDA;FusionHDTV 88x, BDA DVB Tuner/Demod; C:\WINDOWS\system32\drivers\zl88bda.sys [2005-10-04 186752] R3 Zulu88Ts;FusionHDTV 88x, BDA Receiver(DVB-T); C:\WINDOWS\system32\drivers\zl88tcap.sys [2005-10-04 19200] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-03-23 102016] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CXAVSAUD;FusionHDTV 880, WDM Audio Capture; C:\WINDOWS\system32\drivers\zl88aud.sys [2001-09-02 9216] S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys [] S3 PortlUSB;PortlUSB; C:\WINDOWS\system32\DRIVERS\H10USB.sys [2004-06-23 7552] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys [] S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys [] S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-01 36864] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312] R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128] R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-03-03 1097216] R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152] R2 wwSecSvc;Washer Security Access; C:\WINDOWS\system32\wwSecure.exe [2005-05-20 486400] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] -----------------EOF-----------------
  6. I had some problems with the link you provided - "Lisence key file has expired". So I downloaded the program from the Dr web site. The Kaspersky program has the accept key greyed out so no luck there. It would also appear that you can not up load the DrWeb .csv file so I have copied it below. ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\Jeff\Desktop\ComboFix.exe;Probably BATCH.Virus;; ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Jeff\Desktop\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\Jeff\Desktop;Archive contains infected objects;Moved.; A0106704.bat;C:\System Volume Information\_restore{902BB8F4-3989-4514-AD4C-C3499CFA1629}\RP307;Probably BATCH.Virus;Incurable.Moved.;
  7. ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\WINDOWS\DUMP4239.tmp moved successfully. C:\WINDOWS\DUMP41db.tmp moved successfully. File/Folder C:\WINDOWS\tasks\RegCure Program Check.job not found. File/Folder C:\WINDOWS\tasks\RegCure.job not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Jeff\LOCALS~1\Temp\etilqs_qQrNMZ1JhFO60A4HmBk5 scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 12052008_184932 Files moved on Reboot... File C:\DOCUME~1\Jeff\LOCALS~1\Temp\etilqs_qQrNMZ1JhFO60A4HmBk5 not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be moved on reboot. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\usf5p70s.default\XUL.mfl moved successfully.
  8. Yes, I have tried the 'scannow' command. However, a prompt comes back asking for a service pack 3 disk. If you insert the sp2 disk, the same prompt returns and we go round in circles. I can see no way to proceed past this point.
  9. Yes, it keeps asking for a service pack 3 CD, and although I have a disk (service pack 2), windows was pre installed probably at an earlier version and updated on line.
  10. My system is now so unstable I can't get onto the net to reply - had to hijack another computer. I have a second hard drive with an old ghost copy of my C drive. However, there also appears to be some issues there as well - although this drive appears to boot fine. It will take me some time to get back to you - I'm no teckie and I have some other things I have to do. I'll get back in a week or so, I hope.
  11. The first instruction appeared to work. However the second gives this message. Windows cannot find 'misexec /register'. etc I assumed it was supposed to be 'msiexec /register', so I had a go at that. Incorrect function was the answer.
  12. Have gone back to my earliest restore point. Ran Hyjackthis and removed the two empty empty files. Unable to remove java5.0. Have received a couple of error messages already, eg. The windows installer could not be accessed.........windows installer is not correctly installed...... Reinstalled a couple of times - not change. HKEY_LOCAL_MACHINE\SOFTWARE|JavaSoft\JavaRuntimeEnvironment\1.6.0_10
  13. Unfortunately, that's all the log we are going to get. I have run ComboFix 4 times today and it gets to Completed stage 50, c:\Combofix\Dir root, then crash and restart - with all the subsequent messages abt the system recovering from a serious error etc.
  14. ComboFix 08-10-30.12 - Jeff 2008-10-31 20:12:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.148 [GMT -7:00] Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe * Created a new restore point Also attached is is a screen dump of two of the error messages I got along the way. .