Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 5.3.2025 / 14:06
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > attn: cdavfrew - combo fix log
Show topics
 
Forums
Forums
ATTN: cdavfrew - Combo Fix Log
  Jump to:
 
Posted Message
DSpigener
Newbie
_ 		22. November 2008 @ 00:21 _ Link to this message    Send private message to this user   
Hopefully you got my message in the shoutbox. Here's the log:

ComboFix 08-11-21.03 - Owner 2008-11-22 0:00:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.426 [GMT -5:00]
Running from: c:\documents and settings\Owner.DJ\My Documents\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.DJ\Application Data\inst.exe
c:\program files\Common\helper.sig
c:\windows\system32\irfxykmg.ini
c:\windows\system32\Pncrt.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.

2008-11-12 04:36 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 04:35 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 17:01 . 2008-11-10 17:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-11-10 13:58 . 2008-11-10 13:58 <DIR> d-------- c:\program files\VSO
2008-11-10 13:58 . 2008-11-10 22:01 <DIR> d-------- c:\documents and settings\Owner.DJ\Application Data\Vso
2008-11-10 13:58 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-10 13:58 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-10 13:58 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-11-10 13:58 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-11-10 13:58 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-11-10 13:58 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-11-10 13:58 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2008-11-10 13:58 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-11-10 13:58 . 2008-11-10 13:58 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-10 13:58 . 2008-11-10 13:58 47,360 --a------ c:\documents and settings\Owner.DJ\Application Data\pcouffin.sys
2008-11-10 10:59 . 2008-11-10 10:59 <DIR> d-------- c:\documents and settings\Owner.DJ\Application Data\Ahead
2008-11-10 10:58 . 2004-05-14 16:12 1,916,928 --------- c:\windows\UNNVEContent.exe
2008-11-10 10:58 . 2004-11-30 18:14 67,990 --------- c:\windows\UNNVEContent.cfg
2008-11-10 10:57 . 2005-12-09 15:02 3,051,520 --------- c:\windows\UNNeroVision.exe
2008-11-10 10:57 . 2006-01-30 14:09 156,471 --------- c:\windows\UNNeroVision.cfg
2008-11-10 10:57 . 2001-03-08 18:30 24,064 --------- c:\windows\system32\msxml3a.dll
2008-11-10 10:56 . 2008-11-10 10:56 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-10 10:56 . 2008-11-10 10:56 <DIR> d-------- c:\program files\Ahead
2008-11-10 10:56 . 2008-11-10 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2008-11-10 10:56 . 2000-06-26 10:45 106,496 --------- c:\windows\system32\TwnLib20.dll
2008-11-10 10:56 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll
2008-11-09 19:42 . 2008-11-17 02:28 69 --a------ c:\windows\NeroDigital.ini
2008-11-06 16:21 . 2008-11-06 16:21 <DIR> d-------- c:\documents and settings\Owner.DJ\Application Data\Nero
2008-11-06 16:19 . 2008-11-06 16:21 <DIR> d-------- c:\program files\Nero
2008-11-06 16:19 . 2008-11-06 16:20 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-06 16:19 . 2008-11-06 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-11-06 16:19 . 2006-03-17 11:45 1,757,184 --------- c:\windows\system32\imagX7.dll
2008-11-06 16:19 . 2006-03-17 11:45 802,816 --------- c:\windows\system32\imagXRA7.dll
2008-11-06 16:19 . 2006-03-17 11:45 497,296 --------- c:\windows\system32\imagXpr7.dll
2008-11-06 16:19 . 2006-03-17 14:49 368,640 --------- c:\windows\system32\TwnLib4.dll
2008-11-06 16:19 . 2006-03-17 11:45 258,048 --------- c:\windows\system32\imagXR7.dll
2008-10-24 02:07 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 05:02 --------- d-----w c:\program files\Common
2008-11-21 18:40 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\uTorrent
2008-11-13 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-11 04:43 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\dvdcss
2008-10-30 23:17 --------- d-----w c:\program files\StepMania
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 02:11 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\AVG7
2008-10-21 02:09 --------- d-----w c:\program files\Avira
2008-10-21 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-19 21:08 --------- d-----w c:\program files\ETS
2008-10-19 01:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-19 01:59 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\Malwarebytes
2008-10-19 01:59 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-17 00:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-17 00:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-12 04:54 --------- d-----w c:\program files\Java
2008-10-11 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-11 16:34 --------- d-----w c:\program files\MySpace
2008-10-11 16:34 --------- d-----w c:\program files\Common Files\Real
2008-10-11 16:33 2,918 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-10-11 16:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-11 16:33 --------- d-----w c:\program files\DivX
2008-10-11 16:33 --------- d-----w c:\program files\CyberLink
2008-10-11 16:33 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\IGN_DLM
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 06:41 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\MySpace
2008-09-25 15:54 --------- d-----w c:\program files\SoundTaxi
2008-09-25 15:36 508,544 ----a-w c:\windows\system32\SndTDriverV32.sys
2008-09-25 15:19 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 18:48 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-23 19:42 36,864 ----a-w c:\windows\system32\UsbPadFF.DLL
2008-08-23 19:42 272,384 ----a-w c:\windows\system32\UsbPadCP.DLL
2008-02-22 18:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-05 17:40 698 ----a-w c:\documents and settings\Owner.DJ\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-17_13.11.50.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-11-13 16:14:38 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-16 03:47:49 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-13 16:26:24 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-16 03:47:49 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-13 16:26:26 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-16 03:47:49 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-13 16:26:24 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-16 03:47:49 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-13 16:26:25 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-10-16 03:47:49 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-13 16:26:26 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-16 03:47:49 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-13 16:26:26 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-16 03:47:50 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-13 16:26:28 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-16 03:47:49 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-13 16:26:25 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-16 03:47:49 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-13 16:26:25 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-16 03:47:49 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-13 16:26:26 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-16 03:47:50 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-13 16:26:27 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-16 03:47:49 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-13 16:26:24 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 1998-10-29 23:45:06 306,688 ----a-w c:\windows\IsUninst.exe
+ 1998-10-29 20:45:06 306,688 ----a-w c:\windows\IsUninst.exe
- 2000-08-31 12:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 1995-01-13 17:10:00 108,544 ----a-w c:\windows\system\COMPOBJ.DLL
+ 1994-09-16 18:00:00 36,864 ----a-w c:\windows\system\DDEML.DLL
+ 1995-10-16 23:55:44 9,136 ----a-w c:\windows\system\INETWH16.DLL
+ 1995-04-27 03:15:54 322,384 ----a-w c:\windows\system\MFC250.DLL
+ 1995-04-27 03:20:22 125,856 ----a-w c:\windows\system\MFCO250.DLL
+ 1995-04-27 02:33:10 146,976 ----a-w c:\windows\system\MFCOLEUI.DLL
+ 1995-01-13 17:10:00 302,592 ----a-w c:\windows\system\OLE2.DLL
+ 1995-01-13 17:10:00 57,328 ----a-w c:\windows\system\OLE2CONV.DLL
+ 1995-01-13 17:10:00 164,832 ----a-w c:\windows\system\OLE2DISP.DLL
+ 1995-01-13 17:10:00 150,976 ----a-w c:\windows\system\OLE2NLS.DLL
+ 1995-01-13 17:10:00 51,712 ----a-w c:\windows\system\OLE2PROX.DLL
+ 1995-01-13 17:10:00 157,696 ----a-w c:\windows\system\STORAGE.DLL
+ 1994-09-16 18:00:00 14,128 ----a-w c:\windows\system\TOOLHELP.DLL
+ 1995-01-13 17:10:00 177,216 ----a-w c:\windows\system\TYPELIB.DLL
- 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-05-09 17:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 22:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-11-11 04:50:19 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-03-01 14:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-10-07 16:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:01 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-10-08 18:19:16 64,774 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-04 22:08:30 64,774 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-08 18:19:16 409,800 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-04 22:08:30 409,800 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2008-11-21 16:48:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4b8.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2006-12-02 05:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 446464]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-27 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=c:\documents and settings\Owner.DJ\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=c:\windows\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner.DJ\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\Owner.DJ\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 21:46 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-10-17 07:03 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 22:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 18:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhanTim30]
--a------ 2004-06-14 22:48 1211392 c:\program files\PhanTim3\PhanTim3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 01:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-02-25 20:24 966656 c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
--a------ 2003-05-15 19:36 446464 c:\program files\ScreenPrint32 v3\ScreenPrint32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PrismXL"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"AdobeActiveFileMonitor6.0"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner.DJ\\My Documents\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Google\\Google Earth\\googleearth.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Toblo\\Toblo 1.2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48216:TCP"= 48216:TCP:uTorrent
"23073:TCP"= 23073:TCP:Soldats
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R2 RMSvc;Media Center Extender Resource Monitor;c:\windows\ehome\RMSvc.exe [2005-10-20 28160]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2007-06-05 200576]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-09-25 3768]
R3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2008-09-25 508544]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys []
S3 EMSUSB2;EMSUSB2;\??\c:\windows\system32\Drivers\EMSUSB2.SYS [2008-08-23 6704]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys []
S3 QWAVE;QWAVE service;c:\windows\system32\svchost.exe -k QWAVE [2007-06-05 14336]
S3 SoundMovieServer;SoundMovieServer;"c:\windows\system32\snmvtsvc.exe" [2008-09-25 184320]
S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys []
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-21 c:\windows\Tasks\User_Feed_Synchronization-{0E3944D7-687F-419A-B31C-958E3F93ECAF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 00:06:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-22 0:08:56
ComboFix-quarantined-files.txt 2008-11-22 05:07:37
ComboFix2.txt 2008-10-17 17:12:20

Pre-Run: 5,201,821,696 bytes free
Post-Run: 5,857,112,064 bytes free

340 --- E O F --- 2008-11-13 16:26:40

-----------

Thanks again.
[ + quote]
cdavfrew
Senior Member
_ 		22. November 2008 @ 03:52 _ Link to this message    Send private message to this user   
Hey DSpigener

Thanks for the nice message in my shoutbox, and this websites does have a private messenging system.

I didn't quite get what your problems were; blue screens? When? And any other problems/

Could you also post a HijackThis log? Thanks.

Best Regards :D
[ + quote]
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

DSpigener
Newbie
_ 		23. November 2008 @ 21:19 _ Link to this message    Send private message to this user   
I unfortunately do not remember the exact error message, but I'll be sure to document it next time it happens. In the meantime, I'll post a HijackThis log. Thanks again.
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > attn: cdavfrew - combo fix log
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork