Solve : HijackThis.exe not showing up Trend Micro folder so I can rena

1.	Solve : HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper?
Answer» You may recognize the instructions below from your malware preparation bulletin. Step 6: HijackThis Please run HijackThis only after the above steps have been completed Download and rename HijackThis.exe (HJT) * Double-click on HJTInstall. * Click on the Install button. * It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. * Upon install, HijackThis should open for you. * Close HijackThis and rename it. * Go to C:\Program Files\Trend Micro\HijackThis.exe * Right click on HijackThis.exe and select Rename. * Type in sniper.exe and press Enter. * Right-click on sniper.exe and select Send To > Desktop (create shortcut) I already had HijackThis installed but I re-installed it. Stilll, inside the Trend Micro folder, there was no HijackThis.exe file, only a Backups folder, hijackthis text document and a HijackThis icon which opens the program when you double-click it. I did a search and the HijackThis.exe file did not show up. Is it necessary to rename this file to sniper.exe (and why do you do that, anyway)? I have initiated this malware removal process because I started getting this error when starting up: "Error loading dll32 The specified module could not be found." I cannot open my web browser (Firefox) now on my user account. I'm assuming the error message relates to the browser problem. So I now have to go into my daughter's user account to get online and begin this process of communicating with you. By the way, I have given her account administrator rights so I can proceed. I have done all the steps in your prepatory bulletin up to the "HijackThis - rename to sniper" step and now am hitting this snag of not finding the HijackThis.exe file. What do you propose? Quote and a HijackThis icon which opens the program when you double-click it. That's what you need to rename.OK, I changed the icon name to sniper.exe and put it on the desktop. Once again, currently, the main problem is that I get the following error message when I log on to my user account: "Error Loading dll32 The specified module could not be found". And then I cannot open my Firefox browser. I get this error mesage: "Proxy Server Refused Connection. Firefox is configured to use a proxy server that is refusing connections."(I'm assuming the dll32 file has something to do with that). I even tried inserting my Windows XP disc to have that file repaired but it did not seem to work. I have to switch user accounts so that I can get on the internet. Here are the logs: (I've also included and AVG report at the end to show you what it detected) SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/18/2009 at 05:57 PM Application Version : 4.25.1014 Core Rules Database Version : 3803 Trace Rules Database Version: 1758 Scan type : Complete Scan Total Scan Time : 02:39:48 Memory items scanned : 428 Memory threats detected : 0 Registry items scanned : 6176 Registry threats detected : 112 File items scanned : 95255 File threats detected : 56 Adware.MyWebSearch HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} Adware.MyWebSearch/FunWebProducts HKU\S-1-5-21-1960408961-448539723-725345543-1006\SOFTWARE\MyWebSearch HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1 HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32 HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32 HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32 HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#NextInstance Adware.Tracking Cookie www3.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .videoegg.adbureau.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] www.burstbeacon.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] tracker.mediatracker.co.nz [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .roiservice.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .gaiainteractive.112.2o7.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] server.cpmstar.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .stats.adbrite.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .earthlinkfinder.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .aaotracker.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .aaotracker.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .adlegend.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .adlegend.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .atwola.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] www8.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] www7.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] ads.gamesbannernet.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] ads.gamesbannernet.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .collective-media.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] .collective-media.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ] C:\Documents and Settings\David\Cookies\[email protected][1].txt C:\Documents and Settings\Leanne\Cookies\[email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt Malwarebytes' Anti-Malware 1.34 Database version: 1866 Windows 5.1.2600 Service Pack 3 3/18/2009 6:58:30 PM mbam-log-2009-03-18 (18-58-30).txt Scan type: Quick Scan Objects scanned: 93990 Time elapsed: 10 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 27 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Delete on reboot. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:15:54 PM, on 3/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Tablet.exe C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/http://www.yahoo.com/ext/search/search.html R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'user pc') O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [dll] rundll32 dll32,sm (User 'user pc') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175397160937 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9028 bytes AVG Anti-Virus free edition "scan whole computer" report: 8.0.238 "C:\Documents and Settings\user pc\Local Settings\Temp\tt_1237291175.exe";"Trojan horse SHeur2.WHB";"Moved to Virus Vault" "C:\Documents and Settings\user pc\Local Settings\Temp\tt_1237294987.exe";"Trojan horse SHeur2.WHB";"Moved to Virus Vault" "C:\Documents and Settings\user pc\Local Settings\Temp\wJQs.exe";"Trojan horse SHeur2.QVU";"Moved to Virus Vault" "C:\windows\ld02.exe";"Trojan horse SHeur2.WGW";"Moved to Virus Vault" "C:\windows\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault" "C:\windows\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault" "C:\WINDOWS\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault" "C:\WINDOWS\pp03.exe (172)";"Trojan horse SHeur2.WHP";"Reboot is required to finish the action" "C:\WINDOWS\system32\dll32.dll";"Trojan horse Pakes.CTG";"Moved to Virus Vault" "C:\WINDOWS\system32\dll32.dll";"Trojan horse Pakes.CTG";"Infected" "C:\WINDOWS\system32\rundll32.exe (208)";"Trojan horse Pakes.CTG";"Reboot is required to finish the action" Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/http://www.yahoo.com/ext/search O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [dll] rundll32 dll32,sm (User \'user pc\') . Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixFor some reason, I am unable to disable the Anti-Virus and Anti-Spyware components of the AVG free edition. There's nothing to uncheck Just right click the AVG tray icon and choose to stop or exit. Run ComboFix and if anything tries to stop it from running then just allow it instead of blocking it.ComboFix 09-03-18.01 - Becky 2009-03-19 0:49:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1182 [GMT -4:00] Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning ENABLED (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documents\notepad.exe c:\documents and settings\Becky\Desktop\notepad.exe c:\documents and settings\user pc\Desktop\notepad.exe c:\documents and settings\user pc\Desktop\Shared\b.bking\desktop_.ini c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\system32\mdm.exe . ((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 ))))))))))))))))))))))))))))))) . 2009-03-18 19:09 . 2009-03-18 19:09 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-18 18:42 . 2009-03-18 18:42 d-------- c:\documents and settings\Becky\Application Data\Malwarebytes 2009-03-18 18:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-18 18:41 . 2009-03-18 18:42 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 18:41 . 2009-03-18 18:41 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-18 18:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\program files\SUPERAntiSpyware 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com 2009-03-18 15:04 . 2009-03-18 15:04 d-------- c:\program files\CCleaner 2009-03-17 16:44 . 2009-03-17 16:44 d--hs---- C:\found.000 2009-03-17 15:50 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-03-17 15:50 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-03-17 15:50 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-03-17 15:50 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-03-17 15:50 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-03-17 15:50 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-03-17 15:50 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-03-17 15:50 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys 2009-03-17 15:50 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys 2009-03-17 15:50 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-17 15:50 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-03-17 15:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-03-17 15:47 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-03-17 15:46 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys 2009-03-17 15:45 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys 2009-03-17 15:44 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys 2009-03-17 15:43 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll 2009-03-17 15:42 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll 2009-03-17 15:41 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys 2009-03-17 15:40 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys 2009-03-17 15:33 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys 2009-03-17 15:32 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll 2009-03-17 15:31 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys 2009-03-17 15:30 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-03-17 15:30 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll 2009-03-17 15:30 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-03-17 15:30 . 2008-04-13 14:46 53,376 --a--c--- c:\windows\system32\dllcache\1394bus.sys 2009-03-17 15:30 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys 2009-03-17 00:05 . 2009-03-17 00:05 0 --a------ c:\windows\system32\nfr.gpref 2009-03-17 00:05 . 2009-03-17 00:05 0 --a------ c:\windows\system32\nfr.assembly 2009-03-16 23:50 . 2009-03-16 23:50 1 --a------ c:\windows\9g234sdfdfgjf23 2009-03-16 22:24 . 2009-03-16 22:24 2 ---h----- c:\windows\t55ft2807f44.dat 2009-03-11 21:16 . 2009-03-11 21:16 d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 04:11 --------- d-----w c:\documents and settings\user pc\Application Data\WTablet 2009-03-18 23:12 --------- d-----w c:\program files\Java 2009-03-18 19:00 --------- d-----w c:\program files\Lavasoft 2009-03-18 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-17 09:26 --------- d-----w c:\documents and settings\user pc\Application Data\uTorrent 2009-03-15 21:35 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-03-15 21:34 202,352 ----a-w c:\windows\system32\PnkBstrB.exe 2009-03-15 04:15 --------- d-----w c:\documents and settings\user pc\Application Data\DVD Flick 2009-03-15 01:38 --------- d-----w c:\documents and settings\user pc\Application Data\dvdcss 2009-03-07 17:20 --------- d-----w c:\program files\Ahead 2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\ZoomBrowser EX 2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\CameraWindowDC 2009-02-25 15:41 --------- d-----w c:\documents and settings\user pc\Application Data\AVGTOOLBAR 2009-02-12 16:12 --------- d-----w c:\program files\Google 2009-02-11 02:24 34 ----a-w c:\documents and settings\user pc\jagex_runescape_preferences.dat 2009-02-10 04:35 --------- d-----w c:\documents and settings\Leanne\Application Data\AVGTOOLBAR 2009-02-10 04:19 --------- d-----w c:\documents and settings\Leanne\Application Data\vlc 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 03:08 --------- d-----w c:\documents and settings\Leanne\Application Data\Apple Computer 2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\WTablet 2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\Network Associates 2009-02-09 02:42 --------- d-----w c:\documents and settings\Becky\Application Data\AVGTOOLBAR 2009-02-09 02:38 --------- d-----w c:\documents and settings\Becky\Application Data\vlc 2009-02-05 18:37 --------- d-----w c:\documents and settings\user pc\Application Data\vlc 2009-02-05 18:16 --------- d-----w c:\program files\VideoLAN 2009-02-03 19:16 --------- d-----w c:\program files\Improvisation 2009-01-27 15:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-27 15:56 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-27 15:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-25 05:54 --------- d-----w c:\documents and settings\user pc\Application Data\Any VIDEO Converter 2009-01-24 22:06 --------- d-----w c:\program files\AVG 2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-01-24 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2008-09-27 02:22 24 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269] "McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888] "NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk backup=c:\windows\pss\Personal Coach.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe] --a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"= 80:TCP:dll32 "7171:TCP"= 7171:TCP:dll32 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] . Contents of the 'Scheduled Tasks' folder 2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] 2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe MSConfigStartUp-DT Task - c:\program files\Gateway\EzTune\DTHtml.exe MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-19 00:52:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus] DACL=(02 0000) ="0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID] DACL=(02 0000) ="MyWebSearchToolBar.SettingsPlugin.1" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib] DACL=(02 0000) ="{07B18EA0-A523-4961-B6BB-170DE4475CCA}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version] DACL=(02 0000) ="1.0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID] DACL=(02 0000) ="MyWebSearchToolBar.SettingsPlugin" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32] DACL=(02 0000) ="c:\\WINDOWS\\system32\\shdocvw.dll" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance] DACL=(02 0000) "CLSID"="{4D5C8C2A-D075-11d0-B416-00C04FB90376}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID] DACL=(02 0000) ="MyWebSearchToolBar.ToolbarPlugin.1" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib] DACL=(02 0000) ="{07B18EA0-A523-4961-B6BB-170DE4475CCA}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID] DACL=(02 0000) ="MyWebSearchToolBar.ToolbarPlugin" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus] DACL=(02 0000) ="0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib] DACL=(02 0000) ="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version] DACL=(02 0000) ="1.0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus] DACL=(02 0000) ="0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID] DACL=(02 0000) ="MyWebSearch.PseudoTransparentPlugin.1" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib] DACL=(02 0000) ="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version] DACL=(02 0000) ="1.0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID] DACL=(02 0000) ="MyWebSearch.PseudoTransparentPlugin" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus] DACL=(02 0000) ="0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib] DACL=(02 0000) ="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version] DACL=(02 0000) ="1.0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs] DACL=(02 0000) ="{A9571378-68A1-443d-B082-284F960C6D17}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3OUTLCN.DLL" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID] DACL=(02 0000) ="MyWebSearch.OutlookAddin.1" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable] DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID] DACL=(02 0000) ="MyWebSearch.OutlookAddin" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid] DACL=(02 0000) ="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32] DACL=(02 0000) ="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib] DACL=(02 0000) ="{D518921A-4A03-425E-9873-B9A71756821E}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0] DACL=(02 0000) ="HtmldocPlugin 1.0 Type Library" [HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550] DACL=(02 0000) "Analog 0.700,0.300Caps"="vcp(02 04 05 06 08 0E 10 12 14(01 05 08 0B) 16 18 1A 1E 20 30 3E 52 60(01 03) 68 AC AE B2 B6 C0 C6 C8 C9 CA D6(01 04) DF FA FB FC FD FE AA(01 04)) vcp_p2(37 38 39 3B) type(LCD) mccs_ver(2.0) asset_eep(64) mpu(0.04)" [HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf] DACL=(02 0000) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-03-19 0:54:11 ComboFix-quarantined-files.txt 2009-03-19 04:54:07 Pre-Run: 31,787,245,568 bytes free Post-Run: 32,360,882,176 bytes free CURRENT=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 376 --- E O F --- 2009-03-13 22:12:01 I just did a search about the original error I received: "error loading dll32". I saw somebody's response to their browser not being able to access the internet (like my problem). Apparently changed the proxy settings (which I had no idea what that was, but Googled and found how to change them on firefox). I looked at the proxy settings on an uncorrupted user account and saw how they were set "No Proxy". My corrupted user account was set for manual with a particular port. When I changed it to "No Proxy", voila, internet access. Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: RegLock:: [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable] [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID] [-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid] [-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32] [-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib] Folder:: C:\found.000 c:\windows\system32\nfr.gpref c:\windows\system32\nfr.assembly c:\windows\9g234sdfdfgjf23 File:: c:\windows\system32\nfr.assembly C:\found.000 c:\windows\t55ft2807f44.dat Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"=- "7171:TCP"=- 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze** ComboFix 09-03-18.01 - Becky 2009-03-19 11:37:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1092 [GMT -4:00] Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning enabled (Updated) * Created a new restore point FILE :: C:\found.000 c:\windows\system32\nfr.assembly c:\windows\t55ft2807f44.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Becky\Desktop\notepad.exe C:\found.000 c:\found.000\file0000.chk c:\windows\9g234sdfdfgjf23\ c:\windows\system32\nfr.assembly c:\windows\system32\nfr.gpref\ c:\windows\t55ft2807f44.dat . ((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 ))))))))))))))))))))))))))))))) . 2009-03-18 19:09 . 2009-03-18 19:09 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-18 18:42 . 2009-03-18 18:42 d-------- c:\documents and settings\Becky\Application Data\Malwarebytes 2009-03-18 18:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-18 18:41 . 2009-03-18 18:42 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 18:41 . 2009-03-18 18:41 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-18 18:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\program files\SUPERAntiSpyware 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com 2009-03-18 15:04 . 2009-03-18 15:04 d-------- c:\program files\CCleaner 2009-03-17 15:50 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-03-17 15:50 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-03-17 15:50 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-03-17 15:50 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-03-17 15:50 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-03-17 15:50 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-03-17 15:50 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-03-17 15:50 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys 2009-03-17 15:50 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys 2009-03-17 15:50 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-17 15:50 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-03-17 15:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-03-17 15:47 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-03-17 15:46 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys 2009-03-17 15:45 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys 2009-03-17 15:44 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys 2009-03-17 15:43 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll 2009-03-17 15:42 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll 2009-03-17 15:41 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys 2009-03-17 15:40 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys 2009-03-17 15:33 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys 2009-03-17 15:32 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll 2009-03-17 15:31 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys 2009-03-17 15:30 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-03-17 15:30 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll 2009-03-17 15:30 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-03-17 15:30 . 2008-04-13 14:46 53,376 --a--c--- c:\windows\system32\dllcache\1394bus.sys 2009-03-17 15:30 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys 2009-03-17 00:05 . 2009-03-17 00:05 0 --a------ c:\windows\system32\nfr.gpref 2009-03-16 23:50 . 2009-03-16 23:50 1 --a------ c:\windows\9g234sdfdfgjf23 2009-03-11 21:16 . 2009-03-11 21:16 d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 15:29 --------- d-----w c:\documents and settings\user pc\Application Data\WTablet 2009-03-18 23:12 --------- d-----w c:\program files\Java 2009-03-18 19:00 --------- d-----w c:\program files\Lavasoft 2009-03-18 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-17 09:26 --------- d-----w c:\documents and settings\user pc\Application Data\uTorrent 2009-03-15 21:35 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-03-15 04:15 --------- d-----w c:\documents and settings\user pc\Application Data\DVD Flick 2009-03-15 01:38 --------- d-----w c:\documents and settings\user pc\Application Data\dvdcss 2009-03-07 17:20 --------- d-----w c:\program files\Ahead 2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\ZoomBrowser EX 2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\CameraWindowDC 2009-02-25 15:41 --------- d-----w c:\documents and settings\user pc\Application Data\AVGTOOLBAR 2009-02-12 16:12 --------- d-----w c:\program files\Google 2009-02-11 02:24 34 ----a-w c:\documents and settings\user pc\jagex_runescape_preferences.dat 2009-02-10 04:35 --------- d-----w c:\documents and settings\Leanne\Application Data\AVGTOOLBAR 2009-02-10 04:19 --------- d-----w c:\documents and settings\Leanne\Application Data\vlc 2009-02-09 03:08 --------- d-----w c:\documents and settings\Leanne\Application Data\Apple Computer 2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\WTablet 2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\Network Associates 2009-02-09 02:42 --------- d-----w c:\documents and settings\Becky\Application Data\AVGTOOLBAR 2009-02-09 02:38 --------- d-----w c:\documents and settings\Becky\Application Data\vlc 2009-02-05 18:37 --------- d-----w c:\documents and settings\user pc\Application Data\vlc 2009-02-05 18:16 --------- d-----w c:\program files\VideoLAN 2009-02-03 19:16 --------- d-----w c:\program files\Improvisation 2009-01-27 15:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-27 15:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-25 05:54 --------- d-----w c:\documents and settings\user pc\Application Data\Any Video Converter 2009-01-24 22:06 --------- d-----w c:\program files\AVG 2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-01-24 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2008-09-27 02:22 24 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat . ((((((((((((((((((((((((((((( [email protected]_ 0.53.12.29 ))))))))))))))))))))))))))))))))))))))))) . - 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\admxprox.dll + 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\admxprox.dll - 2002-08-29 12:00:00 49,664 -c--a-w c:\windows\system32\dllcache\adrot.dll + 2004-08-04 01:07:00 49,664 -c--a-w c:\windows\system32\dllcache\adrot.dll - 2002-08-29 12:00:00 10,240 -c--a-w c:\windows\system32\dllcache\aspperf.dll + 2004-08-04 01:07:00 10,240 -c--a-w c:\windows\system32\dllcache\aspperf.dll - 2002-08-29 12:00:00 29,184 -c--a-w c:\windows\system32\dllcache\asptxn.dll + 2004-08-04 01:07:00 29,184 -c--a-w c:\windows\system32\dllcache\asptxn.dll - 2002-08-29 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\authfilt.dll + 2004-08-04 01:07:00 9,216 -c--a-w c:\windows\system32\dllcache\authfilt.dll - 2002-08-29 12:00:00 45,568 -c--a-w c:\windows\system32\dllcache\browscap.dll + 2004-08-04 01:07:00 45,568 -c--a-w c:\windows\system32\dllcache\browscap.dll - 2002-08-29 12:00:00 6,656 -c--a-w c:\windows\system32\dllcache\c_is2022.dll + 2004-08-04 01:07:00 6,656 -c--a-w c:\windows\system32\dllcache\c_is2022.dll - 2002-08-29 12:00:00 10,752 -c--a-w c:\windows\system32\dllcache\c_iscii.dll + 2004-08-04 01:07:00 10,752 -c--a-w c:\windows\system32\dllcache\c_iscii.dll - 2002-08-29 12:00:00 54,528 -c--a-w c:\windows\system32\dllcache\cap7146.sys + 2004-08-04 01:07:00 54,528 -c--a-w c:\windows\system32\dllcache\cap7146.sys - 2002-08-29 12:00:00 9,728 -c--a-w c:\windows\system32\dllcache\change.exe + 2004-08-04 01:07:00 9,728 -c--a-w c:\windows\system32\dllcache\change.exe - 2002-08-29 12:00:00 13,312 -c--a-w c:\windows\system32\dllcache\chglogon.exe + 2004-08-04 01:07:00 13,312 -c--a-w c:\windows\system32\dllcache\chglogon.exe - 2002-08-29 12:00:00 15,872 -c--a-w c:\windows\system32\dllcache\chgport.exe + 2004-08-04 01:07:00 15,872 -c--a-w c:\windows\system32\dllcache\chgport.exe - 2002-08-29 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\chgusr.exe + 2004-08-04 01:07:00 14,336 -c--a-w c:\windows\system32\dllcache\chgusr.exe - 2002-08-29 12:00:00 1,677,824 -c--a-w c:\windows\system32\dllcache\chsbrkr.dll + 2004-08-04 01:07:00 1,677,824 -c--a-w c:\windows\system32\dllcache\chsbrkr.dll - 2002-08-29 12:00:00 838,144 -c--a-w c:\windows\system32\dllcache\chtbrkr.dll + 2004-08-04 01:07:00 838,144 -c--a-w c:\windows\system32\dllcache\chtbrkr.dll - 2002-08-29 12:00:00 33,792 -c--a-w c:\windows\system32\dllcache\controt.dll + 2004-08-04 01:07:00 33,792 -c--a-w c:\windows\system32\dllcache\controt.dll - 2002-08-29 12:00:00 56,320 -c--a-w c:\windows\system32\dllcache\convlog.exe + 2004-08-04 01:07:00 56,320 -c--a-w c:\windows\system32\dllcache\convlog.exe - 2002-08-29 12:00:00 20,480 -c--a-w c:\windows\system32\dllcache\counters.dll + 2004-08-04 01:07:00 20,480 -c--a-w c:\windows\system32\dllcache\counters.dll - 2002-08-29 12:00:00 18,944 -c--a-w c:\windows\system32\dllcache\cprofile.exe + 2004-08-04 01:07:00 18,944 -c--a-w c:\windows\system32\dllcache\cprofile.exe - 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\esucmd.dll + 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\esucmd.dll - 2002-08-29 12:00:00 57,856 -c--a-w c:\windows\system32\dllcache\esuimgd.dll + 2004-08-04 01:07:00 57,856 -c--a-w c:\windows\system32\dllcache\esuimgd.dll - 2002-08-29 12:00:00 45,056 -c--a-w c:\windows\system32\dllcache\esunid.dll + 2004-08-04 01:07:00 45,056 -c--a-w c:\windows\system32\dllcache\esunid.dll - 2002-08-29 12:00:00 25,856 -c--a-w c:\windows\system32\dllcache\et4000.sys + 2004-08-04 01:07:00 25,856 -c--a-w c:\windows\system32\dllcache\et4000.sys - 2002-08-29 12:00:00 14,848 -c--a-w c:\windows\system32\dllcache\flattemp.exe + 2004-08-04 01:07:00 14,848 -c--a-w c:\windows\system32\dllcache\flattemp.exe - 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\ftlx041e.dll + 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\ftlx041e.dll - 2002-08-29 12:00:00 7,680 -c--a-w c:\windows\system32\dllcache\ftpctrs2.dll + 2004-08-04 01:07:00 7,680 -c--a-w c:\windows\system32\dllcache\ftpctrs2.dll - 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll + 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll - 2002-08-29 12:00:00 111,104 -c--a-w c:\windows\system32\dllcache\fxscfgwz.dll + 2004-08-04 01:07:00 111,104 -c--a-w c:\windows\system32\dllcache\fxscfgwz.dll - 2002-08-29 12:00:00 132,608 -c--a-w c:\windows\system32\dllcache\fxsclntr.dll + 2004-08-04 01:07:00 132,608 -c--a-w c:\windows\system32\dllcache\fxsclntr.dll - 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\fxsroute.dll + 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\fxsroute.dll - 2002-08-29 12:00:00 11,264 -c--a-w c:\windows\system32\dllcache\fxssend.exe + 2004-08-04 01:07:00 11,264 -c--a-w c:\windows\system32\dllcache\fxssend.exe - 2002-08-29 12:00:00 36,864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll + 2004-08-04 01:07:00 36,864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll - 2002-08-29 12:00:00 10,096,640 -c--a-w c:\windows\system32\dllcache\hwxcht.dll + 2004-08-04 01:07:00 10,096,640 -c--a-w c:\windows\system32\dllcache\hwxcht.dll - 2002-08-29 12:00:00 10,129,408 -c--a-w c:\windows\system32\dllcache\hwxkor.dll + 2004-08-04 01:07:00 10,129,408 -c--a-w c:\windows\system32\dllcache\hwxkor.dll - 2002-08-29 12:00:00 60,928 -c--a-w c:\windows\system32\dllcache\iisclex4.dll + 2004-08-04 01:07:00 60,928 -c--a-w c:\windows\system32\dllcache\iisclex4.dll - 2002-08-29 12:00:00 19,456 -c--a-w c:\windows\system32\dllcache\iiscrmap.dll + 2004-08-04 01:07:00 19,456 -c--a-w c:\windows\system32\dllcache\iiscrmap.dll - 2002-08-29 12:00:00 3,584 -c--a-w c:\windows\system32\dllcache\iismui.dll + 2004-08-04 01:07:00 3,584 -c--a-w c:\windows\system32\dllcache\iismui.dll - 2002-08-29 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\iisreset.exe + 2004-08-04 01:07:00 14,336 -c--a-w c:\windows\system32\dllcache\iisreset.exe - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll - 2002-08-29 12:00:00 6,656 -c--a-w c:\windows\system32\dllcache\iissync.exe + 2004-08-04 01:07:00 6,656 -c--a-w c:\windows\system32\dllcache\iissync.exe - 2002-08-29 12:00:00 169,984 -c--a-w c:\windows\system32\dllcache\iisui.dll + 2004-08-04 01:07:00 169,984 -c--a-w c:\windows\system32\dllcache\iisui.dll - 2002-08-29 12:00:00 44,032 -c--a-w c:\windows\system32\dllcache\imekrmig.exe + 2004-08-04 01:07:00 44,032 -c--a-w c:\windows\system32\dllcache\imekrmig.exe - 2002-08-29 12:00:00 102,463 -c--a-w c:\windows\system32\dllcache\imepadsm.dll + 2004-08-04 01:07:00 102,463 -c--a-w c:\windows\system32\dllcache\imepadsm.dll - 2002-08-29 12:00:00 311,359 -c--a-w c:\windows\system32\dllcache\imepadsv.exe + 2004-08-04 01:07:00 311,359 -c--a-w c:\windows\system32\dllcache\imepadsv.exe - 2002-08-29 12:00:00 57,398 -c--a-w c:\windows\system32\dllcache\imjpdadm.exe + 2004-08-04 01:07:00 57,398 -c--a-w c:\windows\system32\dllcache\imjpdadm.exe - 2002-08-29 12:00:00 45,109 -c--a-w c:\windows\system32\dllcache\imjpuex.exe + 2004-08-04 01:07:00 45,109 -c--a-w c:\windows\system32\dllcache\imjpuex.exe - 2002-08-29 12:00:00 59,904 -c--a-w c:\windows\system32\dllcache\imkrinst.exe + 2004-08-04 01:07:00 59,904 -c--a-w c:\windows\system32\dllcache\imkrinst.exe - 2002-08-29 12:00:00 471,102 -c--a-w c:\windows\system32\dllcache\imskdic.dll + 2004-08-04 01:07:00 471,102 -c--a-w c:\windows\system32\dllcache\imskdic.dll - 2002-08-29 12:00:00 7,680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe + 2004-08-04 01:07:00 7,680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe - 2002-08-29 12:00:00 19,968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll + 2004-08-04 01:07:00 19,968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll - 2002-08-29 12:00:00 8,704 -c--a-w c:\windows\system32\dllcache\infoctrs.dll + 2004-08-04 01:07:00 8,704 -c--a-w c:\windows\system32\dllcache\infoctrs.dll - 2002-08-29 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\isapips.dll + 2004-08-04 01:07:00 7,168 -c--a-w c:\windows\system32\dllcache\isapips.dll - 2002-08-29 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\iwrps.dll + 2004-08-04 01:07:00 9,216 -c--a-w c:\windows\system32\dllcache\iwrps.dll - 2002-08-29 12:00:00 18,432 -c--a-w c:\windows\system32\dllcache\jupiw.dll + 2004-08-04 01:07:00 18,432 -c--a-w c:\windows\system32\dllcache\jupiw.dll - 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbd101a.dll + 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\kbd101a.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda1.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda1.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda2.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda2.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda3.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbda3.dll - 2002-08-29 12:00:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdarme.dll + 2004-08-04 01:07:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdarme.dll - 2002-08-29 12:00:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdarmw.dll + 2004-08-04 01:07:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdarmw.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbddiv1.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbddiv1.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbddiv2.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbddiv2.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdfa.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdfa.dll - 2002-08-29 12:00:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdgeo.dll + 2004-08-04 01:07:00 5,120 -c--a-w c:\windows\system32\dllcache\kbdgeo.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdheb.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdheb.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdindev.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdindev.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinguj.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinguj.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinhin.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinhin.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinkan.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinkan.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinmar.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdinmar.dll - 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdinpun.dll + 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdinpun.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdintam.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdintam.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdintel.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdintel.dll - 2002-08-29 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\kbdnec95.dll + 2004-08-04 01:07:00 7,168 -c--a-w c:\windows\system32\dllcache\kbdnec95.dll - 2002-08-29 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll + 2004-08-04 01:07:00 9,216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll - 2002-08-29 12:00:00 7,680 -c--a-w c:\windows\system32\dllcache\kbdnecnt.dll + 2004-08-04 01:07:00 7,680 -c--a-w c:\windows\system32\dllcache\kbdnecnt.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdsyr1.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdsyr1.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdsyr2.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdsyr2.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdth0.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdth0.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdth1.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdth1.dll - 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdth2.dll + 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdth2.dll - 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdth3.dll + 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdth3.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdurdu.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdurdu.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdusa.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdusa.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdvntc.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\kbdvntc.dll - 2002-08-29 12:00:00 70,656 -c--a-w c:\windows\system32\dllcache\korwbrkr.dll + 2004-08-04 01:07:00 70,656 -c--a-w c:\windows\system32\dllcache\korwbrkr.dll - 2002-08-29 12:00:00 22,016 -c--a-w c:\windows\system32\dllcache\logscrpt.dll + 2004-08-04 01:07:00 22,016 -c--a-w c:\windows\system32\dllcache\logscrpt.dll - 2002-08-29 12:00:00 26,624 -c--a-w c:\windows\system32\dllcache\mdsync.dll + 2004-08-04 01:07:00 26,624 -c--a-w c:\windows\system32\dllcache\mdsync.dll - 2002-08-29 12:00:00 92,032 -c--a-w c:\windows\system32\dllcache\mga.dll + 2004-08-04 01:07:00 92,032 -c--a-w c:\windows\system32\dllcache\mga.dll - 2002-08-29 12:00:00 92,416 -c--a-w c:\windows\system32\dllcache\mga.sys + 2004-08-04 01:07:00 92,416 -c--a-w c:\windows\system32\dllcache\mga.sys - 2002-08-29 12:00:00 34,304 -c--a-w c:\windows\system32\dllcache\migisol.exe + 2004-08-04 01:07:00 34,304 -c--a-w c:\windows\system32\dllcache\migisol.exe - 2002-08-29 12:00:00 98,304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll + 2004-08-04 01:07:00 98,304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll - 2002-08-29 12:00:00 229,439 -c--a-w c:\windows\system32\dllcache\multibox.dll + 2004-08-04 01:07:00 229,439 -c--a-w c:\windows\system32\dllcache\multibox.dll - 2002-08-29 12:00:00 53,248 -c--a-w c:\windows\system32\dllcache\nextlink.dll + 2004-08-04 01:07:00 53,248 -c--a-w c:\windows\system32\dllcache\nextlink.dll - 2002-08-29 12:00:00 36,927 -c--a-w c:\windows\system32\dllcache\padrs411.dll + 2004-08-04 01:07:00 36,927 -c--a-w c:\windows\system32\dllcache\padrs411.dll - 2002-08-29 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\padrs412.dll + 2004-08-04 01:07:00 14,336 -c--a-w c:\windows\system32\dllcache\padrs412.dll - 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\pagecnt.dll + 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\pagecnt.dll - 2002-08-29 12:00:00 20,992 -c--a-w c:\windows\system32\dllcache\permchk.dll + 2004-08-04 01:07:00 20,992 -c--a-w c:\windows\system32\dllcache\permchk.dll - 2002-08-29 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\pmxgl.dll + 2004-08-04 01:07:00 6,144 -c--a-w c:\windows\system32\dllcache\pmxgl.dll - 2002-08-29 12:00:00 11,264 -c--a-w c:\windows\system32\dllcache\pmxmcro.dll + 2004-08-04 01:07:00 11,264 -c--a-w c:\windows\system32\dllcache\pmxmcro.dll - 2002-08-29 12:00:00 131,584 -c--a-w c:\windows\system32\dllcache\pmxviceo.dll + 2004-08-04 01:07:00 131,584 -c--a-w c:\windows\system32\dllcache\pmxviceo.dll - 2002-08-29 12:00:00 9,728 -c--a-w c:\windows\system32\dllcache\query.exe + 2004-08-04 01:07:00 9,728 -c--a-w c:\windows\system32\dllcache\query.exe - 2002-08-29 12:00:00 16,384 -c--a-w c:\windows\system32\dllcache\quser.exe + 2004-08-04 01:07:00 16,384 -c--a-w c:\windows\system32\dllcache\quser.exe - 2002-08-29 12:00:00 14,848 -c--a-w c:\windows\system32\dllcache\register.exe + 2004-08-04 01:07:00 14,848 -c--a-w c:\windows\system32\dllcache\register.exe - 2002-08-29 12:00:00 79,872 -c--a-w c:\windows\system32\dllcache\rwia001.dll + 2004-08-04 01:07:00 79,872 -c--a-w c:\windows\system32\dllcache\rwia001.dll - 2002-08-29 12:00:00 79,872 -c--a-w c:\windows\system32\dllcache\rwia330.dll + 2004-08-04 01:07:00 79,872 -c--a-w c:\windows\system32\dllcache\rwia330.dll - 2002-08-29 12:00:00 18,944 -c--a-w c:\windows\system32\dllcache\simptcp.dll + 2004-08-04 01:07:00 18,944 -c--a-w c:\windows\system32\dllcache\simptcp.dll - 2002-08-29 12:00:00 25,088 -c--a-w c:\windows\system32\dllcache\sm59w.dll + 2004-08-04 01:07:00 25,088 -c--a-w c:\windows\system32\dllcache\sm59w.dll - 2002-08-29 12:00:00 30,208 -c--a-w c:\windows\system32\dllcache\sm81w.dll + 2004-08-04 01:07:00 30,208 -c--a-w c:\windows\system32\dllcache\sm81w.dll - 2002-08-29 12:00:00 30,208 -c--a-w c:\windows\system32\dllcache\sm87w.dll + 2004-08-04 01:07:00 30,208 -c--a-w c:\windows\system32\dllcache\sm87w.dll - 2002-08-29 12:00:00 26,112 -c--a-w c:\windows\system32\dllcache\sm89w.dll + 2004-08-04 01:07:00 26,112 -c--a-w c:\windows\system32\dllcache\sm89w.dll - 2002-08-29 12:00:00 26,112 -c--a-w c:\windows\system32\dllcache\sm8aw.dll + 2004-08-04 01:07:00 26,112 -c--a-w c:\windows\system32\dllcache\sm8aw.dll - 2002-08-29 12:00:00 29,184 -c--a-w c:\windows\system32\dllcache\sm8cw.dll + 2004-08-04 01:07:00 29,184 -c--a-w c:\windows\system32\dllcache\sm8cw.dll - 2002-08-29 12:00:00 26,112 -c--a-w c:\windows\system32\dllcache\sm8dw.dll + 2004-08-04 01:07:00 26,112 -c--a-w c:\windows\system32\dllcache\sm8dw.dll - 2002-08-29 12:00:00 26,112 -c--a-w c:\windows\system32\dllcache\sm90w.dll + 2004-08-04 01:07:00 26,112 -c--a-w c:\windows\system32\dllcache\sm90w.dll - 2002-08-29 12:00:00 26,624 -c--a-w c:\windows\system32\dllcache\sm92w.dll + 2004-08-04 01:07:00 26,624 -c--a-w c:\windows\system32\dllcache\sm92w.dll - 2002-08-29 12:00:00 26,624 -c--a-w c:\windows\system32\dllcache\sm93w.dll + 2004-08-04 01:07:00 26,624 -c--a-w c:\windows\system32\dllcache\sm93w.dll - 2002-08-29 12:00:00 38,912 -c--a-w c:\windows\system32\dllcache\sm9aw.dll + 2004-08-04 01:07:00 38,912 -c--a-w c:\windows\system32\dllcache\sm9aw.dll - 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\sma3w.dll + 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\sma3w.dll - 2002-08-29 12:00:00 31,744 -c--a-w c:\windows\system32\dllcache\smb6w.dll + 2004-08-04 01:07:00 31,744 -c--a-w c:\windows\system32\dllcache\smb6w.dll - 2002-08-29 12:00:00 15,872 -c--a-w c:\windows\system32\dllcache\smierrsm.dll + 2004-08-04 01:07:00 15,872 -c--a-w c:\windows\system32\dllcache\smierrsm.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\smierrsy.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\smierrsy.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\smimsgif.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\smimsgif.dll - 2002-08-29 12:00:00 10,240 -c--a-w c:\windows\system32\dllcache\snmpstup.dll + 2004-08-04 01:07:00 10,240 -c--a-w c:\windows\system32\dllcache\snmpstup.dll - 2002-08-29 12:00:00 143,422 -c--a-w c:\windows\system32\dllcache\softkey.dll + 2004-08-04 01:07:00 143,422 -c--a-w c:\windows\system32\dllcache\softkey.dll - 2002-08-29 12:00:00 101,376 -c--a-w c:\windows\system32\dllcache\srusbusd.dll + 2004-08-04 01:07:00 101,376 -c--a-w c:\windows\system32\dllcache\srusbusd.dll - 2002-08-29 12:00:00 16,896 -c--a-w c:\windows\system32\dllcache\status.dll + 2004-08-04 01:07:00 16,896 -c--a-w c:\windows\system32\dllcache\status.dll - 2002-08-29 12:00:00 13,192 -c--a-w c:\windows\system32\dllcache\tdasync.sys + 2004-08-04 01:07:00 13,192 -c--a-w c:\windows\system32\dllcache\tdasync.sys - 2002-08-29 12:00:00 21,896 -c--a-w c:\windows\system32\dllcache\tdipx.sys + 2004-08-04 01:07:00 21,896 -c--a-w c:\windows\system32\dllcache\tdipx.sys - 2002-08-29 12:00:00 19,464 -c--a-w c:\windows\system32\dllcache\tdspx.sys + 2004-08-04 01:07:00 19,464 -c--a-w c:\windows\system32\dllcache\tdspx.sys - 2002-08-29 12:00:00 185,344 -c--a-w c:\windows\system32\dllcache\thawbrkr.dll + 2004-08-04 01:07:00 185,344 -c--a-w c:\windows\system32\dllcache\thawbrkr.dll - 2002-08-29 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\tsprof.exe + 2004-08-04 01:07:00 14,336 -c--a-w c:\windows\system32\dllcache\tsprof.exe - 2002-08-29 12:00:00 48,256 -c--a-w c:\windows\system32\dllcache\w32.dll + 2004-08-04 01:07:00 48,256 -c--a-w c:\windows\system32\dllcache\w32.dll - 2002-08-29 12:00:00 4,608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll + 2004-08-04 01:07:00 4,608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll - 2002-08-29 12:00:00 73,728 -c--a-w c:\windows\system32\dllcache\w3ext.dll + 2004-08-04 01:07:00 73,728 -c--a-w c:\windows\system32\dllcache\w3ext.dll - 2002-08-29 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll + 2004-08-04 01:07:00 5,632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll - 2002-08-29 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\wamps51.dll + 2004-08-04 01:07:00 9,216 -c--a-w c:\windows\system32\dllcache\wamps51.dll - 2002-08-29 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\wamregps.dll + 2004-08-04 01:07:00 7,168 -c--a-w c:\windows\system32\dllcache\wamregps.dll - 2002-08-29 12:00:00 41,600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll + 2004-08-04 01:07:00 41,600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll - 2002-08-29 12:00:00 31,232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys + 2004-08-04 01:07:00 31,232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys + 2009-03-19 15:41:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6f0.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269] "McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888] "NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk backup=c:\windows\pss\Personal Coach.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe] --a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] . Contents of the 'Scheduled Tasks' folder 2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] 2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-19 11:42:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0] DACL=(02 0000) ="HtmldocPlugin 1.0 Type Library" [HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550] DACL=(02 0000) "Analog 0.700,0.300Caps"="vcp(02 04 05 06 08 0E 10 12 14(01 05 08 0B) 16 18 1A 1E 20 30 3E 52 60(01 03) 68 AC AE B2 B6 C0 C6 C8 C9 CA D6(01 04) DF FA FB FC FD FE AA(01 04)) vcp_p2(37 38 39 3B) type(LCD) mccs_ver(2.0) asset_eep(64) mpu(0.04)" [HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf] DACL=(02 0000) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(648) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Creative\Shared Files\CTDevSrv.exe c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\Tablet.exe c:\windows\wanmpsvc.exe c:\windows\system32\WTablet\TabUserW.exe c:\windows\system32\Tablet.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ********************************************************************** . Completion time: 2009-03-19 11:45:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-19 15:44:58 ComboFix2.txt 2009-03-19 04:54:14 Pre-Run: 32,409,468,928 bytes free Post-Run: 32,390,303,744 bytes free Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 534 --- E O F --- 2009-03-13 22:12:01 Were getting closer. Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Folder:: c:\windows\system32\nfr.gpref c:\windows\9g234sdfdfgjf23 File:: c:\windows\system32\nfr.gpref c:\windows\9g234sdfdfgjf23 RegLock:: [-HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0] [-HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550] [-HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze** ComboFix 09-03-18.01 - Becky 2009-03-19 14:09:30.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1096 [GMT -4:00] Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning enabled (Updated) * Created a new restore point FILE :: c:\windows\9g234sdfdfgjf23 c:\windows\system32\nfr.gpref . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\9g234sdfdfgjf23 c:\windows\system32\nfr.gpref . ((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 ))))))))))))))))))))))))))))))) . 2009-03-18 19:09 . 2009-03-18 19:09 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-18 18:42 . 2009-03-18 18:42 d-------- c:\documents and settings\Becky\Application Data\Malwarebytes 2009-03-18 18:42 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-18 18:41 . 2009-03-18 18:42 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 18:41 . 2009-03-18 18:41 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-18 18:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\program files\SUPERAntiSpyware 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-18 15:11 . 2009-03-18 15:11 d-------- c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com 2009-03-18 15:04 . 2009-03-18 15:04 d-------- c:\program files\CCleaner 2009-03-17 15:50 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-03-17 15:50 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-03-17 15:50 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-03-17 15:50 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-03-17 15:50 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-03-17 15:50 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-03-17 15:50 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-03-17 15:50 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys 2009-03-17 15:50 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys 2009-03-17 15:50 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-17 15:50 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-03-17 15:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-03-17 15:47 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-03-17 15:46 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys 2009-03-17 15:45 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys 2009-03-17 15:44 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys 2009-03-17 15:43 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll 2009-03-17 15:42 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll 2009-03-17 15:41 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys 2009-03-17 15:40 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys 2009-03-17 15:33 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys 2009-03-17 15:32 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll 2009-03-17 15:31 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys 2009-03-17 15:30 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-03-17 15:30 . 2001-08-17 14:55 689,216 --a--c--- c:\windows\system32\dllcache\3dfxvs.dll 2009-03-17 15:30 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-03-17 15:30 . 2008-04-13 14:46 53,376 --a--c--- c:\windows\system32\dllcache\1394bus.sys 2009-03-17 15:30 . 2001-08-17 14:06 11,264 --a--c--- c:\windows\system32\dllcache\1394vdbg.sys 2009-03-11 21:16 . 2009-03-11 21:16 d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 18:03 --------- d-----w c:\documents and settings\user pc\Application Data\WTablet 2009-03-18 23:12 --------- d-----w c:\program files\Java 2009-03-18 19:00 --------- d-----w c:\program files\Lavasoft 2009-03-18 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-17 09:26 --------- d-----w c:\documents and settings\user pc\Application Data\uTorrent 2009-03-15 21:35 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-03-15 04:15 --------- d-----w c:\documents and settings\user pc\Application Data\DVD Flick 2009-03-15 01:38 --------- d-----w c:\documents and settings\user pc\Application Data\dvdcss 2009-03-07 17:20 --------- d-----w c:\program files\Ahead 2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\ZoomBrowser EX 2009-02-26 18:41 --------- d-----w c:\documents and settings\user pc\Application Data\CameraWindowDC 2009-02-25 15:41 --------- d-----w c:\documents and settings\user pc\Application Data\AVGTOOLBAR 2009-02-12 16:12 --------- d-----w c:\program files\Google 2009-02-11 02:24 34 ----a-w c:\documents and settings\user pc\jagex_runescape_preferences.dat 2009-02-10 04:35 --------- d-----w c:\documents and settings\Leanne\Application Data\AVGTOOLBAR 2009-02-10 04:19 --------- d-----w c:\documents and settings\Leanne\Application Data\vlc 2009-02-09 03:08 --------- d-----w c:\documents and settings\Leanne\Application Data\Apple Computer 2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\WTablet 2009-02-09 02:56 --------- d-----w c:\documents and settings\Leanne\Application Data\Network Associates 2009-02-09 02:42 --------- d-----w c:\documents and settings\Becky\Application Data\AVGTOOLBAR 2009-02-09 02:38 --------- d-----w c:\documents and settings\Becky\Application Data\vlc 2009-02-05 18:37 --------- d-----w c:\documents and settings\user pc\Application Data\vlc 2009-02-05 18:16 --------- d-----w c:\program files\VideoLAN 2009-02-03 19:16 --------- d-----w c:\program files\Improvisation 2009-01-27 15:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-27 15:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-25 05:54 --------- d-----w c:\documents and settings\user pc\Application Data\Any Video Converter 2009-01-24 22:06 --------- d-----w c:\program files\AVG 2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-24 21:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-01-24 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2008-09-27 02:22 24 ----a-w c:\documents and settings\David\jagex_runescape_preferences.dat . ((((((((((((((((((((((((((((( SnapShot_2009-03-19_11.44.11.57 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-19 18:13:52 16,384 ----atw c:\windows\temp\Perflib_Perfdata_780.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269] "McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888] "NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk backup=c:\windows\pss\Personal Coach.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe] --a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] . Contents of the 'Scheduled Tasks' folder 2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] 2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . . ------- Supplementary Scan ------- . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-19 14:14:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32] DACL=(02 0000) ="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3REPROX.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(648) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Creative\Shared Files\CTDevSrv.exe c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\Tablet.exe c:\windows\wanmpsvc.exe c:\windows\system32\WTablet\TabUserW.exe c:\windows\system32\Tablet.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\rundll32.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\iPod\bin\iPodService.exe . ********************************************************************** . Completion time: 2009-03-19 14:17:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-19 18:17:01 ComboFix2.txt 2009-03-19 15:45:04 ComboFix3.txt 2009-03-19 04:54:14 Pre-Run: 32,374,824,960 bytes free Post-Run: 32,355,348,480 bytes free Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 243 --- E O F --- 2009-03-13 22:12:01 Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Go to: Start Run type: CLEANMGR.EXE Press Enter. When prompted select the C: drive and click OK. Check the boxes for: Temporary Internet Files Downloaded Program Files Recycle Bin Temporary Files . Click OK or Enter ---------- How is the computer running now? Thanks so far for all of your help. The computer seems to be running fine. I still get this error message on my user account (not the other ones) when I log on to it: "Error Loading dll32 The specified module could not be found". I am assuming dll32 is important. I tried doing START>RUN> sfc /scannow and then inserting my WinXP disc to repair the dll32 file. Nada, didn't work. Is there somewhere to get this file? Also, what was the problem(s) you saw with all of the logs I sent you? It seems Notepad had something to do with it. And I'm still wondering why we re-named HijackThis to Sniper? Quote And I'm still wondering why we re-named HijackThis to Sniper? Some malware can "hide" from the hijackthis.exe. Renaming it ensures this won't happen. Quote Also, what was the problem(s) you saw with all of the logs I sent you? It seems Notepad had something to do with it. I'm not sure what the deal was with the Notepad entries. It shouldn't be running from the locations it was found in so might have been exploited by the malware. The biggest problem was adware, MyWebSearch. Quote Error Loading dll32 The specified module could not be found Sounds like something wasn't completely removed, probably part of the MyWebSearch. Let's have a closer look at where the error is coming from. Please download from DDS by sUBs and save it to your Desktop. Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) Double click on dds to run it. When done, DDS.txt will open. You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan. When done, Attach.txt will open. Please copy and paste the contents of DDS.txt and Attach.txt** in your next reply.

Solve : HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper?

Answer»

You may recognize the instructions below from your malware preparation bulletin.

Step 6: HijackThis

Please run HijackThis only after the above steps have been completed

Download and rename HijackThis.exe (HJT)

* Double-click on HJTInstall.
* Click on the Install button.
* It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
* Upon install, HijackThis should open for you.

* Close HijackThis and rename it.
* Go to C:\Program Files\Trend Micro\HijackThis.exe
* Right click on HijackThis.exe and select Rename.
* Type in sniper.exe and press Enter.
* Right-click on sniper.exe and select Send To > Desktop (create shortcut)

I already had HijackThis installed but I re-installed it. Stilll, inside the Trend Micro folder, there was no HijackThis.exe file, only a Backups folder, hijackthis text document and a HijackThis icon which opens the program when you double-click it. I did a search and the HijackThis.exe file did not show up. Is it necessary to rename this file to sniper.exe (and why do you do that, anyway)?

I have initiated this malware removal process because I started getting this error when starting up: "Error loading dll32 The specified module could not be found." I cannot open my web browser (Firefox) now on my user account. I'm assuming the error message relates to the browser problem. So I now have to go into my daughter's user account to get online and begin this process of communicating with you. By the way, I have given her account administrator rights so I can proceed. I have done all the steps in your prepatory bulletin up to the "HijackThis - rename to sniper" step and now am hitting this snag of not finding the HijackThis.exe file. What do you propose?

Quote

and a HijackThis icon which opens the program when you double-click it.

That's what you need to rename.OK, I changed the icon name to sniper.exe and put it on the desktop.

Once again, currently, the main problem is that I get the following error message when I log on to my user account: "Error Loading dll32 The specified module could not be found". And then I cannot open my Firefox browser. I get this error mesage: "Proxy Server Refused Connection. Firefox is configured to use a proxy server that is refusing connections."(I'm assuming the dll32 file has something to do with that). I even tried inserting my Windows XP disc to have that file repaired but it did not seem to work. I have to switch user accounts so that I can get on the internet.

Here are the logs: (I've also included and AVG report at the end to show you what it detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/18/2009 at 05:57 PM

Application Version : 4.25.1014

Core Rules Database Version : 3803
Trace Rules Database Version: 1758

Scan type : Complete Scan
Total Scan Time : 02:39:48

Memory items scanned : 428
Memory threats detected : 0
Registry items scanned : 6176
Registry threats detected : 112
File items scanned : 95255
File threats detected : 56

Adware.MyWebSearch
   HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
   C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
   HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
   HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-1960408961-448539723-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Adware.MyWebSearch/FunWebProducts
   HKU\S-1-5-21-1960408961-448539723-725345543-1006\SOFTWARE\MyWebSearch
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
   HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
   HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
   HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
   HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
   HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
   HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ImagePath
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security#Security
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#0
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#Count
   HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#NextInstance

Adware.Tracking Cookie
   www3.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .videoegg.adbureau.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .imrworldwide.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .imrworldwide.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   www.burstbeacon.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   tracker.mediatracker.co.nz [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .roiservice.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .gaiainteractive.112.2o7.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   server.cpmstar.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .stats.adbrite.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .interclick.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .insightexpressai.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .earthlinkfinder.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .specificclick.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .aaotracker.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .aaotracker.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .adlegend.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .adlegend.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .atwola.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   www8.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   www7.addfreestats.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   ads.gamesbannernet.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   ads.gamesbannernet.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .apmebf.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .nextag.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .nextag.com [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .collective-media.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   .collective-media.net [ C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\3ju4bzep.default\cookies.txt ]
   C:\Documents and Settings\David\Cookies\[email protected][1].txt
   C:\Documents and Settings\Leanne\Cookies\[email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][2].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt
   C:\Documents and Settings\user pc\Cookies\user [email protected][1].txt

Malwarebytes' Anti-Malware 1.34
Database version: 1866
Windows 5.1.2600 Service Pack 3

3/18/2009 6:58:30 PM
mbam-log-2009-03-18 (18-58-30).txt

Scan type: Quick Scan
Objects scanned: 93990
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:54 PM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'user pc')
O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [dll] rundll32 dll32,sm (User 'user pc')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175397160937
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9028 bytes

AVG Anti-Virus free edition "scan whole computer" report:

8.0.238

"C:\Documents and Settings\user pc\Local Settings\Temp\tt_1237291175.exe";"Trojan horse SHeur2.WHB";"Moved to Virus Vault"
"C:\Documents and Settings\user pc\Local Settings\Temp\tt_1237294987.exe";"Trojan horse SHeur2.WHB";"Moved to Virus Vault"
"C:\Documents and Settings\user pc\Local Settings\Temp\wJQs.exe";"Trojan horse SHeur2.QVU";"Moved to Virus Vault"
"C:\windows\ld02.exe";"Trojan horse SHeur2.WGW";"Moved to Virus Vault"
"C:\windows\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault"
"C:\windows\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault"
"C:\WINDOWS\pp03.exe";"Trojan horse SHeur2.WHP";"Moved to Virus Vault"
"C:\WINDOWS\pp03.exe (172)";"Trojan horse SHeur2.WHP";"Reboot is required to finish the action"
"C:\WINDOWS\system32\dll32.dll";"Trojan horse Pakes.CTG";"Moved to Virus Vault"
"C:\WINDOWS\system32\dll32.dll";"Trojan horse Pakes.CTG";"Infected"
"C:\WINDOWS\system32\rundll32.exe (208)";"Trojan horse Pakes.CTG";"Reboot is required to finish the action"

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search
O4 - HKUS\S-1-5-21-1960408961-448539723-725345543-1003\..\Run: [dll] rundll32 dll32,sm (User \'user pc\')

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixFor some reason, I am unable to disable the Anti-Virus and Anti-Spyware components of the AVG free edition. There's nothing to uncheck Just right click the AVG tray icon and choose to stop or exit. Run ComboFix and if anything tries to stop it from running then just allow it instead of blocking it.ComboFix 09-03-18.01 - Becky 2009-03-19 0:49:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1182 [GMT -4:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning ENABLED* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\notepad.exe
c:\documents and settings\Becky\Desktop\notepad.exe
c:\documents and settings\user pc\Desktop\notepad.exe
c:\documents and settings\user pc\Desktop\Shared\b.bking\desktop_.ini
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-18 19:09 . 2009-03-18 19:09   410,984   --a------   c:\windows\system32\deploytk.dll
2009-03-18 18:42 . 2009-03-18 18:42      d--------   c:\documents and settings\Becky\Application Data\Malwarebytes
2009-03-18 18:42 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 . 2009-03-18 18:42      d--------   c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 . 2009-03-18 18:41      d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 18:41 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\program files\SUPERAntiSpyware
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\program files\Common Files\Wise Installation Wizard
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
2009-03-18 15:04 . 2009-03-18 15:04      d--------   c:\program files\CCleaner
2009-03-17 16:44 . 2009-03-17 16:44      d--hs----   C:\found.000
2009-03-17 15:50 . 2008-04-13 20:12   116,224   --a--c---   c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 . 2001-08-17 22:37   99,865   --a--c---   c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 . 2001-08-17 22:37   27,648   --a--c---   c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 . 2001-08-17 22:36   23,040   --a--c---   c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 . 2004-08-03 22:29   19,455   --a--c---   c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 . 2008-04-13 20:12   18,944   --a--c---   c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 . 2001-08-17 12:11   16,970   --a--c---   c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 . 2004-08-03 22:29   12,063   --a--c---   c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 . 2008-04-13 14:36   8,832   --a--c---   c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:50 . 2008-04-13 20:12   8,192   --a--c---   c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 . 2001-08-17 22:37   4,608   --a--c---   c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:48 . 2001-08-17 22:36   525,568   --a--c---   c:\windows\system32\dllcache\tridxp.dll
2009-03-17 15:47 . 2001-08-17 22:36   495,616   --a--c---   c:\windows\system32\dllcache\sblfx.dll
2009-03-17 15:46 . 2001-08-17 13:28   899,146   --a--c---   c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 15:45 . 2001-08-17 12:50   198,144   --a--c---   c:\windows\system32\dllcache\nv3.sys
2009-03-17 15:44 . 2001-08-17 13:28   802,683   --a--c---   c:\windows\system32\dllcache\ltsm.sys
2009-03-17 15:43 . 2008-04-13 20:11   702,845   --a--c---   c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-17 15:42 . 2001-08-17 14:56   1,733,120   --a--c---   c:\windows\system32\dllcache\g400d.dll
2009-03-17 15:41 . 2001-08-17 12:14   952,007   --a--c---   c:\windows\system32\dllcache\diwan.sys
2009-03-17 15:40 . 2001-08-17 12:13   980,034   --a--c---   c:\windows\system32\dllcache\cicap.sys
2009-03-17 15:33 . 2001-08-17 13:28   871,388   --a--c---   c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 15:32 . 2001-08-17 14:55   382,592   --a--c---   c:\windows\system32\dllcache\atidrab.dll
2009-03-17 15:31 . 2001-08-17 12:19   747,392   --a--c---   c:\windows\system32\dllcache\adm8830.sys
2009-03-17 15:30 . 2001-08-17 13:28   762,780   --a--c---   c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 . 2001-08-17 14:55   689,216   --a--c---   c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 . 2001-08-17 14:56   66,048   --a--c---   c:\windows\system32\dllcache\s3legacy.dll
2009-03-17 15:30 . 2008-04-13 14:46   53,376   --a--c---   c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 . 2001-08-17 14:06   11,264   --a--c---   c:\windows\system32\dllcache\1394vdbg.sys
2009-03-17 00:05 . 2009-03-17 00:05   0   --a------   c:\windows\system32\nfr.gpref
2009-03-17 00:05 . 2009-03-17 00:05   0   --a------   c:\windows\system32\nfr.assembly
2009-03-16 23:50 . 2009-03-16 23:50   1   --a------   c:\windows\9g234sdfdfgjf23
2009-03-16 22:24 . 2009-03-16 22:24   2   ---h-----   c:\windows\t55ft2807f44.dat
2009-03-11 21:16 . 2009-03-11 21:16      d--------   c:\documents and settings\David\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 04:11   ---------   d-----w   c:\documents and settings\user pc\Application Data\WTablet
2009-03-18 23:12   ---------   d-----w   c:\program files\Java
2009-03-18 19:00   ---------   d-----w   c:\program files\Lavasoft
2009-03-18 19:00   ---------   d-----w   c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:21   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2009-03-17 09:26   ---------   d-----w   c:\documents and settings\user pc\Application Data\uTorrent
2009-03-15 21:35   138,624   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 21:34   202,352   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-03-15 04:15   ---------   d-----w   c:\documents and settings\user pc\Application Data\DVD Flick
2009-03-15 01:38   ---------   d-----w   c:\documents and settings\user pc\Application Data\dvdcss
2009-03-07 17:20   ---------   d-----w   c:\program files\Ahead
2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\ZoomBrowser EX
2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\CameraWindowDC
2009-02-25 15:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\AVGTOOLBAR
2009-02-12 16:12   ---------   d-----w   c:\program files\Google
2009-02-11 02:24   34   ----a-w   c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-10 04:35   ---------   d-----w   c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
2009-02-10 04:19   ---------   d-----w   c:\documents and settings\Leanne\Application Data\vlc
2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
2009-02-09 03:08   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Apple Computer
2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\WTablet
2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Network Associates
2009-02-09 02:42   ---------   d-----w   c:\documents and settings\Becky\Application Data\AVGTOOLBAR
2009-02-09 02:38   ---------   d-----w   c:\documents and settings\Becky\Application Data\vlc
2009-02-05 18:37   ---------   d-----w   c:\documents and settings\user pc\Application Data\vlc
2009-02-05 18:16   ---------   d-----w   c:\program files\VideoLAN
2009-02-03 19:16   ---------   d-----w   c:\program files\Improvisation
2009-01-27 15:56   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-01-27 15:56   10,520   ----a-w   c:\windows\system32\avgrsstx.dll
2009-01-27 15:55   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-01-25 05:54   ---------   d-----w   c:\documents and settings\user pc\Application Data\Any VIDEO Converter
2009-01-24 22:06   ---------   d-----w   c:\program files\AVG
2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 20:56   ---------   d-----w   c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-27 02:22   24   ----a-w   c:\documents and settings\David\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
--a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:dll32
"7171:TCP"= 7171:TCP:dll32

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-DT Task - c:\program files\Gateway\EzTune\DTHtml.exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe

.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 00:52:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus]
DACL=(02 0000)
="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID]
DACL=(02 0000)
="MyWebSearchToolBar.SettingsPlugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib]
DACL=(02 0000)
="{07B18EA0-A523-4961-B6BB-170DE4475CCA}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version]
DACL=(02 0000)
="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID]
DACL=(02 0000)
="MyWebSearchToolBar.SettingsPlugin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32]
DACL=(02 0000)
="c:\\WINDOWS\\system32\\shdocvw.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance]
DACL=(02 0000)
"CLSID"="{4D5C8C2A-D075-11d0-B416-00C04FB90376}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID]
DACL=(02 0000)
="MyWebSearchToolBar.ToolbarPlugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib]
DACL=(02 0000)
="{07B18EA0-A523-4961-B6BB-170DE4475CCA}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID]
DACL=(02 0000)
="MyWebSearchToolBar.ToolbarPlugin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
DACL=(02 0000)
="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
DACL=(02 0000)
="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
DACL=(02 0000)
="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
DACL=(02 0000)
="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID]
DACL=(02 0000)
="MyWebSearch.PseudoTransparentPlugin.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
DACL=(02 0000)
="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
DACL=(02 0000)
="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID]
DACL=(02 0000)
="MyWebSearch.PseudoTransparentPlugin"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3SKIN.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]
DACL=(02 0000)
="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]
DACL=(02 0000)
="{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]
DACL=(02 0000)
="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs]
DACL=(02 0000)
="{A9571378-68A1-443d-B082-284F960C6D17}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\M3OUTLCN.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID]
DACL=(02 0000)
="MyWebSearch.OutlookAddin.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable]
DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID]
DACL=(02 0000)
="MyWebSearch.OutlookAddin"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]
DACL=(02 0000)
="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]
DACL=(02 0000)
="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]
DACL=(02 0000)
="{D518921A-4A03-425E-9873-B9A71756821E}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]
DACL=(02 0000)
="HtmldocPlugin 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550]
DACL=(02 0000)
"Analog 0.700,0.300Caps"="vcp(02 04 05 06 08 0E 10 12 14(01 05 08 0B) 16 18 1A 1E 20 30 3E 52 60(01 03) 68 AC AE B2 B6 C0 C6 C8 C9 CA D6(01 04) DF FA FB FC FD FE AA(01 04)) vcp_p2(37 38 39 3B) type(LCD) mccs_ver(2.0) asset_eep(64) mpu(0.04)"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf]
DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-19 0:54:11
ComboFix-quarantined-files.txt 2009-03-19 04:54:07

Pre-Run: 31,787,245,568 bytes free
Post-Run: 32,360,882,176 bytes free

CURRENT=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
376   --- E O F ---   2009-03-13 22:12:01
I just did a search about the original error I received: "error loading dll32". I saw somebody's response to their browser not being able to access the internet (like my problem). Apparently changed the proxy settings (which I had no idea what that was, but Googled and found how to change them on firefox). I looked at the proxy settings on an uncorrupted user account and saw how they were set "No Proxy". My corrupted user account was set for manual with a particular port. When I changed it to "No Proxy", voila, internet access.
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

RegLock::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable]

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]

[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]

[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]

Folder::
C:\found.000
c:\windows\system32\nfr.gpref
c:\windows\system32\nfr.assembly
c:\windows\9g234sdfdfgjf23

File::
c:\windows\system32\nfr.assembly
C:\found.000
c:\windows\t55ft2807f44.dat

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"=-
"7171:TCP"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

ComboFix 09-03-18.01 - Becky 2009-03-19 11:37:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1092 [GMT -4:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
C:\found.000
c:\windows\system32\nfr.assembly
c:\windows\t55ft2807f44.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Becky\Desktop\notepad.exe
C:\found.000
c:\found.000\file0000.chk
c:\windows\9g234sdfdfgjf23\
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref\
c:\windows\t55ft2807f44.dat

.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-18 19:09 . 2009-03-18 19:09   410,984   --a------   c:\windows\system32\deploytk.dll
2009-03-18 18:42 . 2009-03-18 18:42      d--------   c:\documents and settings\Becky\Application Data\Malwarebytes
2009-03-18 18:42 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 . 2009-03-18 18:42      d--------   c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 . 2009-03-18 18:41      d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 18:41 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\program files\SUPERAntiSpyware
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\program files\Common Files\Wise Installation Wizard
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
2009-03-18 15:04 . 2009-03-18 15:04      d--------   c:\program files\CCleaner
2009-03-17 15:50 . 2008-04-13 20:12   116,224   --a--c---   c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 . 2001-08-17 22:37   99,865   --a--c---   c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 . 2001-08-17 22:37   27,648   --a--c---   c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 . 2001-08-17 22:36   23,040   --a--c---   c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 . 2004-08-03 22:29   19,455   --a--c---   c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 . 2008-04-13 20:12   18,944   --a--c---   c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 . 2001-08-17 12:11   16,970   --a--c---   c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 . 2004-08-03 22:29   12,063   --a--c---   c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 . 2008-04-13 14:36   8,832   --a--c---   c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:50 . 2008-04-13 20:12   8,192   --a--c---   c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 . 2001-08-17 22:37   4,608   --a--c---   c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:48 . 2001-08-17 22:36   525,568   --a--c---   c:\windows\system32\dllcache\tridxp.dll
2009-03-17 15:47 . 2001-08-17 22:36   495,616   --a--c---   c:\windows\system32\dllcache\sblfx.dll
2009-03-17 15:46 . 2001-08-17 13:28   899,146   --a--c---   c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 15:45 . 2001-08-17 12:50   198,144   --a--c---   c:\windows\system32\dllcache\nv3.sys
2009-03-17 15:44 . 2001-08-17 13:28   802,683   --a--c---   c:\windows\system32\dllcache\ltsm.sys
2009-03-17 15:43 . 2008-04-13 20:11   702,845   --a--c---   c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-17 15:42 . 2001-08-17 14:56   1,733,120   --a--c---   c:\windows\system32\dllcache\g400d.dll
2009-03-17 15:41 . 2001-08-17 12:14   952,007   --a--c---   c:\windows\system32\dllcache\diwan.sys
2009-03-17 15:40 . 2001-08-17 12:13   980,034   --a--c---   c:\windows\system32\dllcache\cicap.sys
2009-03-17 15:33 . 2001-08-17 13:28   871,388   --a--c---   c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 15:32 . 2001-08-17 14:55   382,592   --a--c---   c:\windows\system32\dllcache\atidrab.dll
2009-03-17 15:31 . 2001-08-17 12:19   747,392   --a--c---   c:\windows\system32\dllcache\adm8830.sys
2009-03-17 15:30 . 2001-08-17 13:28   762,780   --a--c---   c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 . 2001-08-17 14:55   689,216   --a--c---   c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 . 2001-08-17 14:56   66,048   --a--c---   c:\windows\system32\dllcache\s3legacy.dll
2009-03-17 15:30 . 2008-04-13 14:46   53,376   --a--c---   c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 . 2001-08-17 14:06   11,264   --a--c---   c:\windows\system32\dllcache\1394vdbg.sys
2009-03-17 00:05 . 2009-03-17 00:05   0   --a------   c:\windows\system32\nfr.gpref
2009-03-16 23:50 . 2009-03-16 23:50   1   --a------   c:\windows\9g234sdfdfgjf23
2009-03-11 21:16 . 2009-03-11 21:16      d--------   c:\documents and settings\David\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 15:29   ---------   d-----w   c:\documents and settings\user pc\Application Data\WTablet
2009-03-18 23:12   ---------   d-----w   c:\program files\Java
2009-03-18 19:00   ---------   d-----w   c:\program files\Lavasoft
2009-03-18 19:00   ---------   d-----w   c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:21   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2009-03-17 09:26   ---------   d-----w   c:\documents and settings\user pc\Application Data\uTorrent
2009-03-15 21:35   138,624   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 04:15   ---------   d-----w   c:\documents and settings\user pc\Application Data\DVD Flick
2009-03-15 01:38   ---------   d-----w   c:\documents and settings\user pc\Application Data\dvdcss
2009-03-07 17:20   ---------   d-----w   c:\program files\Ahead
2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\ZoomBrowser EX
2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\CameraWindowDC
2009-02-25 15:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\AVGTOOLBAR
2009-02-12 16:12   ---------   d-----w   c:\program files\Google
2009-02-11 02:24   34   ----a-w   c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-10 04:35   ---------   d-----w   c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
2009-02-10 04:19   ---------   d-----w   c:\documents and settings\Leanne\Application Data\vlc
2009-02-09 03:08   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Apple Computer
2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\WTablet
2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Network Associates
2009-02-09 02:42   ---------   d-----w   c:\documents and settings\Becky\Application Data\AVGTOOLBAR
2009-02-09 02:38   ---------   d-----w   c:\documents and settings\Becky\Application Data\vlc
2009-02-05 18:37   ---------   d-----w   c:\documents and settings\user pc\Application Data\vlc
2009-02-05 18:16   ---------   d-----w   c:\program files\VideoLAN
2009-02-03 19:16   ---------   d-----w   c:\program files\Improvisation
2009-01-27 15:56   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-01-27 15:55   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-01-25 05:54   ---------   d-----w   c:\documents and settings\user pc\Application Data\Any Video Converter
2009-01-24 22:06   ---------   d-----w   c:\program files\AVG
2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 20:56   ---------   d-----w   c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-27 02:22   24   ----a-w   c:\documents and settings\David\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((( [email protected]_ 0.53.12.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-08-29 12:00:00   6,144   -c--a-w   c:\windows\system32\dllcache\admxprox.dll
+ 2004-08-04 01:07:00   6,144   -c--a-w   c:\windows\system32\dllcache\admxprox.dll
- 2002-08-29 12:00:00   49,664   -c--a-w   c:\windows\system32\dllcache\adrot.dll
+ 2004-08-04 01:07:00   49,664   -c--a-w   c:\windows\system32\dllcache\adrot.dll
- 2002-08-29 12:00:00   10,240   -c--a-w   c:\windows\system32\dllcache\aspperf.dll
+ 2004-08-04 01:07:00   10,240   -c--a-w   c:\windows\system32\dllcache\aspperf.dll
- 2002-08-29 12:00:00   29,184   -c--a-w   c:\windows\system32\dllcache\asptxn.dll
+ 2004-08-04 01:07:00   29,184   -c--a-w   c:\windows\system32\dllcache\asptxn.dll
- 2002-08-29 12:00:00   9,216   -c--a-w   c:\windows\system32\dllcache\authfilt.dll
+ 2004-08-04 01:07:00   9,216   -c--a-w   c:\windows\system32\dllcache\authfilt.dll
- 2002-08-29 12:00:00   45,568   -c--a-w   c:\windows\system32\dllcache\browscap.dll
+ 2004-08-04 01:07:00   45,568   -c--a-w   c:\windows\system32\dllcache\browscap.dll
- 2002-08-29 12:00:00   6,656   -c--a-w   c:\windows\system32\dllcache\c_is2022.dll
+ 2004-08-04 01:07:00   6,656   -c--a-w   c:\windows\system32\dllcache\c_is2022.dll
- 2002-08-29 12:00:00   10,752   -c--a-w   c:\windows\system32\dllcache\c_iscii.dll
+ 2004-08-04 01:07:00   10,752   -c--a-w   c:\windows\system32\dllcache\c_iscii.dll
- 2002-08-29 12:00:00   54,528   -c--a-w   c:\windows\system32\dllcache\cap7146.sys
+ 2004-08-04 01:07:00   54,528   -c--a-w   c:\windows\system32\dllcache\cap7146.sys
- 2002-08-29 12:00:00   9,728   -c--a-w   c:\windows\system32\dllcache\change.exe
+ 2004-08-04 01:07:00   9,728   -c--a-w   c:\windows\system32\dllcache\change.exe
- 2002-08-29 12:00:00   13,312   -c--a-w   c:\windows\system32\dllcache\chglogon.exe
+ 2004-08-04 01:07:00   13,312   -c--a-w   c:\windows\system32\dllcache\chglogon.exe
- 2002-08-29 12:00:00   15,872   -c--a-w   c:\windows\system32\dllcache\chgport.exe
+ 2004-08-04 01:07:00   15,872   -c--a-w   c:\windows\system32\dllcache\chgport.exe
- 2002-08-29 12:00:00   14,336   -c--a-w   c:\windows\system32\dllcache\chgusr.exe
+ 2004-08-04 01:07:00   14,336   -c--a-w   c:\windows\system32\dllcache\chgusr.exe
- 2002-08-29 12:00:00   1,677,824   -c--a-w   c:\windows\system32\dllcache\chsbrkr.dll
+ 2004-08-04 01:07:00   1,677,824   -c--a-w   c:\windows\system32\dllcache\chsbrkr.dll
- 2002-08-29 12:00:00   838,144   -c--a-w   c:\windows\system32\dllcache\chtbrkr.dll
+ 2004-08-04 01:07:00   838,144   -c--a-w   c:\windows\system32\dllcache\chtbrkr.dll
- 2002-08-29 12:00:00   33,792   -c--a-w   c:\windows\system32\dllcache\controt.dll
+ 2004-08-04 01:07:00   33,792   -c--a-w   c:\windows\system32\dllcache\controt.dll
- 2002-08-29 12:00:00   56,320   -c--a-w   c:\windows\system32\dllcache\convlog.exe
+ 2004-08-04 01:07:00   56,320   -c--a-w   c:\windows\system32\dllcache\convlog.exe
- 2002-08-29 12:00:00   20,480   -c--a-w   c:\windows\system32\dllcache\counters.dll
+ 2004-08-04 01:07:00   20,480   -c--a-w   c:\windows\system32\dllcache\counters.dll
- 2002-08-29 12:00:00   18,944   -c--a-w   c:\windows\system32\dllcache\cprofile.exe
+ 2004-08-04 01:07:00   18,944   -c--a-w   c:\windows\system32\dllcache\cprofile.exe
- 2002-08-29 12:00:00   31,744   -c--a-w   c:\windows\system32\dllcache\esucmd.dll
+ 2004-08-04 01:07:00   31,744   -c--a-w   c:\windows\system32\dllcache\esucmd.dll
- 2002-08-29 12:00:00   57,856   -c--a-w   c:\windows\system32\dllcache\esuimgd.dll
+ 2004-08-04 01:07:00   57,856   -c--a-w   c:\windows\system32\dllcache\esuimgd.dll
- 2002-08-29 12:00:00   45,056   -c--a-w   c:\windows\system32\dllcache\esunid.dll
+ 2004-08-04 01:07:00   45,056   -c--a-w   c:\windows\system32\dllcache\esunid.dll
- 2002-08-29 12:00:00   25,856   -c--a-w   c:\windows\system32\dllcache\et4000.sys
+ 2004-08-04 01:07:00   25,856   -c--a-w   c:\windows\system32\dllcache\et4000.sys
- 2002-08-29 12:00:00   14,848   -c--a-w   c:\windows\system32\dllcache\flattemp.exe
+ 2004-08-04 01:07:00   14,848   -c--a-w   c:\windows\system32\dllcache\flattemp.exe
- 2002-08-29 12:00:00   6,144   -c--a-w   c:\windows\system32\dllcache\ftlx041e.dll
+ 2004-08-04 01:07:00   6,144   -c--a-w   c:\windows\system32\dllcache\ftlx041e.dll
- 2002-08-29 12:00:00   7,680   -c--a-w   c:\windows\system32\dllcache\ftpctrs2.dll
+ 2004-08-04 01:07:00   7,680   -c--a-w   c:\windows\system32\dllcache\ftpctrs2.dll
- 2002-08-29 12:00:00   6,144   -c--a-w   c:\windows\system32\dllcache\ftpsapi2.dll
+ 2004-08-04 01:07:00   6,144   -c--a-w   c:\windows\system32\dllcache\ftpsapi2.dll
- 2002-08-29 12:00:00   111,104   -c--a-w   c:\windows\system32\dllcache\fxscfgwz.dll
+ 2004-08-04 01:07:00   111,104   -c--a-w   c:\windows\system32\dllcache\fxscfgwz.dll
- 2002-08-29 12:00:00   132,608   -c--a-w   c:\windows\system32\dllcache\fxsclntr.dll
+ 2004-08-04 01:07:00   132,608   -c--a-w   c:\windows\system32\dllcache\fxsclntr.dll
- 2002-08-29 12:00:00   31,744   -c--a-w   c:\windows\system32\dllcache\fxsroute.dll
+ 2004-08-04 01:07:00   31,744   -c--a-w   c:\windows\system32\dllcache\fxsroute.dll
- 2002-08-29 12:00:00   11,264   -c--a-w   c:\windows\system32\dllcache\fxssend.exe
+ 2004-08-04 01:07:00   11,264   -c--a-w   c:\windows\system32\dllcache\fxssend.exe
- 2002-08-29 12:00:00   36,864   -c--a-w   c:\windows\system32\dllcache\hanjadic.dll
+ 2004-08-04 01:07:00   36,864   -c--a-w   c:\windows\system32\dllcache\hanjadic.dll
- 2002-08-29 12:00:00   10,096,640   -c--a-w   c:\windows\system32\dllcache\hwxcht.dll
+ 2004-08-04 01:07:00   10,096,640   -c--a-w   c:\windows\system32\dllcache\hwxcht.dll
- 2002-08-29 12:00:00   10,129,408   -c--a-w   c:\windows\system32\dllcache\hwxkor.dll
+ 2004-08-04 01:07:00   10,129,408   -c--a-w   c:\windows\system32\dllcache\hwxkor.dll
- 2002-08-29 12:00:00   60,928   -c--a-w   c:\windows\system32\dllcache\iisclex4.dll
+ 2004-08-04 01:07:00   60,928   -c--a-w   c:\windows\system32\dllcache\iisclex4.dll
- 2002-08-29 12:00:00   19,456   -c--a-w   c:\windows\system32\dllcache\iiscrmap.dll
+ 2004-08-04 01:07:00   19,456   -c--a-w   c:\windows\system32\dllcache\iiscrmap.dll
- 2002-08-29 12:00:00   3,584   -c--a-w   c:\windows\system32\dllcache\iismui.dll
+ 2004-08-04 01:07:00   3,584   -c--a-w   c:\windows\system32\dllcache\iismui.dll
- 2002-08-29 12:00:00   14,336   -c--a-w   c:\windows\system32\dllcache\iisreset.exe
+ 2004-08-04 01:07:00   14,336   -c--a-w   c:\windows\system32\dllcache\iisreset.exe
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\iisrstap.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\iisrstap.dll
- 2002-08-29 12:00:00   6,656   -c--a-w   c:\windows\system32\dllcache\iissync.exe
+ 2004-08-04 01:07:00   6,656   -c--a-w   c:\windows\system32\dllcache\iissync.exe
- 2002-08-29 12:00:00   169,984   -c--a-w   c:\windows\system32\dllcache\iisui.dll
+ 2004-08-04 01:07:00   169,984   -c--a-w   c:\windows\system32\dllcache\iisui.dll
- 2002-08-29 12:00:00   44,032   -c--a-w   c:\windows\system32\dllcache\imekrmig.exe
+ 2004-08-04 01:07:00   44,032   -c--a-w   c:\windows\system32\dllcache\imekrmig.exe
- 2002-08-29 12:00:00   102,463   -c--a-w   c:\windows\system32\dllcache\imepadsm.dll
+ 2004-08-04 01:07:00   102,463   -c--a-w   c:\windows\system32\dllcache\imepadsm.dll
- 2002-08-29 12:00:00   311,359   -c--a-w   c:\windows\system32\dllcache\imepadsv.exe
+ 2004-08-04 01:07:00   311,359   -c--a-w   c:\windows\system32\dllcache\imepadsv.exe
- 2002-08-29 12:00:00   57,398   -c--a-w   c:\windows\system32\dllcache\imjpdadm.exe
+ 2004-08-04 01:07:00   57,398   -c--a-w   c:\windows\system32\dllcache\imjpdadm.exe
- 2002-08-29 12:00:00   45,109   -c--a-w   c:\windows\system32\dllcache\imjpuex.exe
+ 2004-08-04 01:07:00   45,109   -c--a-w   c:\windows\system32\dllcache\imjpuex.exe
- 2002-08-29 12:00:00   59,904   -c--a-w   c:\windows\system32\dllcache\imkrinst.exe
+ 2004-08-04 01:07:00   59,904   -c--a-w   c:\windows\system32\dllcache\imkrinst.exe
- 2002-08-29 12:00:00   471,102   -c--a-w   c:\windows\system32\dllcache\imskdic.dll
+ 2004-08-04 01:07:00   471,102   -c--a-w   c:\windows\system32\dllcache\imskdic.dll
- 2002-08-29 12:00:00   7,680   -c--a-w   c:\windows\system32\dllcache\inetmgr.exe
+ 2004-08-04 01:07:00   7,680   -c--a-w   c:\windows\system32\dllcache\inetmgr.exe
- 2002-08-29 12:00:00   19,968   -c--a-w   c:\windows\system32\dllcache\inetsloc.dll
+ 2004-08-04 01:07:00   19,968   -c--a-w   c:\windows\system32\dllcache\inetsloc.dll
- 2002-08-29 12:00:00   8,704   -c--a-w   c:\windows\system32\dllcache\infoctrs.dll
+ 2004-08-04 01:07:00   8,704   -c--a-w   c:\windows\system32\dllcache\infoctrs.dll
- 2002-08-29 12:00:00   7,168   -c--a-w   c:\windows\system32\dllcache\isapips.dll
+ 2004-08-04 01:07:00   7,168   -c--a-w   c:\windows\system32\dllcache\isapips.dll
- 2002-08-29 12:00:00   9,216   -c--a-w   c:\windows\system32\dllcache\iwrps.dll
+ 2004-08-04 01:07:00   9,216   -c--a-w   c:\windows\system32\dllcache\iwrps.dll
- 2002-08-29 12:00:00   18,432   -c--a-w   c:\windows\system32\dllcache\jupiw.dll
+ 2004-08-04 01:07:00   18,432   -c--a-w   c:\windows\system32\dllcache\jupiw.dll
- 2002-08-29 12:00:00   6,144   -c--a-w   c:\windows\system32\dllcache\kbd101a.dll
+ 2004-08-04 01:07:00   6,144   -c--a-w   c:\windows\system32\dllcache\kbd101a.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbda1.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbda1.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbda2.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbda2.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbda3.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbda3.dll
- 2002-08-29 12:00:00   5,120   -c--a-w   c:\windows\system32\dllcache\kbdarme.dll
+ 2004-08-04 01:07:00   5,120   -c--a-w   c:\windows\system32\dllcache\kbdarme.dll
- 2002-08-29 12:00:00   5,120   -c--a-w   c:\windows\system32\dllcache\kbdarmw.dll
+ 2004-08-04 01:07:00   5,120   -c--a-w   c:\windows\system32\dllcache\kbdarmw.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbddiv1.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbddiv1.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbddiv2.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbddiv2.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdfa.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdfa.dll
- 2002-08-29 12:00:00   5,120   -c--a-w   c:\windows\system32\dllcache\kbdgeo.dll
+ 2004-08-04 01:07:00   5,120   -c--a-w   c:\windows\system32\dllcache\kbdgeo.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdheb.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdheb.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdindev.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdindev.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdinguj.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdinguj.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdinhin.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdinhin.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdinkan.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdinkan.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdinmar.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdinmar.dll
- 2002-08-29 12:00:00   6,144   -c--a-w   c:\windows\system32\dllcache\kbdinpun.dll
+ 2004-08-04 01:07:00   6,144   -c--a-w   c:\windows\system32\dllcache\kbdinpun.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdintam.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdintam.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdintel.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdintel.dll
- 2002-08-29 12:00:00   7,168   -c--a-w   c:\windows\system32\dllcache\kbdnec95.dll
+ 2004-08-04 01:07:00   7,168   -c--a-w   c:\windows\system32\dllcache\kbdnec95.dll
- 2002-08-29 12:00:00   9,216   -c--a-w   c:\windows\system32\dllcache\kbdnecat.dll
+ 2004-08-04 01:07:00   9,216   -c--a-w   c:\windows\system32\dllcache\kbdnecat.dll
- 2002-08-29 12:00:00   7,680   -c--a-w   c:\windows\system32\dllcache\kbdnecnt.dll
+ 2004-08-04 01:07:00   7,680   -c--a-w   c:\windows\system32\dllcache\kbdnecnt.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdsyr1.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdsyr1.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdsyr2.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdsyr2.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdth0.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdth0.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdth1.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdth1.dll
- 2002-08-29 12:00:00   6,144   -c--a-w   c:\windows\system32\dllcache\kbdth2.dll
+ 2004-08-04 01:07:00   6,144   -c--a-w   c:\windows\system32\dllcache\kbdth2.dll
- 2002-08-29 12:00:00   6,144   -c--a-w   c:\windows\system32\dllcache\kbdth3.dll
+ 2004-08-04 01:07:00   6,144   -c--a-w   c:\windows\system32\dllcache\kbdth3.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdurdu.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdurdu.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdusa.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdusa.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdvntc.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\kbdvntc.dll
- 2002-08-29 12:00:00   70,656   -c--a-w   c:\windows\system32\dllcache\korwbrkr.dll
+ 2004-08-04 01:07:00   70,656   -c--a-w   c:\windows\system32\dllcache\korwbrkr.dll
- 2002-08-29 12:00:00   22,016   -c--a-w   c:\windows\system32\dllcache\logscrpt.dll
+ 2004-08-04 01:07:00   22,016   -c--a-w   c:\windows\system32\dllcache\logscrpt.dll
- 2002-08-29 12:00:00   26,624   -c--a-w   c:\windows\system32\dllcache\mdsync.dll
+ 2004-08-04 01:07:00   26,624   -c--a-w   c:\windows\system32\dllcache\mdsync.dll
- 2002-08-29 12:00:00   92,032   -c--a-w   c:\windows\system32\dllcache\mga.dll
+ 2004-08-04 01:07:00   92,032   -c--a-w   c:\windows\system32\dllcache\mga.dll
- 2002-08-29 12:00:00   92,416   -c--a-w   c:\windows\system32\dllcache\mga.sys
+ 2004-08-04 01:07:00   92,416   -c--a-w   c:\windows\system32\dllcache\mga.sys
- 2002-08-29 12:00:00   34,304   -c--a-w   c:\windows\system32\dllcache\migisol.exe
+ 2004-08-04 01:07:00   34,304   -c--a-w   c:\windows\system32\dllcache\migisol.exe
- 2002-08-29 12:00:00   98,304   -c--a-w   c:\windows\system32\dllcache\msir3jp.dll
+ 2004-08-04 01:07:00   98,304   -c--a-w   c:\windows\system32\dllcache\msir3jp.dll
- 2002-08-29 12:00:00   229,439   -c--a-w   c:\windows\system32\dllcache\multibox.dll
+ 2004-08-04 01:07:00   229,439   -c--a-w   c:\windows\system32\dllcache\multibox.dll
- 2002-08-29 12:00:00   53,248   -c--a-w   c:\windows\system32\dllcache\nextlink.dll
+ 2004-08-04 01:07:00   53,248   -c--a-w   c:\windows\system32\dllcache\nextlink.dll
- 2002-08-29 12:00:00   36,927   -c--a-w   c:\windows\system32\dllcache\padrs411.dll
+ 2004-08-04 01:07:00   36,927   -c--a-w   c:\windows\system32\dllcache\padrs411.dll
- 2002-08-29 12:00:00   14,336   -c--a-w   c:\windows\system32\dllcache\padrs412.dll
+ 2004-08-04 01:07:00   14,336   -c--a-w   c:\windows\system32\dllcache\padrs412.dll
- 2002-08-29 12:00:00   31,744   -c--a-w   c:\windows\system32\dllcache\pagecnt.dll
+ 2004-08-04 01:07:00   31,744   -c--a-w   c:\windows\system32\dllcache\pagecnt.dll
- 2002-08-29 12:00:00   20,992   -c--a-w   c:\windows\system32\dllcache\permchk.dll
+ 2004-08-04 01:07:00   20,992   -c--a-w   c:\windows\system32\dllcache\permchk.dll
- 2002-08-29 12:00:00   6,144   -c--a-w   c:\windows\system32\dllcache\pmxgl.dll
+ 2004-08-04 01:07:00   6,144   -c--a-w   c:\windows\system32\dllcache\pmxgl.dll
- 2002-08-29 12:00:00   11,264   -c--a-w   c:\windows\system32\dllcache\pmxmcro.dll
+ 2004-08-04 01:07:00   11,264   -c--a-w   c:\windows\system32\dllcache\pmxmcro.dll
- 2002-08-29 12:00:00   131,584   -c--a-w   c:\windows\system32\dllcache\pmxviceo.dll
+ 2004-08-04 01:07:00   131,584   -c--a-w   c:\windows\system32\dllcache\pmxviceo.dll
- 2002-08-29 12:00:00   9,728   -c--a-w   c:\windows\system32\dllcache\query.exe
+ 2004-08-04 01:07:00   9,728   -c--a-w   c:\windows\system32\dllcache\query.exe
- 2002-08-29 12:00:00   16,384   -c--a-w   c:\windows\system32\dllcache\quser.exe
+ 2004-08-04 01:07:00   16,384   -c--a-w   c:\windows\system32\dllcache\quser.exe
- 2002-08-29 12:00:00   14,848   -c--a-w   c:\windows\system32\dllcache\register.exe
+ 2004-08-04 01:07:00   14,848   -c--a-w   c:\windows\system32\dllcache\register.exe
- 2002-08-29 12:00:00   79,872   -c--a-w   c:\windows\system32\dllcache\rwia001.dll
+ 2004-08-04 01:07:00   79,872   -c--a-w   c:\windows\system32\dllcache\rwia001.dll
- 2002-08-29 12:00:00   79,872   -c--a-w   c:\windows\system32\dllcache\rwia330.dll
+ 2004-08-04 01:07:00   79,872   -c--a-w   c:\windows\system32\dllcache\rwia330.dll
- 2002-08-29 12:00:00   18,944   -c--a-w   c:\windows\system32\dllcache\simptcp.dll
+ 2004-08-04 01:07:00   18,944   -c--a-w   c:\windows\system32\dllcache\simptcp.dll
- 2002-08-29 12:00:00   25,088   -c--a-w   c:\windows\system32\dllcache\sm59w.dll
+ 2004-08-04 01:07:00   25,088   -c--a-w   c:\windows\system32\dllcache\sm59w.dll
- 2002-08-29 12:00:00   30,208   -c--a-w   c:\windows\system32\dllcache\sm81w.dll
+ 2004-08-04 01:07:00   30,208   -c--a-w   c:\windows\system32\dllcache\sm81w.dll
- 2002-08-29 12:00:00   30,208   -c--a-w   c:\windows\system32\dllcache\sm87w.dll
+ 2004-08-04 01:07:00   30,208   -c--a-w   c:\windows\system32\dllcache\sm87w.dll
- 2002-08-29 12:00:00   26,112   -c--a-w   c:\windows\system32\dllcache\sm89w.dll
+ 2004-08-04 01:07:00   26,112   -c--a-w   c:\windows\system32\dllcache\sm89w.dll
- 2002-08-29 12:00:00   26,112   -c--a-w   c:\windows\system32\dllcache\sm8aw.dll
+ 2004-08-04 01:07:00   26,112   -c--a-w   c:\windows\system32\dllcache\sm8aw.dll
- 2002-08-29 12:00:00   29,184   -c--a-w   c:\windows\system32\dllcache\sm8cw.dll
+ 2004-08-04 01:07:00   29,184   -c--a-w   c:\windows\system32\dllcache\sm8cw.dll
- 2002-08-29 12:00:00   26,112   -c--a-w   c:\windows\system32\dllcache\sm8dw.dll
+ 2004-08-04 01:07:00   26,112   -c--a-w   c:\windows\system32\dllcache\sm8dw.dll
- 2002-08-29 12:00:00   26,112   -c--a-w   c:\windows\system32\dllcache\sm90w.dll
+ 2004-08-04 01:07:00   26,112   -c--a-w   c:\windows\system32\dllcache\sm90w.dll
- 2002-08-29 12:00:00   26,624   -c--a-w   c:\windows\system32\dllcache\sm92w.dll
+ 2004-08-04 01:07:00   26,624   -c--a-w   c:\windows\system32\dllcache\sm92w.dll
- 2002-08-29 12:00:00   26,624   -c--a-w   c:\windows\system32\dllcache\sm93w.dll
+ 2004-08-04 01:07:00   26,624   -c--a-w   c:\windows\system32\dllcache\sm93w.dll
- 2002-08-29 12:00:00   38,912   -c--a-w   c:\windows\system32\dllcache\sm9aw.dll
+ 2004-08-04 01:07:00   38,912   -c--a-w   c:\windows\system32\dllcache\sm9aw.dll
- 2002-08-29 12:00:00   31,744   -c--a-w   c:\windows\system32\dllcache\sma3w.dll
+ 2004-08-04 01:07:00   31,744   -c--a-w   c:\windows\system32\dllcache\sma3w.dll
- 2002-08-29 12:00:00   31,744   -c--a-w   c:\windows\system32\dllcache\smb6w.dll
+ 2004-08-04 01:07:00   31,744   -c--a-w   c:\windows\system32\dllcache\smb6w.dll
- 2002-08-29 12:00:00   15,872   -c--a-w   c:\windows\system32\dllcache\smierrsm.dll
+ 2004-08-04 01:07:00   15,872   -c--a-w   c:\windows\system32\dllcache\smierrsm.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\smierrsy.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\smierrsy.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\smimsgif.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\smimsgif.dll
- 2002-08-29 12:00:00   10,240   -c--a-w   c:\windows\system32\dllcache\snmpstup.dll
+ 2004-08-04 01:07:00   10,240   -c--a-w   c:\windows\system32\dllcache\snmpstup.dll
- 2002-08-29 12:00:00   143,422   -c--a-w   c:\windows\system32\dllcache\softkey.dll
+ 2004-08-04 01:07:00   143,422   -c--a-w   c:\windows\system32\dllcache\softkey.dll
- 2002-08-29 12:00:00   101,376   -c--a-w   c:\windows\system32\dllcache\srusbusd.dll
+ 2004-08-04 01:07:00   101,376   -c--a-w   c:\windows\system32\dllcache\srusbusd.dll
- 2002-08-29 12:00:00   16,896   -c--a-w   c:\windows\system32\dllcache\status.dll
+ 2004-08-04 01:07:00   16,896   -c--a-w   c:\windows\system32\dllcache\status.dll
- 2002-08-29 12:00:00   13,192   -c--a-w   c:\windows\system32\dllcache\tdasync.sys
+ 2004-08-04 01:07:00   13,192   -c--a-w   c:\windows\system32\dllcache\tdasync.sys
- 2002-08-29 12:00:00   21,896   -c--a-w   c:\windows\system32\dllcache\tdipx.sys
+ 2004-08-04 01:07:00   21,896   -c--a-w   c:\windows\system32\dllcache\tdipx.sys
- 2002-08-29 12:00:00   19,464   -c--a-w   c:\windows\system32\dllcache\tdspx.sys
+ 2004-08-04 01:07:00   19,464   -c--a-w   c:\windows\system32\dllcache\tdspx.sys
- 2002-08-29 12:00:00   185,344   -c--a-w   c:\windows\system32\dllcache\thawbrkr.dll
+ 2004-08-04 01:07:00   185,344   -c--a-w   c:\windows\system32\dllcache\thawbrkr.dll
- 2002-08-29 12:00:00   14,336   -c--a-w   c:\windows\system32\dllcache\tsprof.exe
+ 2004-08-04 01:07:00   14,336   -c--a-w   c:\windows\system32\dllcache\tsprof.exe
- 2002-08-29 12:00:00   48,256   -c--a-w   c:\windows\system32\dllcache\w32.dll
+ 2004-08-04 01:07:00   48,256   -c--a-w   c:\windows\system32\dllcache\w32.dll
- 2002-08-29 12:00:00   4,608   -c--a-w   c:\windows\system32\dllcache\w3ctrs51.dll
+ 2004-08-04 01:07:00   4,608   -c--a-w   c:\windows\system32\dllcache\w3ctrs51.dll
- 2002-08-29 12:00:00   73,728   -c--a-w   c:\windows\system32\dllcache\w3ext.dll
+ 2004-08-04 01:07:00   73,728   -c--a-w   c:\windows\system32\dllcache\w3ext.dll
- 2002-08-29 12:00:00   5,632   -c--a-w   c:\windows\system32\dllcache\w3svapi.dll
+ 2004-08-04 01:07:00   5,632   -c--a-w   c:\windows\system32\dllcache\w3svapi.dll
- 2002-08-29 12:00:00   9,216   -c--a-w   c:\windows\system32\dllcache\wamps51.dll
+ 2004-08-04 01:07:00   9,216   -c--a-w   c:\windows\system32\dllcache\wamps51.dll
- 2002-08-29 12:00:00   7,168   -c--a-w   c:\windows\system32\dllcache\wamregps.dll
+ 2004-08-04 01:07:00   7,168   -c--a-w   c:\windows\system32\dllcache\wamregps.dll
- 2002-08-29 12:00:00   41,600   -c--a-w   c:\windows\system32\dllcache\weitekp9.dll
+ 2004-08-04 01:07:00   41,600   -c--a-w   c:\windows\system32\dllcache\weitekp9.dll
- 2002-08-29 12:00:00   31,232   -c--a-w   c:\windows\system32\dllcache\weitekp9.sys
+ 2004-08-04 01:07:00   31,232   -c--a-w   c:\windows\system32\dllcache\weitekp9.sys
+ 2009-03-19 15:41:43   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_6f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
--a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 11:42:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]
DACL=(02 0000)
="HtmldocPlugin 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550]
DACL=(02 0000)
"Analog 0.700,0.300Caps"="vcp(02 04 05 06 08 0E 10 12 14(01 05 08 0B) 16 18 1A 1E 20 30 3E 52 60(01 03) 68 AC AE B2 B6 C0 C6 C8 C9 CA D6(01 04) DF FA FB FC FD FE AA(01 04)) vcp_p2(37 38 39 3B) type(LCD) mccs_ver(2.0) asset_eep(64) mpu(0.04)"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf]
DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\Tablet.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-19 11:45:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 15:44:58
ComboFix2.txt 2009-03-19 04:54:14

Pre-Run: 32,409,468,928 bytes free
Post-Run: 32,390,303,744 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
534   --- E O F ---   2009-03-13 22:12:01
Were getting closer.

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Folder::
c:\windows\system32\nfr.gpref
c:\windows\9g234sdfdfgjf23

File::
c:\windows\system32\nfr.gpref
c:\windows\9g234sdfdfgjf23

RegLock::
[-HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]

[-HKEY_LOCAL_MACHINE\software\PortraitDisplays\DisplayTune\MGJ74D0C06550]

[-HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&36e0efb9&0&0001\LogConf]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
ComboFix 09-03-18.01 - Becky 2009-03-19 14:09:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1096 [GMT -4:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\9g234sdfdfgjf23
c:\windows\system32\nfr.gpref
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\9g234sdfdfgjf23
c:\windows\system32\nfr.gpref

.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-18 19:09 . 2009-03-18 19:09   410,984   --a------   c:\windows\system32\deploytk.dll
2009-03-18 18:42 . 2009-03-18 18:42      d--------   c:\documents and settings\Becky\Application Data\Malwarebytes
2009-03-18 18:42 . 2009-02-11 10:19   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-03-18 18:41 . 2009-03-18 18:42      d--------   c:\program files\Malwarebytes' Anti-Malware
2009-03-18 18:41 . 2009-03-18 18:41      d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 18:41 . 2009-02-11 10:19   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\program files\SUPERAntiSpyware
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\program files\Common Files\Wise Installation Wizard
2009-03-18 15:11 . 2009-03-18 15:11      d--------   c:\documents and settings\Becky\Application Data\SUPERAntiSpyware.com
2009-03-18 15:04 . 2009-03-18 15:04      d--------   c:\program files\CCleaner
2009-03-17 15:50 . 2008-04-13 20:12   116,224   --a--c---   c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 15:50 . 2001-08-17 22:37   99,865   --a--c---   c:\windows\system32\dllcache\xlog.exe
2009-03-17 15:50 . 2001-08-17 22:37   27,648   --a--c---   c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 15:50 . 2001-08-17 22:36   23,040   --a--c---   c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 15:50 . 2004-08-03 22:29   19,455   --a--c---   c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 15:50 . 2008-04-13 20:12   18,944   --a--c---   c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 15:50 . 2001-08-17 12:11   16,970   --a--c---   c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 15:50 . 2004-08-03 22:29   12,063   --a--c---   c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 15:50 . 2008-04-13 14:36   8,832   --a--c---   c:\windows\system32\dllcache\wmiacpi.sys
2009-03-17 15:50 . 2008-04-13 20:12   8,192   --a--c---   c:\windows\system32\dllcache\wshirda.dll
2009-03-17 15:50 . 2001-08-17 22:37   4,608   --a--c---   c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 15:48 . 2001-08-17 22:36   525,568   --a--c---   c:\windows\system32\dllcache\tridxp.dll
2009-03-17 15:47 . 2001-08-17 22:36   495,616   --a--c---   c:\windows\system32\dllcache\sblfx.dll
2009-03-17 15:46 . 2001-08-17 13:28   899,146   --a--c---   c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 15:45 . 2001-08-17 12:50   198,144   --a--c---   c:\windows\system32\dllcache\nv3.sys
2009-03-17 15:44 . 2001-08-17 13:28   802,683   --a--c---   c:\windows\system32\dllcache\ltsm.sys
2009-03-17 15:43 . 2008-04-13 20:11   702,845   --a--c---   c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-17 15:42 . 2001-08-17 14:56   1,733,120   --a--c---   c:\windows\system32\dllcache\g400d.dll
2009-03-17 15:41 . 2001-08-17 12:14   952,007   --a--c---   c:\windows\system32\dllcache\diwan.sys
2009-03-17 15:40 . 2001-08-17 12:13   980,034   --a--c---   c:\windows\system32\dllcache\cicap.sys
2009-03-17 15:33 . 2001-08-17 13:28   871,388   --a--c---   c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 15:32 . 2001-08-17 14:55   382,592   --a--c---   c:\windows\system32\dllcache\atidrab.dll
2009-03-17 15:31 . 2001-08-17 12:19   747,392   --a--c---   c:\windows\system32\dllcache\adm8830.sys
2009-03-17 15:30 . 2001-08-17 13:28   762,780   --a--c---   c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 15:30 . 2001-08-17 14:55   689,216   --a--c---   c:\windows\system32\dllcache\3dfxvs.dll
2009-03-17 15:30 . 2001-08-17 14:56   66,048   --a--c---   c:\windows\system32\dllcache\s3legacy.dll
2009-03-17 15:30 . 2008-04-13 14:46   53,376   --a--c---   c:\windows\system32\dllcache\1394bus.sys
2009-03-17 15:30 . 2001-08-17 14:06   11,264   --a--c---   c:\windows\system32\dllcache\1394vdbg.sys
2009-03-11 21:16 . 2009-03-11 21:16      d--------   c:\documents and settings\David\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 18:03   ---------   d-----w   c:\documents and settings\user pc\Application Data\WTablet
2009-03-18 23:12   ---------   d-----w   c:\program files\Java
2009-03-18 19:00   ---------   d-----w   c:\program files\Lavasoft
2009-03-18 19:00   ---------   d-----w   c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 16:21   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2009-03-17 09:26   ---------   d-----w   c:\documents and settings\user pc\Application Data\uTorrent
2009-03-15 21:35   138,624   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 04:15   ---------   d-----w   c:\documents and settings\user pc\Application Data\DVD Flick
2009-03-15 01:38   ---------   d-----w   c:\documents and settings\user pc\Application Data\dvdcss
2009-03-07 17:20   ---------   d-----w   c:\program files\Ahead
2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\ZoomBrowser EX
2009-02-26 18:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\CameraWindowDC
2009-02-25 15:41   ---------   d-----w   c:\documents and settings\user pc\Application Data\AVGTOOLBAR
2009-02-12 16:12   ---------   d-----w   c:\program files\Google
2009-02-11 02:24   34   ----a-w   c:\documents and settings\user pc\jagex_runescape_preferences.dat
2009-02-10 04:35   ---------   d-----w   c:\documents and settings\Leanne\Application Data\AVGTOOLBAR
2009-02-10 04:19   ---------   d-----w   c:\documents and settings\Leanne\Application Data\vlc
2009-02-09 03:08   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Apple Computer
2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\WTablet
2009-02-09 02:56   ---------   d-----w   c:\documents and settings\Leanne\Application Data\Network Associates
2009-02-09 02:42   ---------   d-----w   c:\documents and settings\Becky\Application Data\AVGTOOLBAR
2009-02-09 02:38   ---------   d-----w   c:\documents and settings\Becky\Application Data\vlc
2009-02-05 18:37   ---------   d-----w   c:\documents and settings\user pc\Application Data\vlc
2009-02-05 18:16   ---------   d-----w   c:\program files\VideoLAN
2009-02-03 19:16   ---------   d-----w   c:\program files\Improvisation
2009-01-27 15:56   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-01-27 15:55   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-01-25 05:54   ---------   d-----w   c:\documents and settings\user pc\Application Data\Any Video Converter
2009-01-24 22:06   ---------   d-----w   c:\program files\AVG
2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-24 21:59   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-01-24 20:56   ---------   d-----w   c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-27 02:22   24   ----a-w   c:\documents and settings\David\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-03-19_11.44.11.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 18:13:52   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_780.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 180269]
"McAfeeFireTray"="c:\progra~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2005-04-12 655420]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"NvMediaCenter"="NvMCTray.dll" [2008-05-03 c:\windows\system32\nvmctray.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:56 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
--a------ 2007-12-18 15:20 401408 c:\documents and settings\user pc\Desktop\David\Creative Media Lite\CTZDetec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 19:00 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 06:46 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-24 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-24 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-24 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-24 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2007-09-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\v0zlm1jn.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 14:14:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
DACL=(02 0000)
="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\F3REPROX.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\progra~1\NETWOR~1\MCAFEE~1\FireSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\Tablet.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-19 14:17:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 18:17:01
ComboFix2.txt 2009-03-19 15:45:04
ComboFix3.txt 2009-03-19 04:54:14

Pre-Run: 32,374,824,960 bytes free
Post-Run: 32,355,348,480 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
243   --- E O F ---   2009-03-13 22:12:01

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

Start
Run
type: CLEANMGR.EXE
Press Enter.

C: drive and click OK.
Check the boxes for:

Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files

.
Click OK or Enter

----------

How is the computer running now?
Thanks so far for all of your help. The computer seems to be running fine.

I still get this error message on my user account (not the other ones) when I log on to it: "Error Loading dll32 The specified module could not be found". I am assuming dll32 is important. I tried doing
START>RUN> sfc /scannow and then inserting my WinXP disc to repair the dll32 file. Nada, didn't work. Is there somewhere to get this file?

Also, what was the problem(s) you saw with all of the logs I sent you? It seems Notepad had something to do with it.

And I'm still wondering why we re-named HijackThis to Sniper?

Quote

And I'm still wondering why we re-named HijackThis to Sniper?

Some malware can "hide" from the hijackthis.exe. Renaming it ensures this won't happen.

Quote

Also, what was the problem(s) you saw with all of the logs I sent you? It seems Notepad had something to do with it.

I'm not sure what the deal was with the Notepad entries. It shouldn't be running from the locations it was found in so might have been exploited by the malware. The biggest problem was adware, MyWebSearch.

Quote

Error Loading dll32 The specified module could not be found

Sounds like something wasn't completely removed, probably part of the MyWebSearch.

Let's have a closer look at where the error is coming from.

Please download from DDS by sUBs and save it to your Desktop.

Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

Double click on dds to run it.
When done, DDS.txt will open.
You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
When done, Attach.txt will open.
Please copy and paste the contents of DDS.txt and Attach.txt in your next reply.

Solve : HijackThis.exe not showing up Trend Micro folder so I can rename it to sniper?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment