Scotty- I ran the combofix to delete according to your directions. After it finished running, an error message balloon indicated that combofix was corrupted. (This is a version I downloaded today.) Another balloon about the firewall being off popped up before I could record the exact message, so I checked eventvwr-system log. I found an interesting message. It tells me that the hard drive has a bad block in it... I am including the logs you requested. - Jcatsmom
ComboFix 08-04-16.5 - Shannon Talley 2008-04-17 15:55:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.225 [GMT -6:00]
Running from: C:\Documents and Settings\Shannon Talley\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shannon Talley\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\Downloaded Program Files\CpnMgr.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix.zip\
.
---- Previous Run -------
.
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix.zip\
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\dumphive.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\exit.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\HostsChk.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\IEDFix.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\restart.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\SmitfraudFix.cmd
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\SmiUpdate.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\SrchSTS.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\swreg.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\swsc.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\swxcacls.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\UIFix.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\unzip.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\VACFix.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\VCCLSID.exe
C:\Documents and Settings\Shannon Talley\Desktop\SmitfraudFix\SmitfraudFix\WS2Fix.exe
C:\WINDOWS\Downloaded Program Files\CpnMgr.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-16 16:38 . 2008-04-16 16:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-04-16 16:38 . 2008-04-16 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-16 09:16 . 2008-04-16 10:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-16 09:16 . 2008-04-16 09:16 <DIR> d-------- C:\Documents and Settings\Shannon Talley\Application Data\Malwarebytes
2008-04-16 09:16 . 2008-04-16 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-16 09:15 . 2008-04-16 09:15 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-16 09:10 . 2008-04-16 09:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-15 20:12 . 2008-04-15 20:14 <DIR> d-------- C:\Documents and Settings\Nathan Garner\Application Data\AVG7
2008-04-15 11:15 . 2005-03-06 14:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-15 11:15 . 2005-03-06 13:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-15 11:15 . 2008-04-15 11:15 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-15 11:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-04-15 11:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-04-15 11:09 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-04-15 11:09 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-04-15 11:09 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-04-15 11:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-04-15 11:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-04-15 10:39 . 2008-04-15 10:45 <DIR> d-------- C:\fixwareout
2008-04-15 10:26 . 2008-04-15 10:32 <DIR> d-------- C:\Documents and Settings\Shannon Talley\Application Data\AVG7
2008-04-14 19:25 . 2008-04-14 19:27 <DIR> d-------- C:\Documents and Settings\Leah Talley\Application Data\AVG7
2008-04-14 19:24 . 2008-04-14 19:24 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-14 19:24 . 2008-04-14 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-14 19:24 . 2008-04-14 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-13 21:45 . 2008-04-15 11:19 4,508 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-04-13 21:07 . 2008-04-13 21:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 18:20 . 2008-03-30 21:05 <DIR> d-------- C:\ae2f743828b652f46ce646d64bfce1
2008-03-30 10:49 . 2008-03-30 10:49 <DIR> d-------- C:\Program Files\UbiSoft
2008-03-28 19:51 . 2008-04-04 21:42 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-03-28 19:51 . 2008-03-28 19:51 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-03-28 00:33 . 2008-03-28 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-24 16:48 . 2008-03-24 16:48 98,352 --a--c--- C:\Documents and Settings\Nathan Garner\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 01:33 160 -c--a-w C:\Documents and Settings\Shannon Talley\Application Data\wklnhst.dat
2008-04-15 17:29 --------- d-----w C:\Program Files\SC
2008-04-15 17:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 02:53 --------- d-----w C:\Program Files\Dl_cats
2008-04-07 04:39 --------- d-----w C:\Program Files\LimeWire
2008-04-07 04:39 --------- d-----w C:\Program Files\Incomplete
2008-04-03 02:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 02:55 --------- d-----w C:\Program Files\THQ
2008-04-03 02:26 --------- d-----w C:\Program Files\The Learning Company
2008-04-03 02:24 --------- d-----w C:\Program Files\Scholastic
2008-03-30 16:47 --------- d-----w C:\Program Files\Pony Luv
2008-03-29 07:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-28 06:33 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-25 00:21 696 -c--a-w C:\Documents and Settings\Nathan Garner\Application Data\wklnhst.dat
2006-07-12 20:55 160 -c--a-w C:\Documents and Settings\Leah Talley\Application Data\wklnhst.dat
.
(((((((((((((((((((((((((((((
snapshot@2008-04-15_11.30.39.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 17:23:58 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-17 21:59:10 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2006-06-26 17:37:10 148,480 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
- 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-12-06 11:01:25 625,664 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
+ 2008-02-29 08:55:46 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-03-02 00:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-12-07 02:21:48 105,984 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
- 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
- 2004-08-04 11:00:00 45,568 ----a-w C:\WINDOWS\SYSTEM32\DNSRSLVR.DLL
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 -c--a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2008-04-04 00:05:09 302,032 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-04-16 23:10:29 302,032 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
- 2007-12-07 02:21:45 63,488 -c--a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2007-12-06 11:00:57 70,656 -c--a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c--a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c--a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c--a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 -c--a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2007-12-07 02:21:46 44,544 -c--a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c--a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-03-05 16:30:54 19,148,408 -c--a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 -c--a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2007-12-07 02:21:47 459,264 -c--a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c--a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-03-02 00:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 22:38 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04 5562368]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-05-06 15:52 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-05-06 15:48 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03 49263]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 13:03 135168]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 13:36 290816]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 15:41 69632]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-05 22:08 50688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-22 08:54 155648]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 06:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1171159395\ee\AOLSoftware.exe" [2007-10-08 15:50 41824]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:03 53248]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2006-10-31 14:34 20752]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-23 19:54 26112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-14 19:24 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04 5562368]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-14 19:24 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-03-06 14:07:03 156784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36 806912]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1171159395\\ee\\aolsoftware.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\lib\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys []
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-17 16:00:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\msiexec.exe
C:\WINDOWS\SYSTEM32\msiexec.exe
C:\WINDOWS\SYSTEM32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-04-17 16:05:20 - machine was rebooted [Shannon Talley]
ComboFix-quarantined-files.txt 2008-04-17 22:05:13
ComboFix2.txt 2008-04-15 17:31:00
Pre-Run: 56,672,268,288 bytes free
Post-Run: 56,670,957,568 bytes free
.
2008-04-16 23:04:09 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:30 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1171159395\ee\AOLSoftware.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171159395\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) -
http://www112.coolsa...oad/cscmv5X.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8831 bytes
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
The computer I'm working on is trying to get us to download Spycrusher. It's just the symptom of the computer having been run with outdated McAfee definitions and no anti-spyware. I ran ATF cleaner, Hijack This and then Smitfraud Fix. Smitfraudfix indicates a DNS hijack among other problems. Please help. The computer has Windows XP SP2. I don't know if updates have been downloaded and installed because I'm not letting this baby get on line. Thank you!- Jcatsmom
I don't know if it has interferred with operations, but several processes had been trying to occur on opening the computer each time. Separate users had files waiting to be written to CD, so I have resolved that. Apparently they had initiated installation of MS Word, but I haven't wanted to go ahead with it until we had the malware resolved. Should I install or is there a way we can cancel for now? Malwarebytes had good success. Here are my logs:
