System Alert Pop-Up Problem

Computing.Net > Forums > Security and Virus > System Alert Pop-Up Problem

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

System Alert Pop-Up Problem

Name: Travis Farrar
Date: March 31, 2007 at 00:00:47 Pacific
OS: XP
CPU/Ram: Intell
Product: Dell Dimension 4500s

Comment:

I need some major help here. That System Alert Pop-up in driving me nuts. I heard from a friend this was the place to come if you needed PC help. So please tell me you can help me.

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: March 31, 2007 at 07:43:24 Pacific

Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user

Response Number 2

Name: Travis Farrar
Date: March 31, 2007 at 16:18:19 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 6:06:20 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\TPPALDR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
SmitFraudFix v2.162
Scan done at 18:14:22.34, Sat 03/31/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\TPPALDR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Messenger\msmsgs.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\oyopu.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}"="homina"
[HKEY_CLASSES_ROOT\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@="C:\WINDOWS\system32\oyopu.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@="C:\WINDOWS\system32\oyopu.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Westell USB Network Interface - Packet Scheduler Miniport
DNS Server Search Order: 67.14.192.2
DNS Server Search Order: 67.14.192.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E11D87E-36A4-4A06-9E22-4449616B466A}: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E11D87E-36A4-4A06-9E22-4449616B466A}: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E11D87E-36A4-4A06-9E22-4449616B466A}: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=67.14.192.2 67.14.192.3

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 3

Name: jabuck
Date: April 1, 2007 at 12:49:24 Pacific

Reply:

Sorry for the delay, my satelite craped out then my computer died.
Turn off Norton's ScriptBlocking, run smitfraudfix option #2, then re-enable scriptblocking:
To disable Norton AntiVirus Script Blocking:

Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options.
If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Let us know how the computer is operating.

Response Number 4

Name: Travis Farrar
Date: April 1, 2007 at 20:55:49 Pacific

Reply:

My computer is runing ultra slow but the system alert pop-up seems to be gone. Is there anything else I need to do to speed my computer back up. Heres the text file you wanted. SmitFraudFix v2.162
Scan done at 22:39:37.82, Sun 04/01/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}"="homina"
[HKEY_CLASSES_ROOT\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@="C:\WINDOWS\system32\oyopu.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@="C:\WINDOWS\system32\oyopu.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\oyopu.dll -> Hoax.Win32.Renos.gen.j
C:\WINDOWS\system32\oyopu.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E11D87E-36A4-4A06-9E22-4449616B466A}: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E11D87E-36A4-4A06-9E22-4449616B466A}: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E11D87E-36A4-4A06-9E22-4449616B466A}: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=67.14.192.2 67.14.192.3
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=67.14.192.2 67.14.192.3

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 5

Name: jabuck
Date: April 2, 2007 at 14:47:23 Pacific

Reply:

Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

ialmrnt5 driver cache fltmgr.sys	mshearts.exe smwdm.sys vista igfxres.dll
See More

Response Number 6

Name: Travis Farrar
Date: April 2, 2007 at 16:38:07 Pacific

Reply:

Thanks for all the help jabuck, here is the file you wanted."Owner" - 07-04-02 18:30:03 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))

2007-04-01 22:25 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-31 18:14 2,450 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-31 18:13 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-31 18:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-31 18:13 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-31 18:13 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-31 18:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-31 18:13 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-31 15:44 <DIR> d-------- C:\DOCUME~1\Robin\APPLIC~1\Adobe
2007-03-31 00:48 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Adobe
2007-03-30 23:44 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-03-30 23:44 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-03-30 23:44 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-03-30 23:44 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-03-30 23:44 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-03-30 23:44 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-03-30 23:44 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-03-30 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-30 23:04 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-03-30 22:17 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-28 22:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-03-28 22:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-03-28 22:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-25 01:16 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-03-25 01:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-25 01:07 <DIR> d--hs---- C:\DOCUME~1\Owner\UserData
2007-03-23 17:20 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-22 01:12 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-22 01:12 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-22 01:12 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-22 01:03 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-20 00:05 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-03-19 19:15 <DIR> d-------- C:\DOCUME~1\Robin\APPLIC~1\Google
2007-03-19 19:04 <DIR> d-------- C:\Program Files\SymNetDrv
2007-03-19 18:51 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-19 18:51 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-03-19 18:51 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-03-19 18:51 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Symantec
2007-03-19 18:50 <DIR> d-------- C:\Program Files\Symantec
2007-03-19 18:50 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-19 18:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-03-19 18:42 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-03-19 18:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-03-19 18:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-19 18:32 <DIR> d-------- C:\Program Files\Google
2007-03-19 18:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-03-19 16:49 135,168 -ra------ C:\WINDOWS\system32\WestCoIn.dll
2007-03-19 16:44 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-03-19 16:44 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-03-19 16:44 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-03-19 16:43 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-19 16:41 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-03-19 16:41 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-03-19 16:40 63,148 --a------ C:\WINDOWS\system32\EBPMON2.DLL
2007-03-19 16:40 57,344 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-03-19 16:40 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-03-19 16:40 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-19 16:40 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-19 16:40 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2007-03-19 16:40 <DIR> d-------- C:\Program Files\EPSON
2007-03-19 16:39 86,016 --a------ C:\WINDOWS\system32\Spcfbcpl.dll
2007-03-19 16:39 82,944 --------- C:\WINDOWS\system32\Spccomdd.dll
2007-03-19 16:39 53,248 --------- C:\WINDOWS\system32\Esicm.dll
2007-03-19 16:39 33,280 --------- C:\WINDOWS\system32\esccm.dll
2007-03-19 16:39 32,768 --------- C:\WINDOWS\system32\escwiab.dll
2007-03-19 16:39 27,648 --------- C:\WINDOWS\system32\escimg.dll
2007-03-19 16:39 180,224 --------- C:\WINDOWS\system32\Esdtr.dll
2007-03-19 16:39 <DIR> d-------- C:\EPSON
2007-03-19 16:35 <DIR> d-------- C:\Program Files\Ahead
2007-03-19 16:32 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-19 16:32 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-03-19 16:32 <DIR> d-------- C:\DOCUME~1\Owner\WINDOWS
2007-03-19 16:29 89,057 --a------ C:\WINDOWS\system32\tppun.exe
2007-03-19 16:29 43,269 --a------ C:\WINDOWS\system32\drivers\tpp725.sys
2007-03-19 16:29 35,541 --a------ C:\WINDOWS\system32\drivers\tpp200.sys
2007-03-19 16:29 33,669 --a------ C:\WINDOWS\system32\drivers\tpp300.sys
2007-03-19 16:29 212,992 --a------ C:\WINDOWS\tppnttry.exe
2007-03-19 16:29 21,866 --a------ C:\Program Files\Common Files\tppupd2k.dll
2007-03-19 16:29 17,077 --a------ C:\WINDOWS\system32\tppui32.dll
2007-03-19 16:29 118,784 --a------ C:\WINDOWS\tppaldr.exe
2007-03-19 16:29 <DIR> d-------- C:\WINDOWS\Drivers
2007-03-19 16:25 <DIR> d-------- C:\Program Files\Microsoft Encarta
2007-03-19 16:24 1,572,864 --ah----- C:\DOCUME~1\Robin\NTUSER.DAT
2007-03-19 16:16 <DIR> d-------- C:\Program Files\Microsoft Money
2007-03-19 16:14 <DIR> d-------- C:\WINDOWS\ShellNew
2007-03-19 16:14 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-03-19 16:11 <DIR> d-------- C:\Program Files\Microsoft Works
2007-03-19 16:10 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2002
2007-03-19 16:06 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-19 16:06 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-19 15:46 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-03-19 15:22 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-19 15:22 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-19 15:22 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-19 15:22 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-19 15:22 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-19 15:22 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-19 15:22 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-19 15:22 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-19 15:22 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-19 15:22 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-19 15:22 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-19 15:22 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-19 15:22 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-19 15:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-19 15:21 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2007-03-19 15:21 459,944 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-03-19 15:21 45,056 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-03-19 15:21 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2007-03-19 15:21 28,672 --a------ C:\WINDOWS\system32\Aud2Full.exe
2007-03-19 15:21 2,619 --a------ C:\WINDOWS\system32\drivers\sensupgd.sys
2007-03-19 15:21 <DIR> d-------- C:\Program Files\Analog Devices
2007-03-19 13:59 <DIR> d--hs---- C:\RECYCLER
2007-03-19 12:31 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-03-19 12:26 879,228 --a------ C:\WINDOWS\system32\ialmdd5.dll
2007-03-19 12:26 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-03-19 12:26 807,998 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-03-19 12:26 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4342.dll
2007-03-19 12:26 516,096 --a------ C:\WINDOWS\system32\ialmgdev.dll
2007-03-19 12:26 503,808 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-03-19 12:26 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll
2007-03-19 12:26 45,056 --a------ C:\WINDOWS\system32\igfxdgps.dll
2007-03-19 12:26 38,016 --a------ C:\WINDOWS\system32\ialmrnt5.dll
2007-03-19 12:26 36,864 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-03-19 12:26 348,160 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-03-19 12:26 225,280 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-03-19 12:26 225,280 --a------ C:\WINDOWS\system32\igfxeud.dll
2007-03-19 12:26 2,289,664 --a------ C:\WINDOWS\system32\ialmgicd.dll
2007-03-19 12:26 178,844 --a------ C:\WINDOWS\system32\ialmdev5.dll
2007-03-19 12:26 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-03-19 12:26 151,552 --a------ C:\WINDOWS\system32\igfxdiag.exe
2007-03-19 12:26 139,264 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-03-19 12:26 126,976 --a------ C:\WINDOWS\system32\igfxhk.dll
2007-03-19 12:26 126,976 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-03-19 12:26 118,784 --a------ C:\WINDOWS\system32\hccutils.dll
2007-03-19 12:26 114,688 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-03-19 12:26 108,157 --a------ C:\WINDOWS\system32\ialmdnt5.dll
2007-03-19 12:26 106,496 --a------ C:\WINDOWS\system32\igfxext.exe
2007-03-19 12:26 1,245,184 --a------ C:\WINDOWS\system32\igfxress.dll
2007-03-19 12:26 <DIR> d-------- C:\Drivers
2007-03-19 12:22 <DIR> d-------- C:\Program Files\Intel
2007-03-19 12:21 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-19 12:21 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-19 12:21 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-19 12:21 <DIR> d-------- C:\dell
2007-03-19 10:44 2,359,296 --ah----- C:\DOCUME~1\Owner\NTUSER.DAT
2007-03-19 10:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-19 10:43 262,144 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-19 10:43 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-19 10:43 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-19 10:40 225,280 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-19 10:40 0 -rahs---- C:\MSDOS.SYS
2007-03-19 10:40 0 -rahs---- C:\IO.SYS
2007-03-19 10:40 0 --a------ C:\CONFIG.SYS
2007-03-19 10:40 0 --a------ C:\AUTOEXEC.BAT
2007-03-19 10:40 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-19 10:40 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-19 10:39 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-19 10:38 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-19 10:38 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-19 10:38 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-19 10:38 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-19 10:37 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-19 10:37 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-19 10:37 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-19 10:37 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-19 10:37 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-19 10:37 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-19 10:37 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-19 10:37 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-19 10:37 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-19 10:37 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-19 10:37 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-19 10:37 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-19 10:37 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-19 10:37 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-19 10:37 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-19 10:37 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-19 10:37 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-19 10:37 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-19 10:37 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-19 10:37 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-19 10:37 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-19 10:37 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-19 10:37 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-19 10:37 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-19 10:37 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-19 10:37 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-19 10:37 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-19 10:37 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-19 10:37 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-19 10:37 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-19 10:37 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-19 10:37 <DIR> d---s---- C:\WINDOWS\Tasks
2007-03-19 10:37 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-03-19 10:37 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-03-19 10:37 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-19 10:37 <DIR> d-------- C:\WINDOWS\srchasst
2007-03-19 10:37 <DIR> d-------- C:\Program Files\Movie Maker
2007-03-19 10:37 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-03-19 10:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-19 10:36 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-19 10:36 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-19 10:36 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-19 10:36 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-19 10:36 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-19 10:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-19 10:36 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-19 10:36 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-19 10:36 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-19 10:36 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-19 10:36 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-19 10:36 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-19 10:36 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-19 10:36 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-19 10:36 <DIR> d-------- C:\WINDOWS\Registration
2007-03-19 10:35 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-19 10:35 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-19 10:35 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-19 10:35 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-19 10:35 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-19 10:35 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-19 10:35 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-19 10:35 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-19 10:35 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-19 10:35 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-19 10:35 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-19 10:35 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-19 10:35 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-19 10:35 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-19 10:35 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-19 10:35 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-19 10:35 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-19 10:35 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-19 10:35 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-19 10:35 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-19 10:35 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-19 10:35 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-19 10:35 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-19 10:35 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-19 10:35 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-19 10:35 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-19 10:35 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-19 10:35 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-19 10:35 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-19 10:35 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-19 10:35 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-19 10:35 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-19 10:35 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-19 10:35 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-19 10:35 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-19 10:35 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-19 10:35 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-19 10:35 <DIR> d-------- C:\Program Files\Online Services
2007-03-19 10:35 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-03-19 10:35 <DIR> d-------- C:\Program Files\Messenger
2007-03-19 10:34 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-19 10:34 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-19 10:34 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-19 10:34 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-19 10:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-19 10:34 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-19 10:34 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-19 10:34 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-19 10:34 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-19 10:34 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-19 10:34 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-19 10:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-19 10:34 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-19 10:34 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-19 10:34 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-19 10:34 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-19 10:34 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-19 10:34 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-19 10:34 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-19 10:34 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-19 10:34 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-19 10:34 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-19 10:34 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-19 10:34 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-19 10:34 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-19 10:34 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-19 10:34 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-19 10:34 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-19 10:34 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-19 10:34 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-19 10:34 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-19 10:34 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-19 10:34 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-19 10:34 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-19 10:34 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-19 10:34 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-19 10:34 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-19 10:34 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-19 10:34 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-19 10:34 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-19 10:34 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-19 10:34 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-19 10:34 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-19 10:34 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-19 10:34 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-19 10:34 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-19 10:34 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-19 10:34 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-03-19 10:34 <DIR> d-------- C:\WINDOWS\system32\Com
2007-03-19 10:34 <DIR> d-------- C:\Program Files\Windows NT
2007-03-19 04:31 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-19 04:30 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-03-19 04:30 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2007-03-19 04:30 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-19 04:30 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2007-03-19 04:30 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2007-03-19 04:30 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-03-19 04:30 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2007-03-19 04:29 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-19 04:29 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-03-19 04:28 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-19 04:28 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-19 04:28 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-19 04:28 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-19 04:28 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-19 04:28 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-19 04:28 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-19 04:28 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-19 04:28 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-19 04:28 69,120 --a------ C:\WINDOWS\NOTEPAD.exe
2007-03-19 04:28 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-19 04:28 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-19 04:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-19 04:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-19 04:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-19 04:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-19 04:28 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-19 04:28 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-19 04:28 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-19 04:28 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-19 04:28 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-19 04:28 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-19 04:28 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-19 04:28 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-19 04:28 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-19 04:28 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-19 04:28 15,360 --a------ C:\WINDOWS\TASKMAN.exe
2007-03-19 04:28 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-19 04:28 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-19 04:28 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-19 04:28 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-19 04:28 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-19 04:28 <DIR> dr------- C:\Program Files
2007-03-19 04:28 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-19 04:28 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-19 04:28 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-19 04:28 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-19 04:27 <DIR> d--hs---- C:\System Volume Information
2007-03-19 04:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-19 04:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-19 04:27 <DIR> d-------- C:\Documents and Settings
2007-03-19 04:20 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-19 04:20 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-19 04:20 <DIR> dr------- C:\WINDOWS\Web
2007-03-19 04:20 <DIR> d--h----- C:\WINDOWS\inf
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system32
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\system
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\security
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Resources
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\repair
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Provisioning
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\pchealth
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\mui
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\msapps
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\msagent
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Media
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\java
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\ime
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Help
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Debug
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\Config
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS\addins
2007-03-19 04:20 <DIR> d-------- C:\WINDOWS

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-19 04:28 62 --ahs---- C:\DOCUME~1\Owner\APPLIC~1\desktop.ini
2007-02-07 13:39 517840 --a------ C:\WINDOWS\system32\symneti.dll
2007-02-07 13:39 269616 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-02-07 13:39 132816 --a------ C:\WINDOWS\system32\symredir.dll
2007-02-07 13:38 47184 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-02-07 13:38 36976 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-02-07 13:38 17968 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-02-07 13:38 173392 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-02-07 13:38 11536 --a------ C:\WINDOWS\system32\drivers\symdns.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TPP Auto Loader"="C:\\WINDOWS\\TPPALDR.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-02 18:34:11

Response Number 7

Name: jabuck
Date: April 2, 2007 at 20:28:40 Pacific

Reply:

I don't see anything, try going through this cleanup procedure.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Please post the AVG AntiSpyware report.

Response Number 8

Name: Travis Farrar
Date: April 3, 2007 at 07:06:38 Pacific

Reply:

Thanks for all your continued help my computer is still running rather slow but it is inproving. Here is the AVG re----
AVG Anti-Spyware - Scan Report

+ Created at: 8:51:59 AM 4/3/2007
+ Scan result:
HKU\S-1-5-21-220523388-1770027372-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).

::Report end

Response Number 9

Name: jabuck
Date: April 3, 2007 at 16:11:56 Pacific

Reply:

Run this rootkit scan.
Please download F-Secure BlackLight
Click no to viewing unsecure pages if asked then accept the agreement.
Click download (Download Blacklight Beta graphical user interface version ) and download it to your desktop.
Double click blbeta.exe> click run> accept licence agreement> next.
Click Scan> Next. After the scan you'll see a list of all items found.
Please click Next and then Exit. Do NOT choose rename for any items yet! I need to see the log first, because legitimate items can also be present there.
A log will be created on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx are numbers)
Please post the contents of the log in your next reply.
Then run this scanner for a second opinion for viri or spyware.
Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives.
A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable.
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log on your desktop.

Response Number 10

Name: Travis Farrar
Date: April 22, 2007 at 12:53:51 Pacific

Reply:

Sorry for the late response, I had a family emergency come up. my sincerest of apologies. Here if the file you requested.
04/05/07 11:02:45 [Info]: BlackLight Engine 1.0.61 initialized
04/05/07 11:02:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/05/07 11:02:58 [Note]: 7019 4
04/05/07 11:02:58 [Note]: 7005 0
04/05/07 11:03:25 [Note]: 7006 0
04/05/07 11:03:25 [Note]: 7011 1628
04/05/07 11:03:25 [Note]: 7026 0
04/05/07 11:03:26 [Note]: 7026 0
04/05/07 11:03:50 [Note]: FSRAW library version 1.7.1021
04/05/07 11:14:27 [Note]: 7007 0

Response Number 11

Name: jabuck
Date: April 22, 2007 at 16:32:50 Pacific

Reply:

Please perform an online virus scan with F-Secure Online Scanner.
Please navigate (using Internet Explorer, other browsers won't work) to the following site: F-Secure Online Scanner

Click the Online Virus Scanner link. (Bottom of the page)
When prompted, choose to install the software.
After the software has installed, click Accept.
Click Custom Scan and check the option for Scan inside archives, then click Start.
The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.
As it has bee some time since you first posted please post a smitfruadfix scan. !!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Be sure to "alert" me once you have posted.

Sponsored Link

Ads by Google

Need a good anti keylogge...

Trojan Horse virus. Help ...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: System Alert Pop-Up Problem

system alert pop up in system tray

Summary

www.computing.net/answers/security/system-alert-pop-up-in-system-tray/21838.html

system alert pop up - help

Summary

www.computing.net/answers/security/system-alert-pop-up-help-/20103.html

system alert pop up

Summary

www.computing.net/answers/security/system-alert-pop-up/20478.html

From the Geek Dictionary
programming - The act of writing (and also debugging, maintaining, etc.) the detailed com...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Dual Boot win7 and xp problem

transfer from exp to microvault

password recovery or bypass

"save as" button

Kaspersky Internet Security 2010

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE