Jump to content

Registry error and AV disabled after having MS Juan


Recommended Posts

My computer recently had the prunnet virus. I scanned with several different things to get rid of it, and found that my computer was infected with the MS Juan/virtumonde virus as well. It took me several days, and much research to get rid of this virus. After running some things in safe mode, I finally got rid of it, or so I thought. This was a month or two ago, and now just this week, my mother informed me that our AVG anti-virus has been disabled. My first thoughts were oh no, the virus is back. :) I told her to open her task manager so I could see what was running, but it said it has been disabled by the administrator. I know that is another sign of a virus. I do not know enough about computers to know what to do from here.

I tried to reinstall AVG, but kept getting installation errors, so I tried to get into the registry to clean it up, but it closed immediately, with an error that I could barely read. After starting it several times and reading little chunks of the error each time, I found that it read- Cannot open super juan: error while opening key. Another thing I noticed, is that when I am on the computer doing random things, playing a game or whatever, I will hear an error sound, but I see nothing running, and there is no error message.

I installed Malwarebytes Anti Malware succesfully, but it would not run at all. I currently do not have a working anti-virus on my computer, so I am worried. Hopefully I can get help asap, as I do not know what to do. Do I still have MS Juan on my computer, or did I get rid of it, and the registry is just still changed? I'm not sure what info will be needed, but I will provide anything asked in a response. :)

Link to post
Share on other sites

  • Root Admin

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

It would not run Combofix, so I had to rename the program to FixIt, and it started right up. But I cannot get HijackThis to run, I tried renaming, and redownloading it, but it just opens the window, but then closes it immediately. I'm guessing that's the virus blocking the programs? I did not have this before when I was trying to remove it. MS Juan is just horrible, I really hope I can get rid of it. I'm sorry I couldn't get the HiJackThis log, but I have no idea how to get the program to run.

ComboFix 09-01-21.04 - Laura 2009-01-24 5:37:15.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2634 [GMT -6:00]

Running from: c:\documents and settings\Laura\Desktop\FixIt.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Daniel\Application Data\FunWebProducts

c:\program files\Common Files\uninstall information

c:\program files\windows

c:\program files\windows\FONTS\TAHOMA.TTF

c:\program files\windows\FONTS\TAHOMABD.TTF

c:\program files\windows\HELP\AGT0409.HLP

c:\program files\windows\HELP\WZCNFLCT.CHM

c:\program files\windows\HH.EXE

c:\program files\windows\INF\AGTINST.INF

c:\program files\windows\MEDIA\OFFICE2K\APPLAUSE.WAV

c:\program files\windows\MEDIA\OFFICE2K\CAMERA.WAV

c:\program files\windows\MEDIA\OFFICE2K\CARBRAKE.WAV

c:\program files\windows\MEDIA\OFFICE2K\CASHREG.WAV

c:\program files\windows\MEDIA\OFFICE2K\CHIMES.WAV

c:\program files\windows\MEDIA\OFFICE2K\CLAP.WAV

c:\program files\windows\MEDIA\OFFICE2K\DRIVEBY.WAV

c:\program files\windows\MEDIA\OFFICE2K\DRUMROLL.WAV

c:\program files\windows\MEDIA\OFFICE2K\EXPLODE.WAV

c:\program files\windows\MEDIA\OFFICE2K\GLASS.WAV

c:\program files\windows\MEDIA\OFFICE2K\GUNSHOT.WAV

c:\program files\windows\MEDIA\OFFICE2K\LASER.WAV

c:\program files\windows\MEDIA\OFFICE2K\PROJCTOR.WAV

c:\program files\windows\MEDIA\OFFICE2K\RICOCHET.WAV

c:\program files\windows\MEDIA\OFFICE2K\TYPE.WAV

c:\program files\windows\MEDIA\OFFICE2K\WHOOSH.WAV

c:\program files\windows\MSAGENT\AGENTANM.DLL

c:\program files\windows\MSAGENT\AGENTCTL.DLL

c:\program files\windows\MSAGENT\AGENTDP2.DLL

c:\program files\windows\MSAGENT\AGENTDPV.DLL

c:\program files\windows\MSAGENT\AGENTMPX.DLL

c:\program files\windows\MSAGENT\AGENTPSH.DLL

c:\program files\windows\MSAGENT\AGENTSR.DLL

c:\program files\windows\MSAGENT\AGENTSVR.EXE

c:\program files\windows\MSAGENT\AGTCTL15.TLB

c:\program files\windows\MSAGENT\AGTINTL.DLL

c:\program files\windows\MSAGENT\INTL\AGT0409.DLL

c:\program files\windows\MSAGENT\MSLWVTTS.DLL

c:\program files\windows\MSDFMAP.INI

c:\program files\windows\SHELLNEW\BINDER.OBD

c:\program files\windows\SHELLNEW\EXCEL9.XLS

c:\program files\windows\SHELLNEW\PWRPNT9.POT

c:\program files\windows\SHELLNEW\WINWORD8.DOC

c:\windows\IE4 Error Log.txt

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\config.dat

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))

.

2009-01-23 15:56 . 2009-01-23 15:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-23 15:56 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-01-23 15:56 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-01-23 15:48 . 2009-01-23 15:48 204 --a------ c:\program files\37E5DM1B.bat

2009-01-23 15:47 . 2009-01-23 15:48 <DIR> d-------- c:\program files\Bazooka Scanner

2009-01-23 15:27 . 2009-01-23 15:27 10,520 --------- c:\windows\SYSTEM32\avgrsstx.dll

2009-01-23 13:49 . 2009-01-23 15:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-01-23 13:20 . 2009-01-23 13:20 11,776 --ah----- c:\documents and settings\Laura\xhbcd.exe

2009-01-23 10:38 . 1995-06-23 09:55 92,208 -ra------ c:\windows\SYSTEM\WING.DLL

2009-01-23 10:38 . 1996-06-04 22:09 12,800 -ra------ c:\windows\SYSTEM\wing32.dll

2009-01-23 08:14 . 2009-01-23 08:14 11,776 --ah----- c:\documents and settings\Daniel\eqedm.exe

2009-01-23 08:00 . 2009-01-23 08:00 11,776 --ah----- c:\documents and settings\John\wolnmoj.exe

2009-01-22 15:01 . 2009-01-22 15:01 11,776 --ah----- c:\documents and settings\Laura\pmh.exe

2009-01-22 07:33 . 2009-01-22 07:33 11,776 --ah----- c:\documents and settings\Daniel\yetlya.exe

2009-01-21 18:43 . 2009-01-21 18:43 11,776 --ah----- c:\documents and settings\Laura\qws.exe

2009-01-21 17:23 . 2009-01-21 17:23 11,776 --ah----- c:\documents and settings\Daniel\mgagaik.exe

2009-01-21 15:27 . 2009-01-21 15:27 11,776 --ah----- c:\documents and settings\Laura\sckeant.exe

2009-01-21 06:29 . 2009-01-21 06:29 11,776 --ah----- c:\documents and settings\Daniel\qbxtpu.exe

2009-01-21 06:28 . 2009-01-21 06:28 11,776 --ah----- c:\documents and settings\Daniel\rey.exe

2009-01-20 15:00 . 2009-01-20 15:00 11,776 --ah----- c:\documents and settings\Laura\noawrb.exe

2009-01-20 06:09 . 2009-01-20 06:09 11,776 --ah----- c:\documents and settings\Daniel\siws.exe

2009-01-19 15:14 . 2009-01-19 15:14 11,776 --ah----- c:\documents and settings\Laura\igeyvt.exe

2009-01-18 19:39 . 2009-01-18 19:39 11,776 --ah----- c:\documents and settings\Laura\twjpf.exe

2009-01-18 18:36 . 2009-01-18 18:36 11,776 --ah----- c:\documents and settings\Daniel\ttaleo.exe

2009-01-18 12:28 . 2009-01-18 12:36 34 --a------ c:\documents and settings\Daniel\jagex_runescape_preferences.dat

2009-01-18 11:27 . 2009-01-18 11:27 11,776 --ah----- c:\documents and settings\Daniel\hxj.exe

2009-01-18 09:46 . 2009-01-18 09:46 11,776 --ah----- c:\documents and settings\Daniel\lfi.exe

2009-01-18 08:48 . 2009-01-18 08:48 11,776 --ah----- c:\documents and settings\Daniel\jrg.exe

2009-01-18 08:38 . 2009-01-18 08:38 11,776 --ah----- c:\documents and settings\Daniel\wmgv.exe

2009-01-18 07:26 . 2009-01-18 07:26 11,776 --ah----- c:\documents and settings\Daniel\hgxsa.exe

2009-01-18 04:27 . 2009-01-18 04:27 34,016 --a------ c:\windows\SYSTEM32\DRIVERS\tgyulcch.sys

2009-01-18 04:16 . 2009-01-23 13:20 66,560 ---h----- c:\windows\SYSTEM32\secupdat.dat

2009-01-18 04:16 . 2009-01-18 04:16 11,776 --ah----- c:\documents and settings\Laura\rceemm.exe

2009-01-17 10:09 . 2009-01-23 08:00 54,156 --ah----- c:\windows\QTFont.qfn

2009-01-17 10:09 . 2009-01-17 10:09 1,409 --a------ c:\windows\QTFont.for

2009-01-15 12:37 . 2009-01-15 18:36 48,640 -r-hs---- c:\windows\SYSTEM32\mvcsvm.exe

2009-01-08 19:05 . 2009-01-08 19:05 <DIR> d-------- c:\program files\Abbyy FineReader 6.0 Sprint

2008-12-28 01:02 . 2008-12-28 01:02 <DIR> d-------- c:\documents and settings\Laura\Application Data\Yahoo!

2008-12-27 18:44 . 2008-12-28 00:29 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-12-27 18:44 . 2008-12-27 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-27 05:32 . 2008-12-27 05:32 (2) -rahs-ot- c:\windows\winstart.bat

2008-12-27 05:30 . 2008-12-27 05:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-27 05:28 . 2008-12-27 19:58 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-27 05:28 . 2008-12-27 19:58 <DIR> d-------- c:\documents and settings\Laura\Application Data\SUPERAntiSpyware.com

2008-12-26 18:04 . 2008-12-26 18:04 <DIR> d-------- c:\windows\SYSTEM32\Service

2008-12-26 17:49 . 2008-12-26 17:49 <DIR> d-------- c:\documents and settings\Laura\Application Data\Malwarebytes

2008-12-26 17:49 . 2008-12-26 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-26 17:45 . 2008-12-27 06:23 <DIR> d-------- c:\program files\Trend Micro

2008-12-26 16:46 . 2008-12-26 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI

2008-12-24 21:12 . 2007-09-24 14:36 <DIR> d-------- C:\en

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-23 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-23 21:15 --------- d-----w c:\program files\lx_cats

2009-01-23 19:49 --------- d-----w c:\program files\Yahoo!

2009-01-23 19:48 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!

2009-01-23 15:39 --------- d-----w c:\documents and settings\Daniel\Application Data\LimeWire

2009-01-20 22:54 --------- d-----w c:\program files\World of Warcraft

2009-01-09 12:42 --------- d-----w c:\program files\Lexmark Fax Solutions

2009-01-09 00:31 --------- d-----w c:\documents and settings\Laura\Application Data\FaxCtr

2009-01-05 00:17 --------- d-----w c:\program files\LimeWire

2008-12-30 21:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-12-28 20:43 --------- d-----w c:\documents and settings\Daniel\Application Data\Yahoo!

2008-12-28 01:58 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-27 23:48 --------- d-----w c:\program files\Java

2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

2008-12-12 19:51 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ----a-w c:\windows\SYSTEM32\DLLCACHE\srv.sys

2008-12-06 20:40 --------- d-----w c:\program files\Alwil Software

2008-11-10 11:43 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll

2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

2005-04-01 21:34 0 -c-ha-w c:\documents and settings\John\hpothb07.dat

2001-04-03 03:31 8,628 -c-ha-r c:\program files\setup.GID

2008-09-25 21:36 32,768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008092520080926\index.dat

.

------- Sigcheck -------

2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-13 18:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\ServicePackFiles\i386\svchost.exe

2008-04-13 18:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SYSTEM32\svchost.exe

2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\$NtServicePackUninstall$\user32.dll

md5deep: c:\windows\$NtUninstallKB824141$\user32.dll: Permission denied

2003-09-25 10:49 560128 32173306185f603e75c477e117f3bb8d c:\windows\$NtUninstallKB840987$\user32.dll

2004-08-04 01:56 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll

2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll

2008-04-13 18:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\ServicePackFiles\i386\user32.dll

2008-04-13 18:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SYSTEM32\user32.dll

2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\$NtServicePackUninstall$\ws2_32.dll

2008-04-13 18:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\ServicePackFiles\i386\ws2_32.dll

2008-04-13 18:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SYSTEM32\ws2_32.dll

2004-09-29 12:27 656896 2c07195588d69a067c2afdaa31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll

2005-01-27 11:08 657920 a8eac5330876548e9966a7d13025d196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll

2005-05-02 14:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll

2005-03-10 01:43 657920 c8663b488996e89a84c3d17c1d12b79e c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll

2005-09-02 17:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll

2005-07-02 20:09 659456 6e533d155b259eb2363d3e04b5be309f c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

2005-10-20 21:38 661504 af785c4947676a7fc1673fdc5c8d0b5b c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2007-08-20 04:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

2007-10-10 17:47 825344 0e5d918f87efa7d2424d66b499c7eb04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2008-06-23 10:01 827904 c66402a06b83b036c195242c0c8cf83c c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2008-08-26 03:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

2008-10-16 14:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

2004-08-04 01:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtServicePackUninstall$\wininet.dll

2004-08-04 01:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtUninstallKB834707$\wininet.dll

2004-02-06 17:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 c:\windows\$NtUninstallKB834707-IE6SP1-20040929.091901$\wininet.dll

2004-09-29 12:47 656896 cba65b573c66fe23f647ff96e3a10994 c:\windows\$NtUninstallKB867282$\wininet.dll

2005-03-10 02:02 656896 6f018d6319be4f96426ea829b79e05d5 c:\windows\$NtUninstallKB883939$\wininet.dll

2005-01-27 11:13 656896 b5e043e440b210014e021b24cf0a72e3 c:\windows\$NtUninstallKB890923$\wininet.dll

2005-07-02 20:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 c:\windows\$NtUninstallKB896688$\wininet.dll

2005-05-02 14:52 657920 1a078af3f85d10ba56444c23b3a18e74 c:\windows\$NtUninstallKB896727$\wininet.dll

2005-09-02 17:52 658432 af61ebb1f550175eff406d545d6ab086 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-20 21:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 c:\windows\$NtUninstallKB912812$\wininet.dll

2006-03-03 21:58 663552 c0845ecbf4f9164e618ee381b79c9032 c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-09 23:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 05:25 664576 64ce26db72810b30f7855ea51e1df836 c:\windows\$NtUninstallKB922760$\wininet.dll

2006-09-14 02:31 664576 d207370287cf769aebebf03837784963 c:\windows\$NtUninstallKB925454$\wininet.dll

2006-10-23 09:34 664576 231ef4179acabe486376b5ca893f1076 c:\windows\$NtUninstallKB928090$\wininet.dll

2007-01-04 08:05 665088 3ffa1573fc274e5aa7467d03941c45ee c:\windows\$NtUninstallKB931768$\wininet.dll

2007-02-20 03:52 665600 b258c922d22deec880b60720531d7627 c:\windows\$NtUninstallKB933566$\wininet.dll

2007-04-18 06:46 665600 4261ba03afd659de04f0a17dfbdd454d c:\windows\$NtUninstallKB937143$\wininet.dll

2007-06-26 08:35 665600 e1a3dd68b5380b360a7310a64d9bb188 c:\windows\$NtUninstallKB939653$\wininet.dll

2007-08-22 06:55 665600 a1bc17eb3758d73c3938b2318820f5b4 c:\windows\ie7\wininet.dll

2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB939653-IE7\wininet.dll

2007-08-20 04:04 824832 774435e499d8e9643ec961a6103c361f c:\windows\ie7updates\KB942615-IE7\wininet.dll

2007-10-10 17:56 824832 30c1e0f34ad2972c72a01db5c74ab065 c:\windows\ie7updates\KB953838-IE7\wininet.dll

2008-06-23 10:57 826368 8c13d4a7479fa0a026eda8abce82c0ed c:\windows\ie7updates\KB956390-IE7\wininet.dll

2008-08-26 01:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll

2008-04-13 18:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\ServicePackFiles\i386\wininet.dll

2007-08-20 04:04 824832 774435e499d8e9643ec961a6103c361f c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\wininet.dll

2007-08-20 04:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\wininet.dll

2008-04-22 22:16 826368 f6589be784647cfdbc22ea51ccb1a57a c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2GDR\wininet.dll

2008-04-22 21:35 827392 41546b396a526918da7995a02ea04e51 c:\windows\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2QFE\wininet.dll

2008-10-16 14:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\SYSTEM32\wininet.dll

2008-10-16 14:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\SYSTEM32\DLLCACHE\wininet.dll

2005-05-25 13:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

2006-01-13 11:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 04:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

2008-06-20 05:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys

2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys

2005-05-25 13:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys

2006-01-12 20:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys

2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys

2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys

2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys

2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys

2008-06-20 05:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SYSTEM32\DLLCACHE\tcpip.sys

2008-06-20 05:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SYSTEM32\DRIVERS\tcpip.sys

2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe

2002-08-29 05:00 516608 2246d8d8f4714a2cedb21ab9b1849abb c:\windows\$NtUninstallKB840987$\winlogon.exe

2008-04-13 18:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\ServicePackFiles\i386\winlogon.exe

2008-04-13 18:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SYSTEM32\winlogon.exe

2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys

2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SYSTEM32\DLLCACHE\ndis.sys

2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SYSTEM32\DRIVERS\ndis.sys

2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys

2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys

2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SYSTEM32\DLLCACHE\ip6fw.sys

2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

2005-03-01 18:36 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2006-12-19 10:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

2007-02-28 03:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2008-08-14 14:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

2007-02-28 02:38 2057600 515d30e2c90a3665a2739309334c9283 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

2003-04-24 08:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3 c:\windows\$NtUninstallKB840987$\ntkrnlpa.exe

2004-08-03 23:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-01 18:34 2056832 81013f36b21c7f72cf784cc6731e0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

2006-12-19 06:55 2057600 1d659bfb788ed2ba45075624b748d249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

2008-04-13 12:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

2002-08-29 01:04 1947904 0e8efb15746878a9b256e75267337233 c:\windows\$NtUninstallQ811493$\ntkrnlpa.exe

2008-08-14 03:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\Driver Cache\I386\ntkrnlpa.exe

2008-04-13 12:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

2008-08-14 03:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\SYSTEM32\ntkrnlpa.exe

2008-08-14 03:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

2005-03-01 19:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2006-12-19 10:51 2182016 cef243f6defd20be4adde26c7ecacb54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

2007-02-28 03:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2008-08-14 15:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

2007-02-28 03:10 2180352 582a8dbaa58c3b1f176eb2817daee77c c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

2003-04-24 08:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0 c:\windows\$NtUninstallKB840987$\ntoskrnl.exe

2004-08-04 00:19 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-01 18:59 2179328 4d4cf2c14550a4b7718e94a6e581856e c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

2006-12-19 08:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

2008-04-13 13:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

2002-08-29 02:03 2042240 b9080d97dbd631aadf9128f7316958d2 c:\windows\$NtUninstallQ811493$\ntoskrnl.exe

2008-08-14 04:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\Driver Cache\I386\ntoskrnl.exe

2008-04-13 13:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe

2008-08-14 04:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\SYSTEM32\ntoskrnl.exe

2008-08-14 04:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

2008-04-13 18:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\explorer.exe

2007-06-13 05:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 04:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\$NtServicePackUninstall$\explorer.exe

2004-08-04 01:56 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe

2008-04-13 18:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\$NtServicePackUninstall$\services.exe

2008-04-13 18:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\ServicePackFiles\i386\services.exe

2008-04-13 18:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SYSTEM32\services.exe

2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\$NtServicePackUninstall$\lsass.exe

2008-04-13 18:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\ServicePackFiles\i386\lsass.exe

2008-04-13 18:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SYSTEM32\lsass.exe

2004-08-04 01:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-13 18:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\ServicePackFiles\i386\ctfmon.exe

2008-04-13 18:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SYSTEM32\ctfmon.exe

2005-06-10 18:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2005-06-10 17:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-04 01:56 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-13 18:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\ServicePackFiles\i386\spoolsv.exe

2008-04-13 18:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\SYSTEM32\spoolsv.exe

2004-08-04 01:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe

2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SYSTEM32\userinit.exe

2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SYSTEM32\DLLCACHE\userinit.exe

2004-08-04 01:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtServicePackUninstall$\termsrv.dll

2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll

2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SYSTEM32\termsrv.dll

2006-07-05 04:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

2007-04-16 10:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\$NtServicePackUninstall$\kernel32.dll

2002-08-29 05:00 930304 8f162dc91d67d87c1a481bf602a9dac8 c:\windows\$NtUninstallKB840987$\kernel32.dll

2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll

2006-07-05 04:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll

2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\ServicePackFiles\i386\kernel32.dll

2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\SYSTEM32\kernel32.dll

2004-08-04 01:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\$NtServicePackUninstall$\powrprof.dll

2008-04-13 18:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\ServicePackFiles\i386\powrprof.dll

2008-04-13 18:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SYSTEM32\powrprof.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2009-01-08 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-11-26 151597]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-12-22 98304]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]

"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]

"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]

"Mcafee VirusScan Manager"="mvcsvm.exe" [2009-01-15 c:\windows\SYSTEM32\mvcsvm.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-02 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFileAssociate"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFolderOptions"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=vnerws.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.SP54"= SP5X_32.DLL

"VIDC.XFR1"= xfcodec.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a--c--- 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a--c--- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Symantec Core LC"=3 (0x3)

"LiveUpdate Notice"=2 (0x2)

"LiveUpdate"=3 (0x3)

"CLTNetCnService"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

R0 tgyulcch;tgyulcch;c:\windows\SYSTEM32\DRIVERS\tgyulcch.sys [2009-01-18 34016]

R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

R4 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2006-10-17 3744]

R4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

R4 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2006-10-17 3904]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-06-23 24652]

S3 kbeepm;kbeepm;\??\c:\docume~1\Pamela\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Pamela\LOCALS~1\Temp\kbeepm.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGLDX86

*Deregistered* - AvgLdx86

.

Contents of the 'Scheduled Tasks' folder

2009-01-23 c:\windows\Tasks\injzxvbc.job

- c:\windows\system32\hgGyxVOh.dll []

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)

HKLM-Run-BCMSMMSG - BCMSMMSG.exe

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-Dell AIO Printer A920 - c:\program files\Dell AIO Printer A920\dlbkbmgr.exe

MSConfigStartUp-FLMOFFICE4DMOUSE - c:\program files\Browser Mouse\mouse32a.exe

MSConfigStartUp-mmtask - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dell.com

mWindow Title = Clear Lake Telephone Company

IE: &Search

TCP: {3457365E-610B-4DCA-8D8D-1AD4240DC400} = 64.33.128.10 209.143.0.10

FF - ProfilePath - c:\documents and settings\Laura\Application Data\Mozilla\Firefox\Profiles\pck4xdlf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

.

.

------- File Associations -------

.

.

**************************************************************************

scanning hidden processes ...

c:\windows\SYSTEM32\mvcsvm.exe [632] 0x8A0D4DA0

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\DJZERO]

@DACL=(02 0000)

"LTM"=hex:00,00,00,00,00,00,00,00

"CDY"=hex:00,00,00,00,00,00,00,00

"CNT"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\metajuan]

@DACL=(02 0000)

"LTM"=hex:00,00,00,00,00,00,00,00

"CDY"=hex:00,00,00,00,00,00,00,00

"CNT"=dword:00000000

"LBL"=hex:00,00,00,00,00,00,00,00

"MN"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\meta_mg]

@DACL=(02 0000)

"LTM"=hex:00,00,00,00,00,00,00,00

"CDY"=hex:00,00,00,00,00,00,00,00

"CNT"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\profiling4]

@DACL=(02 0000)

"LTM"=hex:00,00,00,00,00,00,00,00

"CDY"=hex:00,00,00,00,00,00,00,00

"CNT"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\superjuan]

@DACL=(02 0000)

"LTM"=hex:00,00,00,00,00,00,00,00

"CDY"=hex:00,00,00,00,00,00,00,00

"CNT"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\TrackDJuan]

@DACL=(02 0000)

"LTM"=hex:00,00,00,00,00,00,00,00

"CDY"=hex:00,00,00,00,00,00,00,00

"CNT"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-01-24 5:41:51

ComboFix-quarantined-files.txt 2009-01-24 11:41:48

Post-Run: 39,630,172,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

486 --- E O F --- 2009-01-14 10:04:53

Link to post
Share on other sites

  • Root Admin

Sorry for the delay, been quite busy.

Please run the following

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

Alright well thank you for getting back to me, but as I stated, I cannot run Malwarebytes' Anti-Malware. I downloaded and installed, but when I click it to run, it does not run at all. Same thing with Hijack this, it opens, then closes right away. I understand if you are busy, but I would rather wait longer and get a post that helps. What I'm asking now, as a response to your post, is what is blocking these programs? I cannot run them, I can't get you logs when I have no idea what is blocking them. I'm on XP, I turn my firewall off when I install them and try to run, and I said, I do not have a working Anti-virus on my computer.

Link to post
Share on other sites

  • Root Admin

I'll try to take a further look later tonight if I get time. Normally 99% of the time once Combofix runs then the other products are often able to run as well. Have you removed MBAM and tried to download and run a NEW copy?

I'll check back later and see what I can find.

Link to post
Share on other sites

  • Root Admin

You've got a couple things going on and Malware that is being more active in preventing the normal tools from accessing and fixing it.

I'm checking on a couple things and I may need to do follow-up with you via Private Message for this.

Do you have access to a working PC with a CD burner?

It would be much quicker to use the following if you do and then we can go from there with other tools to finish up.

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

    Avira AntiVir Rescue System
    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:


  • repair a damaged system,
  • rescue data,

  • scan the system for virus infections.


    Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
    The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Link to post
Share on other sites

  • Root Admin

Okay, thank you for letting me know.

Post closed, user will seek help from another source for now.

Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.