Windows Explorer Help

Question

thenotsothinman 0 Newbie Poster

16 Years Ago

Windows explorer won't stay open. Can someone help? Sorry for posting in another thread but I didn't know that it was a problem. I will post may hijackthis log and combofix log.

windows-virus

2 Contributors
17 Replies
183 Views
3 Days Discussion Span
Latest Post 16 Years Ago Latest Post by crunchie

All 17 Replies

crunchie 990 Most Valuable Poster

16 Years Ago

Windows explorer won't stay open. Can someone help? Sorry for posting in another thread but I didn't know that it was a problem.

Says not to right at the top of this forum;

Please be sure to always post in the appropriate sub-forum and do not hijack existing threads with your own support issue; start a new thread instead.

crunchie 990 Most Valuable Poster

16 Years Ago

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\lqurlcui.dll
C:\WINDOWS\system32\pxityfwo.dll
C:\WINDOWS\system32\gdjorkqi.dll

==

Update hijackthis to version 2.0.2. Post a new log.

crunchie 990 Most Valuable Poster

16 Years Ago

And the other two?

crunchie 990 Most Valuable Poster

16 Years Ago

Please go here & install ALL critical updates required for your system, including service pack 1a for both XP and IE6.
Most malware is designed to attack unpatched XP systems - exploiting the available 'holes' - and can bypass third-party protection on an unpatched system. The most that can be done with an unpatched system is put a temporary bandage on it. Your system can potentially be reinfected within minutes of cleaning it.
Post back a new hijackthis log after rebooting your system.

==

A. Please RUN HijackThis

Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {BC39052B-A46D-464A-B131-0B9487D26429} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: fyiqkdrn - C:\WINDOWS\
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

B. 1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::
File::
C:\WINDOWS\system32\lqurlcui.dll
C:\WINDOWS\system32\pxityfwo.dll
C:\WINDOWS\system32\gdjorkqi.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]

7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

=========

Before you do a scan with hijackthis, do the following;

Go to Start | Run and type in msconfig and hit OK. Select the Startup Tab.
Select the Enable All button and hit Apply and OK out.
Do not reboot.
Do a scan with hijackthis and save the log.
Go back into msconfig and change back to how it was before.

crunchie 990 Most Valuable Poster

16 Years Ago

Congratulations! Your log looks clean.

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Download CCleaner and install, then run it. It will clear out your temp folders.

Uncheck "Cookies" under "Internet Explorer".
Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Close when finished.

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

Install and keep updated, AVG anti-spyware, Ad-Aware SE and Spybot S&D.
Run them all on a regular basis, following the maker's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run and type msconfig and press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

thenotsothinman commented: YOU WERE GREAT HELP, THANKS +1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

thenotsothinman 0 Newbie Poster · Answer 1 · 2008-04-12T08:53:42+00:00

Here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 9:51:59 PM, on 4/11/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {BC39052B-A46D-464A-B131-0B9487D26429} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fyiqkdrn - C:\WINDOWS\
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

thenotsothinman 0 Newbie Poster · Answer 2 · 2008-04-12T08:55:14+00:00

Here is my combofix log.

ComboFix 08-04-09.9 - Shane 2008-04-11 15:34:18.2 - NTFSx86
Running from: C:\Documents and Settings\Shane\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-10 17:34 . 2008-04-10 17:34 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-10 17:33 . 2008-04-10 17:35 <DIR> d-------- C:\Program Files\Panda Security
2008-04-10 14:51 . 2008-04-10 14:52 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-10 12:09 . 2001-08-23 07:00 684,081 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-10 12:08 . 2001-08-23 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-10 12:07 . 2001-08-23 07:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-10 12:06 . 2001-08-23 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-10 12:05 . 2001-08-23 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-10 12:04 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-04-10 12:03 . 2001-05-22 21:15 872,557 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-10 11:50 . 2001-08-23 07:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll
2008-04-10 11:50 . 2001-08-23 07:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-04-10 11:50 . 2001-08-23 07:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-04-10 11:50 . 2001-08-23 07:00 57,344 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll
2008-04-10 11:50 . 2001-08-23 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll
2008-04-10 11:50 . 2001-08-23 07:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-04-10 11:50 . 2001-08-23 07:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe
2008-04-09 23:03 . 2001-08-23 07:00 157,696 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-04-09 23:03 . 2001-08-23 07:00 8,223 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-04-09 22:59 . 2001-08-23 07:00 65,978 --a------ C:\WINDOWS\Soap Bubbles.bmp
2008-04-09 22:59 . 2001-08-23 07:00 65,954 --a------ C:\WINDOWS\Prairie Wind.bmp
2008-04-09 22:59 . 2001-08-23 07:00 65,832 --a------ C:\WINDOWS\Santa Fe Stucco.bmp
2008-04-09 22:59 . 2001-08-23 07:00 26,680 --a------ C:\WINDOWS\River Sumida.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,362 --a------ C:\WINDOWS\Rhododendron.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,336 --a------ C:\WINDOWS\Gone Fishing.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,062 --a------ C:\WINDOWS\Coffee Bean.bmp
2008-04-09 22:59 . 2001-08-23 07:00 16,730 --a------ C:\WINDOWS\FeatherTexture.bmp
2008-04-09 22:59 . 2001-08-23 07:00 9,522 --a------ C:\WINDOWS\Zapotec.bmp
2008-04-09 22:59 . 2001-08-23 07:00 1,272 --a------ C:\WINDOWS\Blue Lace 16.bmp
2008-04-09 22:43 . 2001-08-23 07:00 1,085,913 -ra------ C:\WINDOWS\SET25.tmp
2008-04-09 22:43 . 2001-08-23 07:00 13,608 -ra------ C:\WINDOWS\SET2D.tmp
2008-04-09 22:02 . 2008-04-09 22:02 4 --a------ C:\WINDOWS\system32\90b46dbb
2008-04-09 11:35 . 2008-04-09 11:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-09 10:45 . 2008-04-09 11:21 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Shareaza
2008-04-09 10:45 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-04-09 10:44 . 2008-04-09 10:45 <DIR> d-------- C:\Program Files\Shareaza Applications
2008-04-09 01:38 . 2008-04-09 20:35 414 --ahs---- C:\WINDOWS\system32\ojslycle.ini
2008-04-09 01:29 . 2008-04-09 01:29 3,648 --a------ C:\WINDOWS\system32\nvaccxwn.dll
2008-04-08 18:48 . 2008-04-08 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-08 18:46 . 2008-04-08 20:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 18:46 . 2008-04-08 18:46 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\SUPERAntiSpyware.com
2008-04-08 16:02 . 2008-04-08 16:02 3,648 --a------ C:\WINDOWS\system32\lqurlcui.dll
2008-04-08 15:17 . 2008-04-08 15:17 3,648 --a------ C:\WINDOWS\system32\pxityfwo.dll
2008-04-08 11:27 . 2008-04-08 11:27 3,648 --a------ C:\WINDOWS\system32\gdjorkqi.dll
2008-04-08 11:06 . 2008-04-08 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-07 23:00 . 2008-04-08 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 22:56 . 2008-04-08 23:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 22:52 . 2008-04-07 22:52 <DIR> d-------- C:\Program Files\Avira
2008-04-07 22:52 . 2008-04-07 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-06 01:01 . 2008-04-06 01:01 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-06 01:00 . 2008-04-06 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-06 00:58 . 2008-03-14 00:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-06 00:56 . 2008-03-14 00:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-05 22:58 . 2008-04-05 23:58 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-05 22:52 . 2008-04-05 22:52 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-05 22:05 . 2008-04-05 23:27 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\iolo
2008-04-05 22:05 . 2008-04-05 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-04-05 18:06 . 2008-04-05 18:06 93 --a------ C:\WINDOWS\lexstat.ini
2008-04-05 18:02 . 2008-04-05 19:41 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2008-04-05 18:02 . 2001-08-17 23:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-05 18:02 . 2001-08-17 14:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-05 18:00 . 1997-04-08 21:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-05 17:47 . 2008-04-05 17:47 <DIR> d-------- C:\WUTemp
2008-03-28 20:24 . 2008-04-09 23:17 251,763 --a------ C:\WINDOWS\setupapi.old
2008-03-22 23:25 . 2006-09-22 10:58 5,552,104 --a------ C:\WINDOWS\xdclock.scr
2008-03-22 23:25 . 2008-03-22 23:27 674,138 --a------ C:\WINDOWS\unins000.exe
2008-03-22 23:25 . 2008-03-22 23:27 2,862 --a------ C:\WINDOWS\unins000.dat
2008-03-22 23:19 . 2008-03-22 23:19 501,760 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.scr
2008-03-22 23:19 . 2008-03-22 23:19 501,760 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.exe
2008-03-22 23:19 . 2008-03-22 23:19 42,311 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.mda
2008-03-22 23:19 . 2008-03-22 23:19 958 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.ssp
2008-03-22 23:16 . 2008-03-22 23:17 <DIR> d-------- C:\WINDOWS\system32\FLIQLO dir
2008-03-22 23:16 . 2008-03-22 23:16 532,480 --a------ C:\WINDOWS\system32\FLIQLO.scr
2008-03-22 22:10 . 2008-03-22 22:10 <DIR> d-------- C:\Program Files\ABF software
2008-03-22 22:10 . 2008-03-22 22:10 97 --a------ C:\WINDOWS\CSS.key
2008-03-15 22:55 . 2008-03-15 22:55 <DIR> d-------- C:\Program Files\Gabest
2008-03-13 15:46 . 2007-06-04 18:36 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll
2008-03-13 15:35 . 2008-03-13 15:35 <DIR> d-------- C:\WINDOWS\Motive
2008-03-13 15:34 . 2008-03-13 15:35 <DIR> d-------- C:\Program Files\BellSouth Application Management
2008-03-13 15:34 . 2008-03-13 16:38 <DIR> d-------- C:\Program Files\BellSouth
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Program Files\AT&T
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\AT&T
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-03-13 15:07 . 2008-03-13 15:17 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Motive
2008-03-13 15:04 . 2008-03-13 15:04 <DIR> d-------- C:\Program Files\att-nap
2008-03-13 15:03 . 2008-03-13 15:34 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-03-13 15:00 . 2008-03-13 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:33 --------- d-----w C:\Program Files\Common Files\Real
2008-04-09 16:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-09 16:26 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-08 23:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 04:35 --------- d-----w C:\Documents and Settings\Shane\Application Data\LimeWire
2008-04-06 04:35 --------- d-----w C:\Documents and Settings\Shane\Application Data\iMP3Tunes
2008-03-13 20:36 53,934 ----a-w C:\Program Files\INSTALL.LOG
2008-02-19 21:18 --------- d-----w C:\Program Files\MSN Games
2007-04-10 16:37 1,196,032 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-12-20 19:39 17,536 ----a-w C:\Documents and Settings\Shane\Application Data\GDIPFONTCACHEV1.DAT
2006-11-15 18:52 81,920 ----a-w C:\Documents and Settings\Shane\Application Data\ezpinst.exe
2006-11-15 18:52 47,360 ----a-w C:\Documents and Settings\Shane\Application Data\pcouffin.sys
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-10_16.17.28.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-15 22:49:03 3,224 ----a-w C:\WINDOWS\mozver.dat
+ 2008-04-10 22:33:28 4,574 ----a-w C:\WINDOWS\mozver.dat
- 2008-04-10 21:08:55 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-11 20:38:34 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-10 19:45:47 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-10 21:14:23 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-10 19:45:47 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-10 21:14:23 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC39052B-A46D-464A-B131-0B9487D26429}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-06 01:01 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-06 01:01 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-06 01:01 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 12:01 1368064]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 11:35 249896]
"ZoneAlarm Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 11:25 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fyiqkdrn]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqoll]
ssqqoll.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90b47f35]
C:\WINDOWS\System32\vmsxyysv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93874ca9]
C:\WINDOWS\System32\dpmgnmux.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 11:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-11-09 01:47 356352 C:\Program Files\Wireless Desktop\MOUSE32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-09 11:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xbnojle.dll]
--a------ 2001-08-23 07:00 31744 C:\WINDOWS\System32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"ERSvc"=2 (0x2)
"Alerter"=3 (0x3)

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 15:56]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 12:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 12:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-01-11 12:05]
S3 xlink;XLink Driver (xlink.sys);C:\WINDOWS\System32\Drivers\xlink.sys [2002-11-13 05:54]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 03:29:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 15:38:56
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-04-11 15:43:04
ComboFix-quarantined-files.txt 2008-04-11 20:41:45
ComboFix2.txt 2008-04-10 21:18:49
Pre-Run: 14,877,814,784 bytes free
Post-Run: 14,870,126,592 bytes free

thenotsothinman 0 Newbie Poster · Answer 3 · 2008-04-13T09:09:23+00:00

Not sure how but explorer is working fine now. I tried the active scan 2.0 on the panda site i saw or a different thread. It only deleted one file, maybe that fixed it. Thanks anyway.

thenotsothinman 0 Newbie Poster · Answer 4 · 2008-04-13T09:50:21+00:00

Not sure how I should post the results but here is C:\WINDOWS\system32\lqurlcui.dll results from Jotti's

Scanner results

Scan taken on 13 Apr 2008 03:41:34 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

thenotsothinman 0 Newbie Poster · Answer 5 · 2008-04-13T09:57:30+00:00

Here is C:\WINDOWS\system32\pxityfwo.dll results

Scanner results

Scan taken on 13 Apr 2008 03:51:48 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Here is C:\WINDOWS\system32\gdjorkqi.dll results

Scanner results

Scan taken on 13 Apr 2008 03:55:25 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

thenotsothinman 0 Newbie Poster · Answer 6 · 2008-04-13T10:04:03+00:00

Here is a new HijackThis Log with v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:51 PM, on 4/12/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\onestep.exe
D:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {BC39052B-A46D-464A-B131-0B9487D26429} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Del41] cmd /c del C:\WINDOWS\Installer\MSI289.tmp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fyiqkdrn - C:\WINDOWS\
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 5273 bytes

thenotsothinman 0 Newbie Poster · Answer 7 · 2008-04-13T22:38:47+00:00

I have never been able to install window updates for iexplorer or media player or anything. A friend installed XP on my PC for me and it won't update. I think I did everything else you ask though. Here is my new hijk log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:56 AM, on 4/13/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [xbnojle.dll] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\xbnojle.dll,qdueyec
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Wireless Desktop\MOUSE32A.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM93874ca9] Rundll32.exe "C:\WINDOWS\System32\dpmgnmux.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [90b47f35] rundll32.exe "C:\WINDOWS\System32\vmsxyysv.dll",b
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 5640 bytes

thenotsothinman 0 Newbie Poster · Answer 8 · 2008-04-13T22:40:34+00:00

Here is my combofix log.

ComboFix 08-04-09.9 - Shane 2008-04-13 11:17:41.4 - NTFSx86 MINIMAL
Running from: D:\Documents and Settings\Shane Judkins\My Documents\PCcleanertools\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\gdjorkqi.dll
C:\WINDOWS\system32\lqurlcui.dll
C:\WINDOWS\system32\pxityfwo.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-12 23:00 . 2008-04-12 23:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 20:24 . 2008-04-12 20:24 <DIR> d-------- C:\Program Files\OneStepSearch
2008-04-12 19:08 . 2008-04-12 19:08 <DIR> d-------- C:\Program Files\Google
2008-04-11 17:55 . 2008-04-11 17:55 <DIR> d-------- C:\CreativesFiles
2008-04-10 17:33 . 2008-04-10 17:35 <DIR> d-------- C:\Program Files\Panda Security
2008-04-10 14:51 . 2008-04-10 14:52 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-10 12:09 . 2001-08-23 07:00 684,081 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-10 12:08 . 2001-08-23 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-10 12:07 . 2001-08-23 07:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-10 12:06 . 2001-08-23 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-10 12:05 . 2001-08-23 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-10 12:04 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-04-10 12:03 . 2001-05-22 21:15 872,557 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-10 11:50 . 2001-08-23 07:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll
2008-04-10 11:50 . 2001-08-23 07:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-04-10 11:50 . 2001-08-23 07:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-04-10 11:50 . 2001-08-23 07:00 57,344 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll
2008-04-10 11:50 . 2001-08-23 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll
2008-04-10 11:50 . 2001-08-23 07:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-04-10 11:50 . 2001-08-23 07:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe
2008-04-09 23:03 . 2001-08-23 07:00 157,696 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-04-09 23:03 . 2001-08-23 07:00 8,223 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-04-09 22:59 . 2001-08-23 07:00 65,978 --a------ C:\WINDOWS\Soap Bubbles.bmp
2008-04-09 22:59 . 2001-08-23 07:00 65,954 --a------ C:\WINDOWS\Prairie Wind.bmp
2008-04-09 22:59 . 2001-08-23 07:00 65,832 --a------ C:\WINDOWS\Santa Fe Stucco.bmp
2008-04-09 22:59 . 2001-08-23 07:00 26,680 --a------ C:\WINDOWS\River Sumida.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,362 --a------ C:\WINDOWS\Rhododendron.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,336 --a------ C:\WINDOWS\Gone Fishing.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,062 --a------ C:\WINDOWS\Coffee Bean.bmp
2008-04-09 22:59 . 2001-08-23 07:00 16,730 --a------ C:\WINDOWS\FeatherTexture.bmp
2008-04-09 22:59 . 2001-08-23 07:00 9,522 --a------ C:\WINDOWS\Zapotec.bmp
2008-04-09 22:59 . 2001-08-23 07:00 1,272 --a------ C:\WINDOWS\Blue Lace 16.bmp
2008-04-09 22:43 . 2001-08-23 07:00 1,085,913 -ra------ C:\WINDOWS\SET25.tmp
2008-04-09 22:43 . 2001-08-23 07:00 13,608 -ra------ C:\WINDOWS\SET2D.tmp
2008-04-09 22:02 . 2008-04-09 22:02 4 --a------ C:\WINDOWS\system32\90b46dbb
2008-04-09 11:35 . 2008-04-09 11:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-09 10:45 . 2008-04-11 17:55 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Shareaza
2008-04-09 10:45 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-04-09 10:44 . 2008-04-09 10:45 <DIR> d-------- C:\Program Files\Shareaza Applications
2008-04-09 01:38 . 2008-04-09 20:35 414 --ahs---- C:\WINDOWS\system32\ojslycle.ini
2008-04-09 01:29 . 2008-04-09 01:29 3,648 --a------ C:\WINDOWS\system32\nvaccxwn.dll
2008-04-08 18:48 . 2008-04-08 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-08 18:46 . 2008-04-08 20:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 18:46 . 2008-04-08 18:46 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\SUPERAntiSpyware.com
2008-04-08 11:06 . 2008-04-08 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-07 23:00 . 2008-04-08 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 22:56 . 2008-04-08 23:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 22:52 . 2008-04-07 22:52 <DIR> d-------- C:\Program Files\Avira
2008-04-07 22:52 . 2008-04-07 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-06 01:01 . 2008-04-06 01:01 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-06 01:00 . 2008-04-06 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-06 00:58 . 2008-03-14 00:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-06 00:56 . 2008-03-14 00:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-05 22:58 . 2008-04-05 23:58 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-05 22:52 . 2008-04-05 22:52 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-05 22:05 . 2008-04-05 23:27 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\iolo
2008-04-05 22:05 . 2008-04-05 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-04-05 18:06 . 2008-04-05 18:06 93 --a------ C:\WINDOWS\lexstat.ini
2008-04-05 18:02 . 2008-04-05 19:41 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2008-04-05 18:02 . 2001-08-17 23:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-05 18:02 . 2001-08-17 14:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-05 18:00 . 1997-04-08 21:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-05 17:47 . 2008-04-05 17:47 <DIR> d-------- C:\WUTemp
2008-03-28 20:24 . 2008-04-09 23:17 251,763 --a------ C:\WINDOWS\setupapi.old
2008-03-22 23:25 . 2006-09-22 10:58 5,552,104 --a------ C:\WINDOWS\xdclock.scr
2008-03-22 23:25 . 2008-03-22 23:27 674,138 --a------ C:\WINDOWS\unins000.exe
2008-03-22 23:25 . 2008-03-22 23:27 2,862 --a------ C:\WINDOWS\unins000.dat
2008-03-22 23:19 . 2008-03-22 23:19 501,760 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.scr
2008-03-22 23:19 . 2008-03-22 23:19 501,760 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.exe
2008-03-22 23:19 . 2008-03-22 23:19 42,311 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.mda
2008-03-22 23:19 . 2008-03-22 23:19 958 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.ssp
2008-03-22 23:16 . 2008-03-22 23:17 <DIR> d-------- C:\WINDOWS\system32\FLIQLO dir
2008-03-22 23:16 . 2008-03-22 23:16 532,480 --a------ C:\WINDOWS\system32\FLIQLO.scr
2008-03-22 22:10 . 2008-03-22 22:10 <DIR> d-------- C:\Program Files\ABF software
2008-03-22 22:10 . 2008-03-22 22:10 97 --a------ C:\WINDOWS\CSS.key
2008-03-15 22:55 . 2008-03-15 22:55 <DIR> d-------- C:\Program Files\Gabest
2008-03-13 15:46 . 2007-06-04 18:36 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll
2008-03-13 15:35 . 2008-03-13 15:35 <DIR> d-------- C:\WINDOWS\Motive
2008-03-13 15:34 . 2008-03-13 15:35 <DIR> d-------- C:\Program Files\BellSouth Application Management
2008-03-13 15:34 . 2008-03-13 16:38 <DIR> d-------- C:\Program Files\BellSouth
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Program Files\AT&T
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\AT&T
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-03-13 15:07 . 2008-03-13 15:17 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Motive
2008-03-13 15:04 . 2008-03-13 15:04 <DIR> d-------- C:\Program Files\att-nap
2008-03-13 15:03 . 2008-03-13 15:34 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-03-13 15:00 . 2008-03-13 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 02:16 2,115,328 ----a-w C:\WINDOWS\system32\kernel1.exe
2008-04-09 16:33 --------- d-----w C:\Program Files\Common Files\Real
2008-04-09 16:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-09 16:26 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-08 23:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 04:35 --------- d-----w C:\Documents and Settings\Shane\Application Data\LimeWire
2008-04-06 04:35 --------- d-----w C:\Documents and Settings\Shane\Application Data\iMP3Tunes
2008-03-13 20:36 53,934 ----a-w C:\Program Files\INSTALL.LOG
2008-02-19 21:18 --------- d-----w C:\Program Files\MSN Games
2007-04-10 16:37 1,196,032 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-12-20 19:39 17,536 ----a-w C:\Documents and Settings\Shane\Application Data\GDIPFONTCACHEV1.DAT
2006-11-15 18:52 81,920 ----a-w C:\Documents and Settings\Shane\Application Data\ezpinst.exe
2006-11-15 18:52 47,360 ----a-w C:\Documents and Settings\Shane\Application Data\pcouffin.sys
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-10_16.17.28.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 00:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2007-12-15 22:49:03 3,224 ----a-w C:\WINDOWS\mozver.dat
+ 2008-04-10 22:33:28 4,574 ----a-w C:\WINDOWS\mozver.dat
- 2008-04-10 21:08:55 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-13 16:20:12 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-10 21:09:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-11 21:40:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-10 21:09:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-11 21:40:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-10 21:09:13 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-11 21:40:10 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-04-12 15:58:52 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-04-10 19:45:47 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-10 21:14:23 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-10 19:45:47 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-10 21:14:23 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-06 01:01 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-06 01:01 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-06 01:01 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2001-08-23 07:00 145408]