-
Hi,
Here it is.
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 06:20 on 19/09/2009 by John (Administrator - Elevation successful)
========== filefind ==========
Searching for "svchost.exe"
C:\i386\SVCHOST.EXE --a--c 14336 bytes [19:22 15/12/2004] [11:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [14:24 30/07/2009] [11:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [00:12 14/04/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\SYSTEM32\svchost.exe --a--- 0 bytes [11:00 04/08/2004] [00:12 14/04/2008] D41D8CD98F00B204E9800998ECF8427E
-=End Of File=-
-
Hi,
Open notepad and copy/paste the text in the quotebox below into it:
Code:
FCopy::
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe | c:\windows\system32\svchost.exe
Reboot::
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt log.
-
No drag & Drop function
Is there another alternative? My Computer will not allow me to drag & Drop or paste files.
-
Please have correct CFScript.txt file created on your desktop.
When done, open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
"%userprofile%\desktop\ComboFix.exe" "%userprofile%\desktop\CFScript.txt"
Double-click on fixes.bat file to execute it.
-
Hi,
Here are the log files.
ComboFix 09-09-17.04 - John 09/20/2009 4:20.3.1 - NTFSx86
Running from: c:\documents and settings\John.HOME\desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John.HOME\desktop\CFScript.txt
.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.
2009-09-15 18:24 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 18:24 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 18:24 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 18:24 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-15 18:23 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 18:23 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 18:23 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 18:23 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 18:23 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 18:23 . 2009-09-15 18:23 -------- d-----w- c:\program files\Alwil Software
2009-09-15 08:11 . 2009-09-15 08:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 06:08 . 2009-09-15 06:08 -------- d-----w- c:\documents and settings\John.HOME\Local Settings\Application Data\COMODO
2009-09-15 05:00 . 2009-09-15 06:58 -------- d-----w- c:\program files\COMODO
2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\program files\Trend Micro
2009-09-13 13:06 . 2009-09-13 13:06 1119618 -c--a-w- C:\OneCareSupportData.zip
2009-09-09 21:48 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-04 04:45 . 2009-09-04 04:45 -------- dc----w- c:\documents and settings\Office\Local Settings\Application Data\Xara
2009-09-04 04:41 . 2007-04-27 14:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-09-04 04:39 . 2009-09-04 04:46 -------- d-----w- c:\windows\system32\MAGIX
2009-09-04 04:39 . 2008-04-15 20:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2009-09-04 03:37 . 2009-09-04 03:37 -------- d-----w- c:\program files\3ivx
2009-09-04 03:37 . 2009-09-04 03:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Flip Video
2009-09-04 03:37 . 2009-09-04 03:37 -------- d-----w- c:\program files\Flip Video
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 09:25 . 2009-07-26 08:22 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-16 00:03 . 2005-04-18 19:51 17920 -csha-w- c:\program files\Thumbs.db
2009-09-15 08:20 . 2004-12-24 06:43 1364 ----a-w- c:\program files\CorelApp.ini
2009-09-15 08:19 . 2004-12-24 06:43 2481 ----a-w- c:\program files\photohse.ini
2009-09-15 08:19 . 2004-12-24 06:43 338 ----a-w- c:\program files\country.ini
2009-09-15 08:19 . 2004-12-23 13:25 -------- d-----w- c:\program files\Custom
2009-09-15 05:32 . 2009-07-11 11:44 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-09-13 13:45 . 2005-06-15 04:35 109968 -c--a-w- c:\documents and settings\John.HOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 22:00 . 2009-08-09 20:07 109968 -c--a-w- c:\documents and settings\Jessy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 10:58 . 2009-08-06 08:07 -------- dc----w- c:\documents and settings\Office\Application Data\uTorrent
2009-09-09 11:21 . 2004-12-24 06:42 3292 -c--a-w- c:\program files\printhse.ini
2009-09-09 11:18 . 2009-07-17 23:56 269 -c--a-w- c:\documents and settings\Office\Application Data\ftpfile.dat
2009-09-09 06:23 . 2009-07-06 21:26 -------- dc----w- c:\documents and settings\All Users\Application Data\Motive
2009-09-05 18:22 . 2006-08-06 10:50 109968 -c--a-w- c:\documents and settings\Angie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 09:34 . 2005-01-26 13:32 171 ----a-w- c:\program files\Color.ini
2009-09-04 05:32 . 2009-03-07 21:05 109968 -c--a-w- c:\documents and settings\Office\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 04:46 . 2009-09-04 04:43 -------- dc----w- c:\documents and settings\All Users\Application Data\MAGIX
2009-09-04 04:45 . 2009-09-04 04:43 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-09-04 04:43 . 2009-09-04 04:43 -------- d-----w- c:\program files\Common Files\xara
2009-08-31 18:17 . 2009-06-06 04:44 -------- d-----w- c:\documents and settings\Angie\Application Data\gtk-2.0
2009-08-23 11:55 . 2009-07-16 14:43 -------- d-----w- c:\program files\CoffeeCup Software
2009-08-21 18:12 . 2009-07-12 20:06 -------- d-----w- c:\documents and settings\Angie\Application Data\dvdcss
2009-08-20 02:47 . 2009-08-20 02:47 -------- d-----w- c:\documents and settings\Angie\Application Data\uTorrent
2009-08-11 22:33 . 2009-08-11 22:33 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-08-11 02:59 . 2009-07-09 09:31 -------- d-----w- c:\program files\Veoh Networks
2009-08-08 04:15 . 2005-04-01 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-07 07:05 . 2009-08-07 07:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-06 23:50 . 2009-08-01 22:40 -------- d-----w- c:\program files\NCH Software
2009-08-06 23:47 . 2009-08-01 22:40 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-06 23:46 . 2009-08-06 23:46 -------- dc----w- c:\documents and settings\Office\Application Data\NCH Swift Sound
2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 05:04 . 2009-04-29 02:04 -------- dc----w- c:\documents and settings\Office\Application Data\gtk-2.0
2009-08-02 12:09 . 2009-08-02 12:09 -------- d-----w- c:\program files\MSBuild
2009-08-02 12:09 . 2009-08-02 12:09 -------- d-----w- c:\program files\Reference Assemblies
2009-08-01 22:42 . 2009-08-01 22:42 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-08-01 22:41 . 2009-08-01 22:40 -------- d-----w- c:\documents and settings\Angie\Application Data\NCH Swift Sound
2009-08-01 17:19 . 2009-08-01 17:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking
2009-07-26 09:43 . 2006-05-24 01:32 -------- d-----w- c:\program files\Yahoo!
2009-07-26 09:24 . 2004-12-12 06:39 -------- d-----w- c:\program files\Java
2009-07-26 09:19 . 2005-01-13 23:11 -------- d-----w- c:\program files\DivX
2009-07-26 06:10 . 2009-07-09 08:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-25 20:27 . 2009-07-25 08:36 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-24 05:31 . 2006-11-05 03:04 -------- d-----w- c:\documents and settings\Angie\Application Data\LimeWire
2009-07-17 19:01 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 12:04 . 2009-07-17 12:04 335 ----a-w- c:\windows\mozregistry.dat
2009-07-13 15:08 . 2004-08-04 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 03:47 . 2005-05-02 16:09 100261 -c-ha-w- c:\program files\photohse.GID
2009-05-14 21:54 . 2006-03-02 16:25 69477 -c-ha-w- c:\program files\aim95.GID
2009-03-05 09:35 . 2007-03-13 00:45 8444 -c--a-w- c:\program files\Xpcs Registry.dat
2009-02-09 23:57 . 2003-12-10 05:39 178 -c--a-w- c:\program files\log.txt
2008-10-30 17:39 . 2004-12-24 06:43 2449 -c--a-w- c:\program files\corelprn.ini
2006-01-02 05:57 . 2006-01-02 05:56 2788656 ----a-w- c:\program files\LimeWireWin-full.exe
2006-01-02 05:30 . 2006-01-02 05:28 359112 ----a-w- c:\program files\LimeWireWin.exe
2005-05-26 13:32 . 2005-04-06 14:51 38435 -c--a-w- c:\program files\licens32.txt
2005-05-21 02:00 . 2005-05-21 01:58 148564 -c-ha-w- c:\program files\Printhse.GID
2005-04-08 13:07 . 2005-04-06 14:51 611 ----a-w- c:\program files\Uninstall AOL Instant Messenger.lnk
2004-12-24 06:44 . 2004-12-24 06:42 713 -c----w- c:\program files\BOX.REG
2004-12-24 06:44 . 2004-12-24 06:43 2860 -c----w- c:\program files\PHOTOHSE.REG
2004-12-24 06:44 . 2004-12-24 06:42 832 -c----w- c:\program files\PRINTHSE.REG
2004-08-27 23:29 . 2005-04-06 14:51 1935 -c--a-w- c:\program files\icbmftvc.lst
2004-03-12 21:02 . 2005-04-06 14:51 116900 ----a-w- c:\program files\uninstll.exe
2004-03-12 21:02 . 2005-04-06 14:51 1466368 ----a-w- c:\program files\AimRes.dll
2004-03-12 20:22 . 2005-04-06 14:51 61440 ----a-w- c:\program files\aim.exe
2004-03-12 20:22 . 2005-04-06 14:51 131072 ----a-w- c:\program files\ateima32.dll
2004-03-12 20:21 . 2005-04-06 14:51 61440 -c--a-w- c:\program files\AlertUI.ocm
2004-03-12 20:21 . 2005-04-06 14:51 25088 -c--a-w- c:\program files\browse.ocm
2004-03-12 20:21 . 2005-04-06 14:51 208896 -c--a-w- c:\program files\buddyui.ocm
2004-03-12 20:21 . 2005-04-06 14:51 225280 ----a-w- c:\program files\AimSecondarySvcs.dll
2004-03-12 20:21 . 2005-04-06 14:51 6144 -c--a-w- c:\program files\stats.ocm
2004-03-12 20:21 . 2005-04-06 14:51 98304 -c--a-w- c:\program files\ChatUI.ocm
2004-03-12 20:20 . 2005-04-06 14:51 192512 ----a-w- c:\program files\AimCoreSvcs.dll
2004-03-12 20:20 . 2005-04-06 14:51 237568 -c--a-w- c:\program files\icbmui.ocm
2004-03-12 20:20 . 2005-04-06 14:51 49152 ----a-w- c:\program files\chksign.dll
2004-03-12 20:20 . 2005-04-06 14:51 94208 -c--a-w- c:\program files\ticker.ocm
2004-03-12 20:19 . 2005-04-06 14:51 98304 ----a-w- c:\program files\aimapi.dll
2004-03-12 20:19 . 2005-04-06 14:51 15872 -c--a-w- c:\program files\Admin.ocm
2004-03-12 20:19 . 2005-04-06 14:51 135168 -c--a-w- c:\program files\locateui.ocm
2004-03-12 20:19 . 2005-04-06 14:51 184320 -c--a-w- c:\program files\miscui.ocm
2004-03-12 20:19 . 2005-04-06 14:51 14848 -c--a-w- c:\program files\NTP.ocm
2004-03-12 20:18 . 2005-04-06 14:51 59904 -c--a-w- c:\program files\OscMail.ocm
2004-03-12 20:18 . 2005-04-06 14:51 19456 ----a-w- c:\program files\aimtalk.dll
2004-03-12 20:18 . 2005-04-06 14:51 69632 -c--a-w- c:\program files\osclogin.ocm
2004-03-12 20:18 . 2005-04-06 14:51 9216 -c--a-w- c:\program files\oscmain.ocm
2004-03-12 20:18 . 2005-04-06 14:51 53248 -c--a-w- c:\program files\startup.ocm
2004-03-12 20:18 . 2005-04-06 14:51 147456 ----a-w- c:\program files\aimauto.exe
2004-03-12 20:17 . 2005-04-06 14:51 81920 -c--a-w- c:\program files\OscSrch.ocm
2004-03-12 20:17 . 2005-04-06 14:51 2048 ----a-w- c:\program files\ShareFile.exe
2004-03-12 20:17 . 2005-04-06 14:51 2048 ----a-w- c:\program files\SendFile.exe
2004-03-12 20:17 . 2005-04-06 14:51 13824 -c--a-w- c:\program files\osconfig.ocm
2004-03-12 20:17 . 2005-04-06 14:51 39424 -c--a-w- c:\program files\rvapps.ocm
2004-03-12 20:17 . 2005-04-06 14:51 13312 -c--a-w- c:\program files\popup.ocm
2004-03-12 20:17 . 2005-04-06 14:51 69632 ----a-w- c:\program files\Patcher.dll
2002-08-01 00:55 . 2009-07-16 14:44 106 --sh--w- c:\windows\WSYS049.SYS
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2009-09-19_09.55.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 09:10 . 2009-09-20 09:10 16384 c:\windows\Temp\Perflib_Perfdata_554.dat
- 2009-09-19 09:42 . 2009-09-19 09:42 16384 c:\windows\Temp\Perflib_Perfdata_554.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HughesNetTools_McciTrayApp"="c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe" [2007-11-20 1454592]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 0]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;g:\programs\Common\Database\bin\fbserver.exe [x]
R3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2006-01-07 7548]
R3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;c:\windows\system32\DRIVERS\SDVPlus.sys [2001-05-15 42102]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 FlipShare Service;FlipShare Service;c:\program files\Flip Video\FlipShare\FlipShareService.exe [2009-06-04 451904]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-07-09 26104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-09-13 c:\windows\Tasks\User_Feed_Synchronization-{BABCC35D-64AE-4BD7-9952-16FE21501C3D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files\Juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\Juno\qsacc\appres.dll/227"
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: musicmatch.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
FF - ProfilePath - c:\documents and settings\John.HOME\Application Data\Mozilla\Firefox\Profiles\y9u7efrj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 04:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-934335678-3210570196-125882890-1018\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7b,1e,4b,ac,24,
e1,ec,1c,2e,e8,e1,00,eb,16,2b,de,db,e8,ba,44,63,bf,ce,72,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,9d,66,59,76,69,
bf,ac,5a,46,47,15,b0,92,4b,c7,ef,3f,f1,c8,66,f8,84,06,49,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,00,50,1b,1c,cf,
c4,a6,06,7a,45,05,fd,91,e8,6f,31,04,54,e4,0d,6b,27,29,df,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,58,bf,f5,07,cb,
52,00,4f,6b,65,49,6a,7e,99,74,f7,f9,cf,61,ea,f1,72,cb,fa,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,67,d6,88,b8,9d,
38,aa,7f,e9,02,6c,fa,fb,1d,47,57,4d,0d,2a,85,62,38,64,f9,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,00,82,de,ec,3f,
0a,cc,fb,50,93,e5,ab,ec,6a,4e,ab,e0,97,50,c9,64,28,64,ba,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,07,78,44,eb,71,
24,be,e1,97,20,4e,9a,c7,f1,35,ee,d0,b1,34,3f,28,c4,69,07,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,6a,f2,d9,dc,ab,
e5,28,4c,aa,52,c6,00,84,3c,26,64,c8,aa,47,9e,c1,4e,91,48,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,c2,24,5b,7d,92,
55,c3,dc,b2,46,9a,e2,1b,fe,1b,94,9a,f1,00,87,60,47,17,41,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,d3,c1,88,36,87,
d6,a5,23,37,a4,aa,c3,a6,15,56,0a,f4,f2,95,01,81,b9,ce,71,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,eb,85,49,eb,1e,
f2,7b,fd,f8,31,0f,a9,5f,a0,ec,fb,d4,5a,c5,ee,5f,3a,cc,ee,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,cf,43,f6,74,c5,
5a,7d,8f,05,73,21,dd,54,d8,4a,c5,21,8e,7a,9a,25,96,11,4f,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\LameACM.acm
c:\windows\system32\IEFRAME.dll
c:\windows\system32\MI-SC4.acm
c:\windows\system32\DivXa32.acm
- - - - - - - > 'explorer.exe'(192)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-09-20 4:33
ComboFix-quarantined-files.txt 2009-09-20 09:33
ComboFix2.txt 2009-09-19 10:37
ComboFix3.txt 2009-09-19 10:02
Pre-Run: 23,689,674,752 bytes free
Post-Run: 23,683,223,552 bytes free
322 --- E O F --- 2009-09-10 08:45
DDS (Ver_09-07-30.01) - NTFSx86
Run by John at 5:09:02.81 on Sun 09/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero\SearchEnh.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - No File
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A1C18A7B-55E9-4DA3-A880-D112C791A9D8} - No File
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
mRun: [HughesNetTools_McciTrayApp] c:\program files\hughesnettools\1\McciTrayApp_SSR.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: Display All Images with Full Quality - "c:\program files\juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\juno\qsacc\appres.dll/227"
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: musicmatch.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244587224828
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\john~1.hom\applic~1\mozilla\firefox\profiles\y9u7efrj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-09-19 04:18 <DIR> acdshr-- C:\cmdcons
2009-09-18 07:13 229,888 a------- c:\windows\PEV.exe
2009-09-18 07:13 161,792 a------- c:\windows\SWREG.exe
2009-09-18 07:13 98,816 a------- c:\windows\sed.exe
2009-09-15 03:11 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 00:00 <DIR> --d----- c:\program files\COMODO
2009-09-13 19:33 <DIR> --d----- c:\program files\Trend Micro
2009-09-13 08:06 1,119,618 ac------ C:\OneCareSupportData.zip
2009-09-09 16:48 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-03 23:43 <DIR> --d----- c:\program files\common files\xara
2009-09-03 23:43 <DIR> --d----- c:\program files\common files\MAGIX Shared
2009-09-03 23:43 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\MAGIX
2009-09-03 23:41 120,200 a------- c:\windows\system32\DLLDEV32i.dll
2009-09-03 23:39 700,416 a------- c:\windows\system32\mgxoschk.dll
2009-09-03 23:39 6,211 a------- c:\windows\mgxoschk.ini
2009-09-03 23:39 <DIR> --d----- c:\windows\system32\MAGIX
2009-09-03 22:37 <DIR> --d----- c:\program files\3ivx
2009-09-03 22:37 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Flip Video
2009-09-03 22:37 <DIR> --d----- c:\program files\Flip Video
2009-08-28 16:33 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-28 16:33 1,409 a------- c:\windows\QTFont.for
==================== Find3M ====================
2009-09-15 19:03 17,920 ac-sh--- c:\program files\Thumbs.db
2009-09-15 03:20 1,364 a------- c:\program files\CorelApp.ini
2009-09-15 03:19 2,481 a------- c:\program files\photohse.ini
2009-09-15 03:19 338 a------- c:\program files\country.ini
2009-09-15 00:32 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-09-09 06:21 3,292 ac------ c:\program files\printhse.ini
2009-09-05 04:34 171 a------- c:\program files\Color.ini
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 09:44 77,939 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 12:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 03:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 03:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 03:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 03:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 03:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 03:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 06:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 22:47 100,261 ac--h--- c:\program files\photohse.GID
2009-05-29 02:54 494,867 ac------ c:\docume~1\alluse~1\applic~1\phn.dat
2009-05-14 16:54 69,477 ac--h--- c:\program files\aim95.GID
2009-03-05 04:35 8,444 ac------ c:\program files\Xpcs Registry.dat
2009-02-09 18:57 178 ac------ c:\program files\log.txt
2008-10-30 12:39 2,449 ac------ c:\program files\corelprn.ini
2006-11-14 12:29 416,304 ac------ c:\windows\inf\programs\mpg4c32.dll
2006-01-02 00:57 2,788,656 a------- c:\program files\LimeWireWin-full.exe
2006-01-02 00:30 359,112 a------- c:\program files\LimeWireWin.exe
2005-05-26 08:32 38,435 ac------ c:\program files\licens32.txt
2005-05-20 21:00 148,564 ac--h--- c:\program files\Printhse.GID
2005-04-26 19:34 294,912 ac------ c:\windows\inf\programs\PcleCaptureDC10.dll
2005-04-13 16:37 352,256 ac------ c:\windows\inf\programs\PcleCaptureMarvin.dll
2005-04-08 12:40 376,832 ac------ c:\windows\inf\programs\PcleCaptureGenericYUV.dll
2005-04-08 08:07 611 a------- c:\program files\Uninstall AOL Instant Messenger.lnk
2005-04-01 18:57 106,496 ac------ c:\windows\inf\programs\PCLEMediaManager.dll
2005-04-01 16:48 344,064 ac------ c:\windows\inf\programs\PcleCaptureDV.dll
2005-03-29 21:13 90,112 ac------ c:\windows\inf\programs\ACnvrtX.dll
2005-02-24 00:11 315,392 ac------ c:\windows\inf\programs\PcleCaptureCirrus2.dll
2005-01-31 22:58 98,304 ac------ c:\windows\inf\programs\pcleSplice.dll
2005-01-31 22:49 512,000 ac------ c:\windows\inf\programs\mpegencoderlib.dll
2005-01-28 17:31 352,256 ac------ c:\windows\inf\programs\PcleCapturePCTV.dll
2005-01-28 17:31 102,400 ac------ c:\windows\inf\programs\PcleCapture2.dll
2005-01-21 22:15 323,584 ac------ c:\windows\inf\programs\PcleCaptureZoran.dll
2005-01-21 22:15 307,200 ac------ c:\windows\inf\programs\PcleCapturePython.dll
2005-01-21 22:15 352,256 ac------ c:\windows\inf\programs\PcleCaptureProteus.dll
2005-01-21 22:14 286,720 ac------ c:\windows\inf\programs\PcleCaptureMicroMV.dll
2005-01-21 22:14 335,872 ac------ c:\windows\inf\programs\PcleCaptureEmuzed.dll
2005-01-21 22:14 319,488 ac------ c:\windows\inf\programs\PcleCaptureDvxcel.dll
2005-01-21 22:13 376,832 ac------ c:\windows\inf\programs\PcleCaptureAvDv2.dll
2005-01-21 22:12 364,544 ac------ c:\windows\inf\programs\PcleCaptureAmoeba.dll
2005-01-12 09:42 577,536 ac------ c:\windows\inf\programs\AudioCodec.dll
2005-01-12 09:42 495,616 ac------ c:\windows\inf\programs\4code.dll
2005-01-12 09:42 294,912 ac------ c:\windows\inf\programs\4codeDecoder.dll
2005-01-12 09:42 262,144 ac------ c:\windows\inf\programs\dllzAAC.dll
2005-01-12 09:42 57,344 ac------ c:\windows\inf\programs\StreamIO.dll
2005-01-05 06:09 188,416 ac------ c:\windows\inf\programs\mpegdecoder2.dll
2004-12-24 01:44 713 -c------ c:\program files\BOX.REG
2004-12-24 01:44 2,860 -c------ c:\program files\PHOTOHSE.REG
2004-12-24 01:44 832 -c------ c:\program files\PRINTHSE.REG
2004-11-22 21:02 30,208 ac------ c:\windows\inf\programs\pcleUtil.dll
2004-11-03 21:22 86,016 ac------ c:\windows\inf\programs\CSCSaFX.dll
2004-09-20 16:39 262,144 ac------ c:\windows\inf\programs\lame_enc.dll
2004-08-27 18:29 1,935 ac------ c:\program files\icbmftvc.lst
2004-08-09 06:03 73,728 ac------ c:\windows\inf\programs\pcleDVcd.dll
2004-08-06 02:23 110,592 ac------ c:\windows\inf\programs\pcleDVdc.dll
2004-03-12 16:02 116,900 a------- c:\program files\uninstll.exe
2004-03-12 16:02 1,466,368 a------- c:\program files\AimRes.dll
2004-03-12 15:22 61,440 a------- c:\program files\aim.exe
2004-03-12 15:22 131,072 a------- c:\program files\ateima32.dll
2004-03-12 15:21 61,440 ac------ c:\program files\AlertUI.ocm
2004-03-12 15:21 25,088 ac------ c:\program files\browse.ocm
2004-03-12 15:21 208,896 ac------ c:\program files\buddyui.ocm
2004-03-12 15:21 225,280 a------- c:\program files\AimSecondarySvcs.dll
2004-03-12 15:21 98,304 ac------ c:\program files\ChatUI.ocm
2004-03-12 15:21:02 AC------ 6,144 c:\program files\stats.ocm
2002-07-31 19:55 106 ---sh--- c:\windows\WSYS049.SYS
============= FINISH: 5:09:27.25 ===============
-
Hi,
Do steps in post #10 again (don't have to re-download the tool if you still have it on your desktop).
-
ÿþS y s t e m L o o k v 1 . 0 b y j p s h o r t s t u f f ( 2 9 . 0 8 . 0 9 )
L o g c r e a t e d a t 1 1 : 2 2 o n 2 0 / 0 9 / 2 0 0 9 b y J o h n ( A d m i n i s t r a t o r - E l e v a t i o n s u c c e s s f u l )
= = = = = = = = = = f i l e f i n d = = = = = = = = = =
S e a r c h i n g f o r " s v c h o s t . e x e "
C : \ i 3 8 6 \ S V C H O S T . E X E - - a - - c 1 4 3 3 6 b y t e s [ 1 9 : 2 2 1 5 / 1 2 / 2 0 0 4 ] [ 1 1 : 0 0 0 4 / 0 8 / 2 0 0 4 ] 8 F 0 7 8 A E 4 E D 1 8 7 A A A B C 0 A 3 0 5 1 4 6 D E 6 7 1 6
C : \ W I N D O W S \ $ N t S e r v i c e P a c k U n i n s t a l l $ \ s v c h o s t . e x e - - - - - c 1 4 3 3 6 b y t e s [ 1 4 : 2 4 3 0 / 0 7 / 2 0 0 9 ] [ 1 1 : 0 0 0 4 / 0 8 / 2 0 0 4 ] 8 F 0 7 8 A E 4 E D 1 8 7 A A A B C 0 A 3 0 5 1 4 6 D E 6 7 1 6
C : \ W I N D O W S \ S e r v i c e P a c k F i l e s \ i 3 8 6 \ s v c h o s t . e x e - - - - - - 1 4 3 3 6 b y t e s [ 0 0 : 1 2 1 4 / 0 4 / 2 0 0 8 ] [ 0 0 : 1 2 1 4 / 0 4 / 2 0 0 8 ] 2 7 C 6 D 0 3 B C D B 8 C F E B 9 6 B 7 1 6 F 3 D 8 B E 3 E 1 8
C : \ W I N D O W S \ S Y S T E M 3 2 \ s v c h o s t . e x e - - a - - - 0 b y t e s [ 1 1 : 0 0 0 4 / 0 8 / 2 0 0 4 ] [ 0 0 : 1 2 1 4 / 0 4 / 2 0 0 8 ] D 4 1 D 8 C D 9 8 F 0 0 B 2 0 4 E 9 8 0 0 9 9 8 E C F 8 4 2 7 E
- = E n d O f F i l e = -
-
Hi,
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
copy C:\WINDOWS\$NtServicePackUninstall$\svchost.exe c:\windows\system32\svchost.exe >c:\Logit.txt
start c:\Logit.txt
del %0
Double-click on fixes.bat file to execute it. Notepad should open up. Please post contents of it.
-
Hi,
Here are the contents:
1 file(s) copied.
-
Ok. Now let's see fresh hjt log (it's more useful than dds log at this point).