Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12
  1. #11
    Member
    Join Date
    Dec 2007
    Posts
    23
    Points
    0

    Default Reports

    Here is the reports.





    ComboFix 07-12-05.2 - Ellis Christian 2007-12-06 19:40:53.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.128 [GMT -5:00]
    Running from: C:\Documents and Settings\Ellis Christian\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Ellis Christian\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\23.tmp
    C:\25.tmp
    C:\Documents and Settings\Ellis Christian\24631.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\25.tmp
    C:\Documents and Settings\Ellis Christian\24631.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
    .

    2007-12-06 19:12 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-06 19:11 . 2007-12-06 19:11 d-------- C:\Program Files\Common Files\Java
    2007-12-06 08:37 . 2007-12-06 08:37 d--hs---- C:\found.000
    2007-12-04 22:48 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2007-12-04 22:47 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2007-12-04 22:47 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2007-12-04 22:47 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2007-12-04 22:31 . 2007-12-06 08:00 d-------- C:\Documents and Settings\Ellis Christian\Application Data\AVG7
    2007-12-04 22:30 . 2007-12-04 22:30 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-04 22:29 . 2007-12-04 22:29 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-04 22:29 . 2007-12-05 18:26 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-03 21:37 . 2007-12-03 21:37 d-------- C:\WINDOWS\SDFIX
    2007-12-03 20:55 . 2007-12-04 22:14 d-------- C:\Program Files\SUPERAntiSpyware
    2007-12-03 20:55 . 2007-12-03 20:55 d-------- C:\Documents and Settings\Ellis Christian\Application Data\SUPERAntiSpyware.com
    2007-12-03 20:55 . 2007-12-03 20:55 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-12-02 11:44 . 2007-12-02 11:44 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-12-01 08:45 . 2007-12-01 08:45 d-------- C:\Program Files\MediaScouter

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-07 00:12 --------- d-----w C:\Program Files\Java
    2007-12-04 22:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-04 22:19 --------- d-----w C:\Program Files\AVG
    2007-12-04 21:15 --------- d-----w C:\Documents and Settings\Ellis Christian\Application Data\WeatherBug
    2007-12-02 17:54 --------- d-----w C:\Program Files\Common Files\MEP
    2007-12-02 14:26 512 ----a-w C:\ScanSectorLog.dat
    2007-11-28 13:14 12,800 ----a-w C:\WINDOWS\system32\svchost.exe
    2006-12-15 00:08 334 ----a-w C:\Documents and Settings\Clementina Christian\Application Data\internaldb1942.dat
    2006-12-15 00:08 13,046 ----a-w C:\Documents and Settings\Clementina Christian\Application Data\internaldb6823.dat
    2006-12-15 00:08 0 ----a-w C:\Documents and Settings\Clementina Christian\Application Data\internaldb8600.dat
    2006-12-15 00:07 20,480 ----a-w C:\Documents and Settings\Clementina Christian\Application Data\internaldb6291.dat
    2006-12-15 00:07 0 ----a-w C:\Documents and Settings\Clementina Christian\Application Data\internaldb8673.dat
    2006-12-15 00:07 0 ----a-w C:\Documents and Settings\Clementina Christian\Application Data\internaldb3520.dat
    2006-12-15 00:07 0 ----a-w C:\Documents and Settings\Clementina Christian\Application Data\internaldb2565.dat
    2006-12-15 00:07 0 ----a-w C:\Documents and Settings\Clementina Christian\Application Data\internaldb170.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2007-12-05_18.40.54.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-05 23:38:24 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2007-12-07 00:40:46 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    - 2005-11-10 15:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
    + 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2005-11-10 15:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2005-11-10 17:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 14:02]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-04 22:29]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-04 22:29]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ashampoo Magical Defrag.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ashampoo Magical Defrag.lnk
    backup=C:\WINDOWS\pss\Ashampoo Magical Defrag.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
    backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Xpress Mail Personal Edition.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Xpress Mail Personal Edition.lnk
    backup=C:\WINDOWS\pss\Xpress Mail Personal Edition.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ellis Christian^Start Menu^Programs^Startup^Hotmail Popper.lnk]
    path=C:\Documents and Settings\Ellis Christian\Start Menu\Programs\Startup\Hotmail Popper.lnk
    backup=C:\WINDOWS\pss\Hotmail Popper.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
    iexplore.exe http://iesettingsupdate

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n'Drop_Autolaunch]
    2003-01-30 17:17 86016 --a------ C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-06-26 16:13 1207080 --a------ C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2006-09-12 00:58 229952 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
    C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]
    PROMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolbarInstall]
    C:\WINDOWS\mirar_distro_876088.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracker]
    2004-10-27 12:02 118784 --a------ C:\Program Files\MySoftware\MyInvoices\tracker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    C:\Program Files\AWS\WeatherBug\Weather.exe 1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe
    R3 DXE201;Dynex DX-E201 CardBus PC Card;C:\WINDOWS\System32\DRIVERS\DXE201.SYS
    R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
    S3 iscFlash;iscFlash;\??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys
    S3 MhzNet;Megaherz Lan/Modem PCMCIA Device Driver;C:\WINDOWS\System32\DRIVERS\xem336n5.sys
    S3 SevenConnectionService;Xpress Mail Personal Edition Service;C:\Program Files\Xpress Mail\Personal Edition\ConnectionService.exe

    *Newly Created Service* - NMSCFG
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-01 01:03:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-06 19:44:22
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-06 19:45:15
    C:\ComboFix2.txt ... 2007-12-05 18:41
    .
    --- E O F ---












    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:48:54 PM, on 12/6/2007
    Platform: Windows XP (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Ellis Christian\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: metaspinner GmbH - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PRICEP~1\PRICEP~1\IEBUTT~1.DLL
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Pricepirates 3 - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Pricepirates\Pricepirates\preispiraten3ie.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .xfd: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwic...an8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196826425045
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.servicehonda.com/TSWeb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
    O23 - Service: Xpress Mail Personal Edition Service (SevenConnectionService) - Unknown owner - C:\Program Files\Xpress Mail\Personal Edition\ConnectionService.exe

    --
    End of file - 7197 bytes







    How does it look now?

  2. #12
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    your logs look Ok now...

    Please Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

    doubleclick the ccsetup.exe file and install the program...

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    THEN ...

    This will clear all your infected restore points...

    Turn off (Disable) System Restore in XP :-

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer.

    Then...

    Turn on (enable) System Restore :-

    Follow the same procedure, but this time uncheck Turn off System Restore

    if you have any problem with this... here's a link to instructions :-


    Disabling or enabling Windows XP System Restore >

    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

    Are your problems resolved ?

    steam

    Since there has been no response for a few days, from the poster, this topic is now closed. BG

    (Please contact a Moderator if you need it reopened. Please be advised that the spyware forum will closing down for the Holidays on or about the December 20.)
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

Page 2 of 2 FirstFirst 12