Tech Support Forum - View Single Post - Slow Computer..Kaspersky reveals 15 viruses.. HELP! 5 steps completed.

Juyz · 09-07-2007, 11:52 AM

Pancake,

Thanks for taking the time to help me out.

A few things real quick: When I ran the combofix, just before reboot, I got an error that said "NirCmd.cfexe failed to initialize" but then the reboot happened and after logging back in, Combofix seemed to finish up and generated the log, but it took a while. During this time, I got a message saying that "AOL Connectivity Service Dialer has encountered a problem and needs to close." I'm not sure what that's all about either as I haven't used AOL in years (probably 3 now?)

Thanks again and the following are the logs you requested:

Combofix.txt

ComboFix 07-09-07 - "Admin" 2007-09-07 9:55:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.54 [GMT -4:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))

2007-09-07 09:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-05 16:10 <DIR> d-------- C:\Megamud
2007-09-04 11:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Juniper Networks
2007-09-04 11:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-04 09:05 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-09-04 08:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-09-04 08:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-04 02:29 <DIR> d-------- C:\Deckard
2007-09-04 02:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-04 00:21 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-08-22 12:16 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-10 17:49 <DIR> d-------- C:\Program Files\FedTerm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-05 12:50 --------- d-------- C:\Program Files\QuickTime
2007-09-05 12:46 --------- d-------- C:\Program Files\Netscape Internet Service
2007-09-05 12:44 --------- d-------- C:\Program Files\MSN Messenger
2007-09-05 12:31 --------- d-------- C:\Program Files\ClockTick
2007-09-05 12:30 --------- d-------- C:\Program Files\7-Zip
2007-09-05 08:57 --------- d-------- C:\Program Files\morpheus
2007-09-04 13:09 --------- d-------- C:\Program Files\AOL Toolbar
2007-09-04 03:35 --------- d-------- C:\Program Files\AIM95
2007-09-04 00:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-03 23:50 --------- d-------- C:\Program Files\Megamud-U
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-21 23:13 --------- d-------- C:\Program Files\Code Red

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a785f304-ef68-4dc1-8052-d2248b1d8955}]
C:\WINDOWS\system32\qd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f935c389-3489-4773-8a5a-e90dc96f2f56}]
C:\WINDOWS\system32\ptdei.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16]
"PCTVOICE"="pctspk.exe" [2001-11-02 18:49 C:\WINDOWS\SYSTEM32\pctspk.exe]
"Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 16:15]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [2001-10-02 14:23]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"EPSON Stylus C82 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.exe" [2002-04-25 06:00]
"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-05-06 18:47]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-03-23 15:20]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 15:07]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 13:36]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-09-22 16:08]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 19:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-07 04:03]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 12:00]
"SunServer"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 16:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
ClockTick.lnk - C:\Program Files\ClockTick\clocktick.exe [2003-02-27 01:14:08]
DESKTOP.INI [2001-11-15 08:31:16]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

C:\DOCUME~1\Admin\STARTM~1\Programs\Startup\
DESKTOP.INI [2001-11-15 08:31:16]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2001-11-15 08:31:16]

C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\
DESKTOP.INI [2001-11-15 08:31:16]

C:\DOCUME~1\RO\STARTM~1\Programs\Startup\
DESKTOP.INI [2001-11-15 08:31:16]
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE [2003-09-11 11:44:44]
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2003-02-03 01:23:38]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2001-11-15 08:31:16]

R1 NEOFLTR_500_8897;Juniper Networks TDI Filter Driver (NEOFLTR_500_8897);\??\C:\WINDOWS\system32\Drivers\NEOFLTR_500_8897.SYS
R1 ppmoucls;ppmoucls;C:\WINDOWS\system32\DRIVERS\ppmoucls.sys
R1 pptchpad;PenPower Touchpad;C:\WINDOWS\system32\DRIVERS\pptchpd5.sys
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys
S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys

Contents of the 'Scheduled Tasks' folder
"2002-09-16 01:45:31 C:\WINDOWS\Tasks\Symantec NetDetect.job"

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-07 10:04:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-07 10:16:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-07 10:16

--- E O F ---

**************

SuperAntiSpyware Scan Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/07/2007 at 11:33 AM

Application Version : 3.9.1008

Core Rules Database Version : 3301
Trace Rules Database Version: 1307

Scan type : Complete Scan
Total Scan Time : 00:57:02

Memory items scanned : 354
Memory threats detected : 0
Registry items scanned : 5888
Registry threats detected : 16
File items scanned : 48212
File threats detected : 8

Adware.WurldMedia
HKLM\Software\Classes\CLSID\{508E0F50-1FDD-459C-838B-BCCE1FCB8D24}
HKCR\CLSID\{508E0F50-1FDD-459C-838B-BCCE1FCB8D24}
HKCR\CLSID\{508E0F50-1FDD-459C-838B-BCCE1FCB8D24}
HKCR\CLSID\{508E0F50-1FDD-459C-838B-BCCE1FCB8D24}\InprocServer32
C:\PROGRA~1\MORPHEUS\AXBROW~1.DLL
HKLM\Software\Classes\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\Control
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\InprocServer32
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\InprocServer32#ThreadingModel
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\MiscStatus
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\MiscStatus\1
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\ProgID
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\ToolboxBitmap32
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\TypeLib
HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\Version

Adware.Tracking Cookie
C:\Documents and Settings\Admin\Cookies\admin@ehg-kasperskylab.hitbox[1].txt
C:\Documents and Settings\Admin\Cookies\admin@hitbox[2].txt
C:\Documents and Settings\Ro\Cookies\ro@bcs[2].txt
C:\Documents and Settings\Ro\Cookies\ro@www.upspiral[1].txt

Unclassified.Cmd32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097857.EXE

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097858.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1472\A0098771.DLL

**********
Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:06 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ClockTick\clocktick.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: - {a785f304-ef68-4dc1-8052-d2248b1d8955} - C:\WINDOWS\system32\qd.dll (file missing)
O2 - BHO: - {f935c389-3489-4773-8a5a-e90dc96f2f56} - C:\WINDOWS\system32\ptdei.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ClockTick.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7563 bytes

09-07-2007, 11:52 AM	#3 (permalink)
Juyz Registered User Join Date: Sep 2007 Posts: 3 OS: Win XP Home Edition, SP2	Re: Slow Computer..Kaspersky reveals 15 viruses.. HELP! 5 steps completed. Pancake, Thanks for taking the time to help me out. A few things real quick: When I ran the combofix, just before reboot, I got an error that said "NirCmd.cfexe failed to initialize" but then the reboot happened and after logging back in, Combofix seemed to finish up and generated the log, but it took a while. During this time, I got a message saying that "AOL Connectivity Service Dialer has encountered a problem and needs to close." I'm not sure what that's all about either as I haven't used AOL in years (probably 3 now?) Thanks again and the following are the logs you requested: Combofix.txt ComboFix 07-09-07 - "Admin" 2007-09-07 9:55:31.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.54 [GMT -4:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wanpacket.dll C:\WINDOWS\system32\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 ))))))))))))))))))))))))))))))) 2007-09-07 09:53 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-05 16:10 <DIR> d-------- C:\Megamud 2007-09-04 11:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Juniper Networks 2007-09-04 11:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-09-04 09:05 <DIR> d-------- C:\Program Files\Sunbelt Software 2007-09-04 08:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab 2007-09-04 08:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-09-04 02:29 <DIR> d-------- C:\Deckard 2007-09-04 02:07 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-04 00:21 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-08-22 12:16 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2007-08-10 17:49 <DIR> d-------- C:\Program Files\FedTerm (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-05 12:50 --------- d-------- C:\Program Files\QuickTime 2007-09-05 12:46 --------- d-------- C:\Program Files\Netscape Internet Service 2007-09-05 12:44 --------- d-------- C:\Program Files\MSN Messenger 2007-09-05 12:31 --------- d-------- C:\Program Files\ClockTick 2007-09-05 12:30 --------- d-------- C:\Program Files\7-Zip 2007-09-05 08:57 --------- d-------- C:\Program Files\morpheus 2007-09-04 13:09 --------- d-------- C:\Program Files\AOL Toolbar 2007-09-04 03:35 --------- d-------- C:\Program Files\AIM95 2007-09-04 00:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 2007-09-03 23:50 --------- d-------- C:\Program Files\Megamud-U 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-21 23:13 --------- d-------- C:\Program Files\Code Red ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a785f304-ef68-4dc1-8052-d2248b1d8955}] C:\WINDOWS\system32\qd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f935c389-3489-4773-8a5a-e90dc96f2f56}] C:\WINDOWS\system32\ptdei.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16] "PCTVOICE"="pctspk.exe" [2001-11-02 18:49 C:\WINDOWS\SYSTEM32\pctspk.exe] "Dell\|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 16:15] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50] "PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [2001-10-02 14:23] "nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\SYSTEM32\nwiz.exe] "EPSON Stylus C82 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.exe" [2002-04-25 06:00] "DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-05-06 18:47] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-03-23 15:20] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 15:07] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 13:36] "D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-09-22 16:08] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 19:45] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-07 04:03] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 12:00] "SunServer"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 16:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ ClockTick.lnk - C:\Program Files\ClockTick\clocktick.exe [2003-02-27 01:14:08] DESKTOP.INI [2001-11-15 08:31:16] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] C:\DOCUME~1\Admin\STARTM~1\Programs\Startup\ DESKTOP.INI [2001-11-15 08:31:16] C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\ DESKTOP.INI [2001-11-15 08:31:16] C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\ DESKTOP.INI [2001-11-15 08:31:16] C:\DOCUME~1\RO\STARTM~1\Programs\Startup\ DESKTOP.INI [2001-11-15 08:31:16] HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE [2003-09-11 11:44:44] Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2003-02-03 01:23:38] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\ DESKTOP.INI [2001-11-15 08:31:16] R1 NEOFLTR_500_8897;Juniper Networks TDI Filter Driver (NEOFLTR_500_8897);\??\C:\WINDOWS\system32\Drivers\NEOFLTR_500_8897.SYS R1 ppmoucls;ppmoucls;C:\WINDOWS\system32\DRIVERS\ppmoucls.sys R1 pptchpad;PenPower Touchpad;C:\WINDOWS\system32\DRIVERS\pptchpd5.sys R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys Contents of the 'Scheduled Tasks' folder "2002-09-16 01:45:31 C:\WINDOWS\Tasks\Symantec NetDetect.job" ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-07 10:04:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Completion time: 2007-09-07 10:16:59 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-07 10:16 --- E O F --- ********** SuperAntiSpyware Scan Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/07/2007 at 11:33 AM Application Version : 3.9.1008 Core Rules Database Version : 3301 Trace Rules Database Version: 1307 Scan type : Complete Scan Total Scan Time : 00:57:02 Memory items scanned : 354 Memory threats detected : 0 Registry items scanned : 5888 Registry threats detected : 16 File items scanned : 48212 File threats detected : 8 Adware.WurldMedia HKLM\Software\Classes\CLSID\{508E0F50-1FDD-459C-838B-BCCE1FCB8D24} HKCR\CLSID\{508E0F50-1FDD-459C-838B-BCCE1FCB8D24} HKCR\CLSID\{508E0F50-1FDD-459C-838B-BCCE1FCB8D24} HKCR\CLSID\{508E0F50-1FDD-459C-838B-BCCE1FCB8D24}\InprocServer32 C:\PROGRA~1\MORPHEUS\AXBROW~1.DLL HKLM\Software\Classes\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7} HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7} HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7} HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\Control HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\InprocServer32 HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\InprocServer32#ThreadingModel HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\MiscStatus HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\MiscStatus\1 HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\ProgID HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\ToolboxBitmap32 HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\TypeLib HKCR\CLSID\{7BC24A41-4F83-442F-997F-9B9E654155A7}\Version Adware.Tracking Cookie C:\Documents and Settings\Admin\Cookies\admin@ehg-kasperskylab.hitbox[1].txt C:\Documents and Settings\Admin\Cookies\admin@hitbox[2].txt C:\Documents and Settings\Ro\Cookies\ro@bcs[2].txt C:\Documents and Settings\Ro\Cookies\ro@www.upspiral[1].txt Unclassified.Cmd32 C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097857.EXE Unclassified.Unknown Origin C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097858.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1472\A0098771.DLL ******** Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:49:06 PM, on 9/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Netscape Internet Service\ncupdatesvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\WINPENJR\Win32\pphidpad.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\ClockTick\clocktick.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: - {a785f304-ef68-4dc1-8052-d2248b1d8955} - C:\WINDOWS\system32\qd.dll (file missing) O2 - BHO: - {f935c389-3489-4773-8a5a-e90dc96f2f56} - C:\WINDOWS\system32\ptdei.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Dell\|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ClockTick.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7563 bytes