Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Totally new desperate for help chaps Totally new desperate for help chaps
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 10-14-2006, 03:19 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 7
OS: XP PRO BORG


Totally new desperate for help chaps
Hi
My brother has recommended I ask for help here as he believes I have an adware type virus deep rooted in my registry. To my very best ability Ive gone through the 5 step guide and yet still Im getting the same addware pop ups constantly and then when I try and open certain programs Nero for example I get an error message and everything shuts down. The addware comes in blocks of three pop ups. Im truly sorry that my knowledge level is very meagre with regard to computers but I learn fast and would really appreciate a helping hand.

Logfile of HijackThis v1.99.1
Scan saved at 7:03:48 PM, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1157848733\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{A4A0D193-0643-4105-0428-061005050002}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\a?sembly\e?plorer.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\common files\aol\1157848733\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1157848733\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.266\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MicroBorg Internet Exploder
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: (no name) - {D4E6FF63-6BA6-632E-F5AE-171348A83892} - C:\WINDOWS\system32\adcw.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O2 - BHO: (no name) - {D4E6FF63-6BA6-632E-F5AE-171348A83892} - C:\WINDOWS\system32\adcw.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157848733\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lcz] C:\WINDOWS\system32\a?sembly\e?plorer.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F022B791-AFDF-49CD-A5D5-CFCFF3C522EC}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
rodmro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-14-2006, 04:08 PM   #2 (permalink)
Registered User
 
Join Date: Jan 2006
Location: Canada
Posts: 250
OS: Windows 98SE/XP Home, Mac OS X


Hi rodmro, and welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.
AbstractEpiphany is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-14-2006, 04:22 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 7
OS: XP PRO BORG


Thankyou very much for your time I am very appreciative of any help you can give. Cheers Rod
rodmro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-14-2006, 09:14 PM   #4 (permalink)
Registered User
 
Join Date: Jan 2006
Location: Canada
Posts: 250
OS: Windows 98SE/XP Home, Mac OS X


Hello again rodmro, and thank you for your patience.

Before You Begin...
Please print out this page or copy it to Notepad to help you carry out the following instructions. Make sure to work through the fixes in the exact order they are mentioned below, and if there's anything that you don't understand, please ask any questions you may have before proceeding with the fix. You should not have any browsers or windows open, other than the programs mentioned in the fix, when you are following the procedures below.

HijackThis in Temporary Folder
You are currently running HijackThis from a temporary directory. This is not a good thing, because in a temporary directory, the backups that HijackThis makes are easily lost.

Please make a folder in a more permanent location such as C:/Program Files/HijackThis/, and redownload HijackThis or move it out of the temporary directory into this location before proceeding with the rest of the fix.

To do this:
  • Click on My Computer, and then click on the drive labeled C:.
  • Open the Program Files folder (or navigate to a folder where you'd prefer to store HijackThis, such as My Documents)
  • Go to File, then to New, and then to Folder, and name the new folder HijackThis or a name of your choice
  • Either
    • redownload and unzip HijackThis into this new folder
    • move hijackthis.exe out of C:\Documents and Settings\ADMINI~1\Local Settings\Temp\Rar$EX00.266\ (where ADMINI~1 is a username, likely "Administrator") and into the folder you just created.

Download Combofix
Download Combofix from one of the following links:

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

And save it to your desktop (it is very important that it's saved to your desktop!).

Disconnect From the Internet
Please disconnect your computer from the Internet at this time. This may involve physically unplugging the cable that connects it to the modem, if you have an 'always-active' internet connection like DSL or cable.

Run Combofix
Make sure that combofix.exe is located in your desktop.

Go to Start then Run then paste in this single line command, below in red, then click OK

"%userprofile%\desktop\combofix.exe" /v adcw

Do not move or click combofix's window while it runs, or you may cause it to stall! When finished, it shall produce a log for you. We'll need to see that log in your next post.

Reconnect to Internet
Please re-connect your computer to the Internet.

Download AVG AntiSpyware
Download AVG Anti-Spyware
  • Install AVG Anti-Spyware
  • Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

Download CleanUp!
Please download Cleanup! or use this alternate link if the main link does not work and install it. You will use this later.

NOTE: Do not run this program if you have XP Professional 64 bit edition. If you are unsure as to whether or not you have a 64 bit version of XP, please download and run this tool: http://www.kellys-korner-xp.com/regs...p_whichcpu.exe

Uninstall Programs
Go to Start -> Control Panel -> Add/Remove Programs and uninstall the following:

PrintViewer

Then close out of the Control Panel. Please let me know if you have any problems with the uninstallations.

Fix Hijackthis Entries
Open Hijackthis, and click on Scan Only. Put a checkmark beside the following entries, being very careful not to miss any:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MicroBorg Internet Exploder <- only fix if you didn't retitle Internet Explorer yourself
R3 - URLSearchHook: (no name) - {D4E6FF63-6BA6-632E-F5AE-171348A83892} - C:\WINDOWS\system32\adcw.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKCU\..\Run: [Lcz] C:\WINDOWS\system32\a?sembly\e?plorer.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab

And click Fix Checked.

Reboot to Safe Mode
Restart your computer, and repeatedly tap the F8 key (or the appropriate key for your system) until the menu appears. Select Safe Mode from that menu.

CleanUp!
NOTE: Cleanup deletes EVERYTHING out of temporary folders and does not make backups. If you have any files in your temporary folders you want to keep, move them now!

Open Cleanup! by double-clicking the icon on your desktop (or from Start -> All Programs). Set the program up as follows:
  • Click Options
  • Move the slider button down to Custom CleanUp!
  • Check the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users
  • Click on Temporary Files and make sure the following is unchecked:
    • Scan drives for file matching
Click OK, Press the CleanUp! button to start the program. Do not reboot when prompted.

Run AVG AntiSpyware
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Reboot to Normal Mode
Restart your computer normally.

Scan with Panda ActiveScan
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Please post that log in your next reply.

Run Combofix
Double click combofix.exe and follow the prompts. While Combofix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you--we'll need to see that log in your next reply.

Required Logfiles
C:/combofix2.txt
The AVG Antispyware logfile
The Panda ActiveScan logfile
C:/combofix.txt
A fresh HijackThis log

And please let me know how your computer is running.
AbstractEpiphany is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-15-2006, 11:15 AM   #5 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 7
OS: XP PRO BORG


Hi there again,
Wow that was a very comprehensive list of things to do. absolutely superb it showed up many things that all my other protection has not done. Here are the reports. Thank you so much for your help so far I am truly greatful. Administrator - 06-10-15 16:45:56.09 Service Pack 2
ComboFix 06.10.14.1 - Running from: "C:\Documents and Settings\Administrator\desktop"
Command switches used :: /v adcw

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adcw.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\PrintView
C:\Program Files\Common Files\{A4A0D193-0643-4105-0428-061005050002}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\DOBE~1
C:\QooBox\Purity\WINDOWS\DOBE~1\?dobe
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1\e?plorer.exe


((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))


2006-10-15 16:18 218,112 --a------ C:\HijackThis.exe
2006-10-06 18:11 65,536 --a------ C:\WINDOWS\system32\Winwcd.dll
2006-10-05 16:23 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-03 08:54 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-09-20 15:05 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-20 14:57 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2006-09-20 14:54 102,912 -ra------ C:\WINDOWS\system32\JPEGCODE.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-15 16:48 -------- d-------- C:\Program Files\Common Files
2006-10-15 16:21 -------- d-------- C:\Program Files\highjackthis
2006-10-14 18:26 -------- d-------- C:\Program Files\WinAVIVideoConverter
2006-10-14 17:22 -------- d-------- C:\Program Files\DVD Shrink
2006-10-11 06:22 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2006-10-08 15:13 -------- d-------- C:\Program Files\Yahoo!
2006-10-07 23:53 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-10-05 16:22 87760 --a------ C:\Documents and Settings\Administrator\Application Data\errorsafenewreleaseinstall[1].exe
2006-10-04 12:34 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-04 12:33 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-03 08:54 -------- d-------- C:\Program Files\Real
2006-10-03 08:54 -------- d-------- C:\Program Files\Common Files\Real
2006-10-02 18:38 -------- d-------- C:\Program Files\Viewpoint
2006-10-02 11:13 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
2006-10-01 19:47 -------- d-------- C:\Program Files\Google
2006-10-01 19:12 -------- d-------- C:\Program Files\Webteh
2006-10-01 19:05 -------- d-------- C:\Program Files\jv16 PowerTools 2006
2006-10-01 18:53 -------- d-------- C:\Program Files\ffdshow
2006-10-01 18:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-01 18:19 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-01 18:19 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-01 18:19 -------- d-------- C:\Program Files\AOL 9.0a
2006-10-01 13:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\MCMPEGEnc
2006-10-01 13:32 -------- d-------- C:\Program Files\DvdComposer
2006-10-01 13:27 -------- d-------- C:\Program Files\MainConcept
2006-09-24 12:40 -------- d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2006-09-20 18:18 -------- d-------- C:\Program Files\MSN Messenger
2006-09-20 17:53 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2006-09-20 17:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2006-09-20 17:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Datalayer
2006-09-20 17:33 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-20 17:33 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2006-09-20 17:33 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-09-20 17:32 -------- d-------- C:\Program Files\Adobe
2006-09-20 17:30 -------- d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2006-09-20 17:29 -------- d-------- C:\Program Files\Nokia
2006-09-20 17:27 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-09-20 17:27 -------- d-------- C:\Program Files\Common Files\Nokia
2006-09-20 17:25 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-20 17:02 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Google
2006-09-20 14:56 -------- d-------- C:\Program Files\Samsung
2006-09-19 20:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-19 20:26 -------- d-------- C:\Program Files\Azureus
2006-09-19 11:53 -------- d-------- C:\Program Files\Vodei
2006-09-14 15:32 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-09-14 11:09 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-09-14 09:42 -------- d-------- C:\Program Files\VideoLAN
2006-09-12 19:42 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-09-12 16:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2006-09-11 17:59 -------- d-------- C:\Program Files\VoyagerTest
2006-09-11 17:59 -------- d-------- C:\Program Files\Common Files\FTL Shared
2006-09-11 17:58 -------- d-------- C:\Program Files\VoyagerModemDrivers
2006-09-11 17:58 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-09-10 19:49 -------- d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2006-09-10 01:39 -------- d-------- C:\Program Files\AOL
2006-09-09 23:59 -------- d-------- C:\Program Files\Internet Explorer
2006-09-09 23:09 -------- d-------- C:\Program Files\AOL Companion
2006-09-09 23:07 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2006-09-09 23:06 -------- d-------- C:\Program Files\AOL Toolbar
2006-09-09 22:24 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-09 22:23 -------- d-------- C:\Program Files\Windows Media Player
2006-09-09 22:23 -------- d-------- C:\Program Files\AOL 9.0
2006-08-28 22:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Chessmaster Challenge
2006-08-28 04:50 -------- d-------- C:\Program Files\Common Files\Scanner
2006-08-28 03:57 -------- d-------- C:\Program Files\East-Tec Eraser 2006
2006-08-28 03:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\EAST Technologies
2006-08-28 03:55 5 --ahs---- C:\WINDOWS\system32\dfaeadfa8_s.dll
2006-08-28 03:31 61440 --a------ C:\WINDOWS\keygen.dll
2006-08-28 03:00 -------- d-------- C:\Program Files\Common Files\aolback
2006-08-28 02:59 -------- d-------- C:\Program Files\QuickTime
2006-08-28 02:59 -------- d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2006-08-28 02:58 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-08-28 02:17 -------- d-------- C:\Program Files\Realtek
2006-08-28 02:03 -------- d-------- C:\Program Files\WinRAR
2006-08-28 02:03 -------- d-------- C:\Program Files\Trillian
2006-08-28 02:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-08-28 02:02 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-28 02:01 -------- d-------- C:\Program Files\Microsoft Office
2006-08-28 02:01 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-28 02:01 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-28 02:00 -------- d-------- C:\Program Files\Common Files\System
2006-08-28 01:58 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-08-28 01:58 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-28 01:58 -------- d-------- C:\Program Files\Ahead
2006-08-28 01:58 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-08-28 01:57 -------- d-------- C:\Program Files\Multimedia
2006-08-28 01:57 -------- d-------- C:\Program Files\Kaspersky Lab
2006-08-28 01:57 -------- d-------- C:\Program Files\Game XP
2006-08-28 01:57 -------- d-------- C:\Program Files\Diskeeper Corporation
2006-08-28 01:56 -------- d-------- C:\Program Files\Java
2006-08-28 01:56 -------- d-------- C:\Program Files\Common Files\Java
2006-08-28 01:40 0 -rahs---- C:\MSDOS.SYS
2006-08-28 01:40 0 -rahs---- C:\IO.SYS
2006-08-28 01:40 0 --a------ C:\CONFIG.SYS
2006-08-28 01:40 0 --a------ C:\AUTOEXEC.BAT
2006-08-28 01:40 -------- d-------- C:\Program Files\msn gaming zone
2006-08-28 01:37 -------- d-------- C:\Program Files\Outlook Express
2006-08-28 01:37 -------- d-------- C:\Program Files\Online Services
2006-08-28 01:37 -------- d-------- C:\Program Files\NetMeeting
2006-08-28 01:37 -------- d-------- C:\Program Files\Movie Maker
2006-08-28 01:37 -------- d-------- C:\Program Files\Common Files\Services
2006-08-28 01:35 -------- d-------- C:\Program Files\Windows NT
2006-08-27 19:26 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-08-23 17:08 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-23 16:19 -------- d-------- C:\Program Files\xerox
2006-08-23 16:19 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-23 16:16 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Lcz"="C:\\WINDOWS\\system32\\a?sembly\\e?plorer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1157848733\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,74,01,00,00,00,00,00,00,8c,02,00,00,c6,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSMBalloonTip"=dword:00000000
"NoStrCmpLogical"=dword:00000001
"NoSaveSettings"=dword:00000000
"LockTaskbar"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
"NoInternetOpenWith"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-15 16:49:08.85
C:\ComboFix.txt ... 06-10-15 16:49



Second combo fixAdministrator - 06-10-15 18:54:54.26 Service Pack 2
ComboFix 06.10.14.1 - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\DOBE~1
C:\QooBox\Purity\WINDOWS\DOBE~1\?dobe
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))


2006-10-15 16:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-15 16:18 218,112 --a------ C:\HijackThis.exe
2006-10-05 16:23 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-03 08:54 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-09-20 15:05 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-20 14:57 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2006-09-20 14:54 102,912 -ra------ C:\WINDOWS\system32\JPEGCODE.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-15 17:16 -------- d-------- C:\Program Files\highjackthis
2006-10-15 17:05 -------- d-------- C:\Program Files\CleanUp!
2006-10-15 16:59 -------- d-------- C:\Program Files\Grisoft
2006-10-15 16:48 -------- d-------- C:\Program Files\Common Files
2006-10-14 18:26 -------- d-------- C:\Program Files\WinAVIVideoConverter
2006-10-14 17:22 -------- d-------- C:\Program Files\DVD Shrink
2006-10-11 06:22 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2006-10-08 15:13 -------- d-------- C:\Program Files\Yahoo!
2006-10-07 23:53 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-10-04 12:34 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-04 12:33 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-03 08:54 -------- d-------- C:\Program Files\Real
2006-10-03 08:54 -------- d-------- C:\Program Files\Common Files\Real
2006-10-02 18:38 -------- d-------- C:\Program Files\Viewpoint
2006-10-02 11:13 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
2006-10-01 19:47 -------- d-------- C:\Program Files\Google
2006-10-01 19:12 -------- d-------- C:\Program Files\Webteh
2006-10-01 19:05 -------- d-------- C:\Program Files\jv16 PowerTools 2006
2006-10-01 18:53 -------- d-------- C:\Program Files\ffdshow
2006-10-01 18:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-01 18:19 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-01 18:19 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-01 18:19 -------- d-------- C:\Program Files\AOL 9.0a
2006-10-01 13:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\MCMPEGEnc
2006-10-01 13:32 -------- d-------- C:\Program Files\DvdComposer
2006-10-01 13:27 -------- d-------- C:\Program Files\MainConcept
2006-09-24 12:40 -------- d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2006-09-20 18:18 -------- d-------- C:\Program Files\MSN Messenger
2006-09-20 17:53 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2006-09-20 17:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2006-09-20 17:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Datalayer
2006-09-20 17:33 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-20 17:33 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2006-09-20 17:33 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-09-20 17:32 -------- d-------- C:\Program Files\Adobe
2006-09-20 17:30 -------- d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2006-09-20 17:29 -------- d-------- C:\Program Files\Nokia
2006-09-20 17:27 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-09-20 17:27 -------- d-------- C:\Program Files\Common Files\Nokia
2006-09-20 17:25 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-20 17:02 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Google
2006-09-20 14:56 -------- d-------- C:\Program Files\Samsung
2006-09-19 20:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-19 20:26 -------- d-------- C:\Program Files\Azureus
2006-09-19 11:53 -------- d-------- C:\Program Files\Vodei
2006-09-14 15:32 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-09-14 11:09 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-09-14 09:42 -------- d-------- C:\Program Files\VideoLAN
2006-09-12 19:42 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-09-12 16:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2006-09-11 17:59 -------- d-------- C:\Program Files\VoyagerTest
2006-09-11 17:59 -------- d-------- C:\Program Files\Common Files\FTL Shared
2006-09-11 17:58 -------- d-------- C:\Program Files\VoyagerModemDrivers
2006-09-11 17:58 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-09-10 19:49 -------- d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2006-09-10 01:39 -------- d-------- C:\Program Files\AOL
2006-09-09 23:59 -------- d-------- C:\Program Files\Internet Explorer
2006-09-09 23:09 -------- d-------- C:\Program Files\AOL Companion
2006-09-09 23:07 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2006-09-09 23:06 -------- d-------- C:\Program Files\AOL Toolbar
2006-09-09 22:24 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-09 22:23 -------- d-------- C:\Program Files\Windows Media Player
2006-09-09 22:23 -------- d-------- C:\Program Files\AOL 9.0
2006-08-28 22:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Chessmaster Challenge
2006-08-28 04:50 -------- d-------- C:\Program Files\Common Files\Scanner
2006-08-28 03:57 -------- d-------- C:\Program Files\East-Tec Eraser 2006
2006-08-28 03:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\EAST Technologies
2006-08-28 03:55 5 --ahs---- C:\WINDOWS\system32\dfaeadfa8_s.dll
2006-08-28 03:31 61440 --a------ C:\WINDOWS\keygen.dll
2006-08-28 03:00 -------- d-------- C:\Program Files\Common Files\aolback
2006-08-28 02:59 -------- d-------- C:\Program Files\QuickTime
2006-08-28 02:59 -------- d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2006-08-28 02:58 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-08-28 02:17 -------- d-------- C:\Program Files\Realtek
2006-08-28 02:03 -------- d-------- C:\Program Files\WinRAR
2006-08-28 02:03 -------- d-------- C:\Program Files\Trillian
2006-08-28 02:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-08-28 02:02 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-28 02:01 -------- d-------- C:\Program Files\Microsoft Office
2006-08-28 02:01 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-28 02:01 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-28 02:00 -------- d-------- C:\Program Files\Common Files\System
2006-08-28 01:58 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-08-28 01:58 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-28 01:58 -------- d-------- C:\Program Files\Ahead
2006-08-28 01:58 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-08-28 01:57 -------- d-------- C:\Program Files\Multimedia
2006-08-28 01:57 -------- d-------- C:\Program Files\Kaspersky Lab
2006-08-28 01:57 -------- d-------- C:\Program Files\Game XP
2006-08-28 01:57 -------- d-------- C:\Program Files\Diskeeper Corporation
2006-08-28 01:56 -------- d-------- C:\Program Files\Java
2006-08-28 01:56 -------- d-------- C:\Program Files\Common Files\Java
2006-08-28 01:40 0 -rahs---- C:\MSDOS.SYS
2006-08-28 01:40 0 -rahs---- C:\IO.SYS
2006-08-28 01:40 0 --a------ C:\CONFIG.SYS
2006-08-28 01:40 0 --a------ C:\AUTOEXEC.BAT
2006-08-28 01:40 -------- d-------- C:\Program Files\msn gaming zone
2006-08-28 01:37 -------- d-------- C:\Program Files\Outlook Express
2006-08-28 01:37 -------- d-------- C:\Program Files\Online Services
2006-08-28 01:37 -------- d-------- C:\Program Files\NetMeeting
2006-08-28 01:37 -------- d-------- C:\Program Files\Movie Maker
2006-08-28 01:37 -------- d-------- C:\Program Files\Common Files\Services
2006-08-28 01:35 -------- d-------- C:\Program Files\Windows NT
2006-08-27 19:26 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-08-23 17:08 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-23 16:19 -------- d-------- C:\Program Files\xerox
2006-08-23 16:19 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-23 16:16 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1157848733\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,74,01,00,00,00,00,00,00,8c,02,00,00,c6,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSMBalloonTip"=dword:00000000
"NoStrCmpLogical"=dword:00000001
"NoSaveSettings"=dword:00000000
"LockTaskbar"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
"NoInternetOpenWith"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-15 18:55:40.09
C:\ComboFix.txt ... 06-10-15 18:55
C:\ComboFix2.txt ... 06-10-15 18:16
C:\ComboFix3.txt ... 06-10-15 16:49



Avg report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:05:40 PM 15/10/2006

+ Scan result:



HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Serials and cracks\Crack Searchers.rar/Crack Searchers\craagle1.91\Craagle.exe -> Adware.Craagle : Cleaned with backup (quarantined).
HKU\S-1-5-21-583907252-1409082233-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7554D3BF-72CA-4172-978E-947BF532BE4C}\RP60\A0191492.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1\eхplorer.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7554D3BF-72CA-4172-978E-947BF532BE4C}\RP60\A0191146.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7554D3BF-72CA-4172-978E-947BF532BE4C}\RP60\A0191474.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Application Data\errorsafenewreleaseinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Serials and cracks\CuteFTP_v6.xx_Pro.zip/patch.exe -> Trojan.Delf.li : Cleaned with backup (quarantined).


::Report end

Hach this log Logfile of HijackThis v1.99.1
Scan saved at 7:03:48 PM, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1157848733\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{A4A0D193-0643-4105-0428-061005050002}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\a?sembly\e?plorer.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\common files\aol\1157848733\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1157848733\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.266\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MicroBorg Internet Exploder
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: (no name) - {D4E6FF63-6BA6-632E-F5AE-171348A83892} - C:\WINDOWS\system32\adcw.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O2 - BHO: (no name) - {D4E6FF63-6BA6-632E-F5AE-171348A83892} - C:\WINDOWS\system32\adcw.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157848733\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lcz] C:\WINDOWS\system32\a?sembly\e?plorer.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F022B791-AFDF-49CD-A5D5-CFCFF3C522EC}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Sorry if its a bit mixed up. Thankyou again Rod
rodmro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-15-2006, 12:26 PM   #6 (permalink)
Registered User
 
Join Date: Jan 2006
Location: Canada
Posts: 250
OS: Windows 98SE/XP Home, Mac OS X


Hello Rod!

Thank you kindly for the logfiles--things are looking much better.

However, the log you just posted for HijackThis shares the same date and time as the first one--and I want to make sure that there's no malware still showing up in that logfile, so we can get your system fully clean.

Could you please re-scan with HijackThis and post a new log in this topic? Thank you!
AbstractEpiphany is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-15-2006, 12:31 PM   #7 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 7
OS: XP PRO BORG


Logfile of HijackThis v1.99.1
Scan saved at 8:29:57 PM, on 15/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1157848733\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\common files\aol\1157848733\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1157848733\ee\aolsoftware.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157848733\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F022B791-AFDF-49CD-A5D5-CFCFF3C522EC}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

You are an absolute diamond thank you so much
rodmro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!