|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
09-20-2006, 03:51 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
Spyware keeps coming back!!!
Hi there,
Below the line is a log file from "Hijackthis" showing my system processes. I have a spyware problem. I run spyware doctor, and many other spyware programs to help get rid of the spyware. But everytime I do a spyware scan, the spyware shows up on the next scan. I have tried running the scan in safe mode, but no difference. Cheers in advance. ------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:44:41 AM, on 9/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\PRINTV~1\pvmodule.exe C:\Applications\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\{1421B616-0BB7-1033-0624-050419050001}\Update.exe C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe C:\Applications\Roboform\RoboTaskBarIcon.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\WINDOWS\system32\nvsvc32.exe C:\Applications\Spyware Doctor 4\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Applications\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warez.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe" O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
     |
| Sponsored Links |
|
09-20-2006, 05:52 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,265
OS: N/A
|
Please rename Hijackthis.exe
It's currently located at C:\Applications\Hijack This\HijackThis.exe Rename it from Hijackthis.exe to HJT.exe Then post a fresh Hijackthis log & tell me what type of antivirus program you have installed
__________________
|
|
|
|
|
09-20-2006, 06:21 PM
|
#3 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
I renamed HijackThis to HJT.exe...
The antivirus software I have been using is:
Spyware Doctor Ad-Aware SE Personal Edition Trend Micro HouseCall Online Scanner Spybot - Search and Destroy Registry Mechanic I have yet to use AVG. Below is the new logfile after I renamed Hijackthis. ----------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 1:15:22 PM, on 9/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Applications\Spyware Doctor 4\sdhelp.exe C:\PROGRA~1\PRINTV~1\pvmodule.exe C:\WINDOWS\system32\RunDLL32.exe C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe C:\Applications\Roboform\RoboTaskBarIcon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Applications\Mozilla Firefox\firefox.exe C:\Applications\Hijack This\HJT.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Applications\Spybot\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\APPLIC~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {97A7E50D-063B-49AF-8A83-37ADE5620F9C} - blank (file missing) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\hhvnbyac.dll O2 - BHO: (no name) - {B9607164-34C2-42F9-A810-A94D733791F8} - C:\WINDOWS\system32\jkkjh.dll O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\vtuttqn.dll O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file) O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Spyware Doctor] "C:\Applications\Spyware Doctor 4\swdoctor.exe" /RM /FS /X O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll O20 - Winlogon Notify: vtuttqn - C:\WINDOWS\SYSTEM32\vtuttqn.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
09-20-2006, 06:29 PM
|
#4 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,265
OS: N/A
|
* Spyware Doctor - antispyware program. Not antivirus.
* Ad-Aware SE Personal Edition - antispyware program. Not antivirus. * Spybot - Search and Destroy - antispyware program. Not antivirus. * Registry Mechanic - This is merely a registry optimizer * Trend Micro HouseCall Online Scanner - Antivirus... but does not provide any realtime protection If I provide you with a freeware antivirus, are you willling to install & maintain it? Take note that your answer shall determine my next course of action.
__________________
|
|
|
|
|
09-20-2006, 08:48 PM
|
#6 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,265
OS: N/A
|
Let's get rid of the infections first before installing the AV program.
Do a HijackThis scan & place a check next to these items and select "Fix checked": O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: (no name) - {97A7E50D-063B-49AF-8A83-37ADE5620F9C} - blank (file missing) O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file) O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present * * * * * * 1. Download this file using either of these links http://download.bleepingcomputer.com/sUBs/combofix.exe http://www.techsupportforum.com/sectools/combofix.exe * IMPORTANT !!! Place combofix.exe on your Desktop  2. Go to Start → Run → paste in the single line command & click OK "%userprofile%\desktop\combofix.exe" /v jkkjh vtuttqn unaoakg hhvnbyac3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
|
|
|
|
|
09-20-2006, 09:43 PM
|
#7 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
I removed 5 of the 7 items in HJT. 2 items were not found by HJT(see below):
(item not found #1 ) O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (item not found #2) O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll Below is the logfile created by HJT(most recent): ------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 16:32, on 06-09-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Applications\Spyware Doctor 4\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\PRINTV~1\pvmodule.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe C:\Applications\Roboform\RoboTaskBarIcon.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\WINDOWS\system32\wuauclt.exe C:\Applications\Mozilla Firefox\firefox.exe C:\Applications\Hijack This\HJT.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Applications\Spybot\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\APPLIC~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -------------------------------------------------------------------------- Below is the logfile created by Combo Fix: ----------------------------------------------------------------------------- simon - 06-09-21 16:27:39.98 Service Pack 2 ComboFix 06.09.20 - Running from: "C:\Documents and Settings\simon\desktop" Command switches used :: /v jkkjh vtuttqn unaoakg hhvnbyac (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\jkkjh.dll C:\WINDOWS\system32\vtuttqn.dll C:\WINDOWS\system32\unaoakg.dll C:\WINDOWS\system32\hhvnbyac.dll C:\WINDOWS\system32\hjkkj.bak1 C:\WINDOWS\system32\hjkkj.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\ishost.exe C:\Program Files\ToolBar888 C:\Program Files\winupdates C:\Program Files\Common Files\{1421B616-0BB7-1033-0624-050419050001} ((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 )))))))))))))))))))))))))))))))))) 2006-09-21 12:53 40,973 ---hs---- C:\WINDOWS\system32\mljgecc.dll 2006-09-21 11:00 40,973 ---hs---- C:\WINDOWS\system32\jkklllm.dll 2006-09-20 18:12 40,973 ---hs---- C:\WINDOWS\system32\byxussp.dll 2006-09-20 16:26 40,973 ---hs---- C:\WINDOWS\system32\ljjkkli.dll 2006-09-20 14:21 40,973 ---hs---- C:\WINDOWS\system32\vtuuutq.dll 2006-09-19 16:58 40,973 ---hs---- C:\WINDOWS\system32\khffgfg.dll 2006-09-19 16:31 94,208 --a------ C:\WINDOWS\system32\uhvjsul.dll 2006-09-19 13:27 40,973 ---hs---- C:\WINDOWS\system32\tuvsrsq.dll 2006-09-19 13:26 18,944 --a------ C:\WINDOWS\system32\winbug32.dll 2006-09-18 15:46 766,804 ---hs---- C:\WINDOWS\system32\hjllm.bak2 2006-09-16 21:03 749,055 ---hs---- C:\WINDOWS\system32\hjllm.bak1 2006-09-16 20:52 281,943 --a------ C:\WINDOWS\system32\pmnlm.dll 2006-09-16 20:41 40,973 ---hs---- C:\WINDOWS\system32\ljjkkji.dll 2006-09-11 21:23 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll 2006-09-11 18:09 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll 2006-09-09 14:11 45,056 --a--c--- C:\WINDOWS\system32\wnaspi32.dll 2006-09-09 14:03 278,528 --a------ C:\WINDOWS\system32\livesnth.dll 2006-09-09 14:03 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll 2006-09-08 16:34 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2006-09-08 16:34 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2006-09-06 17:38 4,239,360 --a------ C:\WINDOWS\system32\qtp-mt334.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-21 16:28 -------- d-------- C:\Program Files\Common Files 2006-09-21 16:16 -------- d-------- C:\Documents and Settings\simon\Application Data\AVG7 2006-09-21 16:15 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-21 16:15 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-09-21 16:15 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-09-21 16:15 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-09-21 16:15 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-09-21 16:15 -------- d-------- C:\Program Files\Grisoft 2006-09-21 16:14 -------- d---s---- C:\Documents and Settings\simon\Application Data\Microsoft 2006-09-21 15:12 36 --a--c--- C:\Documents and Settings\simon\Application Data\.googlewebacchosts 2006-09-20 17:34 -------- d-------- C:\Documents and Settings\simon\Application Data\Lavasoft 2006-09-19 17:13 -------- d-------- C:\Program Files\PrintView 2006-09-16 19:51 -------- d-------- C:\Program Files\strCodec 2006-09-12 17:48 -------- d-------- C:\Program Files\Simon Clarke's CV and Cover Letter 2006-09-11 21:23 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-11 18:10 -------- d-------- C:\Program Files\Common Files\InterVideo 2006-09-11 18:10 -------- d-------- C:\Documents and Settings\simon\Application Data\InterVideo 2006-09-11 18:09 -------- d-------- C:\Program Files\InterActual 2006-09-11 18:09 -------- d-------- C:\Program Files\Creative 2006-09-01 23:47 11973 --a--c--- C:\WINDOWS\system32\drivers\secdrv.sys 2006-08-25 20:26 -------- d-------- C:\Documents and Settings\simon\Application Data\PC Tools 2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 21:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-12 11:26 -------- d-------- C:\Program Files\Internet Explorer 2006-08-09 18:38 -------- d-------- C:\Program Files\Boinc 2006-08-08 15:06 -------- d-------- C:\Documents and Settings\simon\Application Data\SolidDocuments 2006-08-08 14:57 -------- d-------- C:\Documents and Settings\simon\Application Data\CTdeveloping 2006-08-05 12:50 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-08-05 11:56 -------- d-------- C:\Documents and Settings\simon\Application Data\com.codeode 2006-08-02 14:35 -------- d-------- C:\Program Files\Google 2006-07-29 19:38 -------- d-------- C:\Program Files\Common Files\Services 2006-07-28 01:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll 2006-07-24 15:14 -------- d-------- C:\Program Files\Online Services 2006-07-21 20:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll 2006-06-22 17:06 69120 --a--c--- C:\WINDOWS\system32\ciodm.dll 2006-06-22 17:06 1435648 --a--c--- C:\WINDOWS\system32\query.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="\"C:\\Applications\\FreeRAM XP Pro 1.51\\FreeRAM XP Pro.exe\" -win" "RoboForm"="\"C:\\Applications\\Roboform\\RoboTaskBarIcon.exe\"" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "NoDispCPL"=dword:00000000 "NoDispAppearancePage"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispSettingsPage"=dword:00000000 "NoDispScrSavPage"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoCDBurning"=dword:00000000 "NoActiveDesktop"=dword:00000000 "NoViewContextMenu"=dword:00000000 "NoWinKeys"=dword:00000000 "NoShellSearchButton"=dword:00000000 "NoFileAssociate"=dword:00000000 "NoFileMenu"=dword:00000000 "NoFolderOptions"=dword:00000000 "NoFind"=dword:00000000 "NoRun"=dword:00000000 "NoClose"=dword:00000000 "NoCommonGroups"=dword:00000000 "NoRecentDocsHistory"=dword:00000001 "ClearRecentDocsOnExit"=dword:00000000 "NoSimpleStartMenu"=dword:00000000 "HideClock"=dword:00000000 "NoToolbarsOnTaskbar"=dword:00000000 "NoTrayItemsDisplay"=dword:00000000 "StartMenuLogoff"=dword:00000000 "NoSMHelp"=dword:00000000 "NoTrayContextMenu"=dword:00000000 "NoControlPanel"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\APPLIC~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk] "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MI1933~1\\Office\\OSA9.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\APPLIC~1\\WINZIP~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgcc" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus Photo R210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="E_S4I3H2" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB001\" /M \"Stylus Photo R210\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ImInstaller_IncrediMail] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="incredimail_install[1]" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDLL32" "hkey"="HKLM" "command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NVRTCLK] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NVRTClk" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTAVApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCTAV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spam Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpamMonitor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnlockerAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UnlockerAssistant" "hkey"="HKLM" "command"="\"C:\\Applications\\Unlocker\\UnlockerAssistant.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WebAccelerator] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="webxl" "hkey"="HKLM" "command"="\"C:\\Applications\\Web Accelerator 1.9\\webxl.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services] "Avg7UpdSvc"=dword:00000002 "Avg7Alrt"=dword:00000002 "AVGEMS"=dword:00000002 "Macromedia Licensing Service"=dword:00000003 "Adobe LM Service"=dword:00000003 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Click Maintenance.job Completion time: 06-09-21 16:30:19.53 ComboFix.txt -------------------------------------------------------------------------- Should that have fixed it? I will run AVG in safe-mode. Any suggestions/solutions are welcome. |
|
|
|
|
09-20-2006, 09:55 PM
|
#8 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,265
OS: N/A
|
Carry out the following tasks in the order as I laid out.
Uninstall this program - strCodec * * * * * * Download & launch KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)  Select the following option - delete on Reboot Use your mouse to select all the filenames listed below & then right-click & select Copy
* Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again. * * * * * * On the reboot, delete this folder - C:\Program Files\strCodec Then, Open notepad and copy and paste next present in the quotebox below in it: (don't forget to copy and paste REGEDIT4) Code:
REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WebAccelerator] It should look like this:  Double click on fix.reg & allow it to merge into the registry * * * * * * Next, perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * * In your next post, please include fresh logs from:
__________________
|
|
|
|
|
09-21-2006, 01:09 AM
|
#9 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
Logfile of HijackThis v1.99.1
Scan saved at 19:38, on 06-09-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Applications\Spyware Doctor 4\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\PRINTV~1\pvmodule.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe C:\Applications\Roboform\RoboTaskBarIcon.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Applications\Mozilla Firefox\firefox.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Applications\Hijack This\HJT.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Applications\Spybot\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\APPLIC~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
09-21-2006, 01:15 AM
|
#10 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
I can't copy and paste the Kaspersky Report because the browser freezes and has to be restarted. What is your email address? I can send it as an attachment instead. My PC still has infections and my broadband runs 70% of the time.
|
|
|
|
|
09-21-2006, 01:27 AM
|
#11 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
I am sending the Kaspersky Report to the email: support@techsupportforum.com. I hope you get it seeing as my broadband can be unstable at times.
|
|
|
|
|
09-21-2006, 02:07 AM
|
#14 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,265
OS: N/A
|
The log results only looks scary. It's not that bad. :)
Delete this folder - C:\Documents and Settings\simon\.housecall\Quarantine\ Then, have Killbox delete this file - C:\WINDOWS\system32\mljgecc.dll On the reboot, clear system restore's cache (System Volume Information folder) by doing this... Go to Start → Run → type control sysdm.cpl,,4 & press Enter
That basically removes all the infected files found by Kspersky. Let me know how that went
__________________
|
|
|
|
|
09-21-2006, 02:21 AM
|
#15 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
This file does not exist on my PC: C:\WINDOWS\system32\mljgecc.dll
I don't have a system32 folder either. I turned off then on system restore using the commands you gave me. I have been doing AVG scans but it finds hardly any viruses/trojans. Spyware doctor keeps finding 10-30 spywares on each scan. Some virus/spyware replicates itself on deletion. clever! ------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 21:19, on 06-09-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Applications\Spyware Doctor 4\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\PRINTV~1\pvmodule.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe C:\Applications\Roboform\RoboTaskBarIcon.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\Applications\Spyware Doctor 4\swdoctor.exe C:\Program Files\Grisoft\AVG Free\avgwb.dat C:\Applications\Mozilla Firefox\firefox.exe C:\Program Files\Grisoft\AVG Free\avgcc.exe C:\Applications\Hijack This\HJT.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Applications\Spybot\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\APPLIC~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
09-21-2006, 05:09 PM
|
#17 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
simon - 06-09-22 12:07:10.62 Service Pack 2
ComboFix 06.09.20 - Running from: "C:\Documents and Settings\simon\Desktop" Command switches used :: ((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 )))))))))))))))))))))))))))))))))) 2006-09-21 12:53 40,973 ---hs---- C:\WINDOWS\system32\mljgecc.dll 2006-09-11 21:23 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll 2006-09-11 18:09 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll 2006-09-09 14:03 278,528 --a------ C:\WINDOWS\system32\livesnth.dll 2006-09-09 14:03 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll 2006-09-08 16:34 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2006-09-08 16:34 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2006-09-06 17:38 4,239,360 --a------ C:\WINDOWS\system32\qtp-mt334.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-21 21:24 0 --a--c--- C:\Documents and Settings\simon\Application Data\.googlewebacchosts 2006-09-21 16:28 -------- d-------- C:\Program Files\Common Files 2006-09-21 16:16 -------- d-------- C:\Documents and Settings\simon\Application Data\AVG7 2006-09-21 16:15 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-21 16:15 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-09-21 16:15 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-09-21 16:15 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-09-21 16:15 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-09-21 16:15 -------- d-------- C:\Program Files\Grisoft 2006-09-21 16:14 -------- d---s---- C:\Documents and Settings\simon\Application Data\Microsoft 2006-09-20 17:34 -------- d-------- C:\Documents and Settings\simon\Application Data\Lavasoft 2006-09-19 17:13 -------- d-------- C:\Program Files\PrintView 2006-09-12 17:48 -------- d-------- C:\Program Files\Simon Clarke's CV and Cover Letter 2006-09-11 21:23 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-11 18:10 -------- d-------- C:\Program Files\Common Files\InterVideo 2006-09-11 18:10 -------- d-------- C:\Documents and Settings\simon\Application Data\InterVideo 2006-09-11 18:09 -------- d-------- C:\Program Files\InterActual 2006-09-11 18:09 -------- d-------- C:\Program Files\Creative 2006-09-01 23:47 11973 --a--c--- C:\WINDOWS\system32\drivers\secdrv.sys 2006-08-25 20:26 -------- d-------- C:\Documents and Settings\simon\Application Data\PC Tools 2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 21:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-12 11:26 -------- d-------- C:\Program Files\Internet Explorer 2006-08-09 18:38 -------- d-------- C:\Program Files\Boinc 2006-08-08 15:06 -------- d-------- C:\Documents and Settings\simon\Application Data\SolidDocuments 2006-08-08 14:57 -------- d-------- C:\Documents and Settings\simon\Application Data\CTdeveloping 2006-08-05 12:50 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-08-05 11:56 -------- d-------- C:\Documents and Settings\simon\Application Data\com.codeode 2006-08-02 14:35 -------- d-------- C:\Program Files\Google 2006-07-29 19:38 -------- d-------- C:\Program Files\Common Files\Services 2006-07-28 01:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll 2006-07-24 15:14 -------- d-------- C:\Program Files\Online Services 2006-07-21 20:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll 2006-06-22 17:06 69120 --a--c--- C:\WINDOWS\system32\ciodm.dll 2006-06-22 17:06 1435648 --a--c--- C:\WINDOWS\system32\query.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="\"C:\\Applications\\FreeRAM XP Pro 1.51\\FreeRAM XP Pro.exe\" -win" "RoboForm"="\"C:\\Applications\\Roboform\\RoboTaskBarIcon.exe\"" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "NoDispCPL"=dword:00000000 "NoDispAppearancePage"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispSettingsPage"=dword:00000000 "NoDispScrSavPage"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoCDBurning"=dword:00000000 "NoActiveDesktop"=dword:00000000 "NoViewContextMenu"=dword:00000000 "NoWinKeys"=dword:00000000 "NoShellSearchButton"=dword:00000000 "NoFileAssociate"=dword:00000000 "NoFileMenu"=dword:00000000 "NoFolderOptions"=dword:00000000 "NoFind"=dword:00000000 "NoRun"=dword:00000000 "NoClose"=dword:00000000 "NoCommonGroups"=dword:00000000 "NoRecentDocsHistory"=dword:00000001 "ClearRecentDocsOnExit"=dword:00000000 "NoSimpleStartMenu"=dword:00000000 "HideClock"=dword:00000000 "NoToolbarsOnTaskbar"=dword:00000000 "NoTrayItemsDisplay"=dword:00000000 "StartMenuLogoff"=dword:00000000 "NoSMHelp"=dword:00000000 "NoTrayContextMenu"=dword:00000000 "NoControlPanel"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\APPLIC~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk] "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MI1933~1\\Office\\OSA9.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\APPLIC~1\\WINZIP~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgcc" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus Photo R210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="E_S4I3H2" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB001\" /M \"Stylus Photo R210\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ImInstaller_IncrediMail] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="incredimail_install[1]" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDLL32" "hkey"="HKLM" "command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NVRTCLK] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NVRTClk" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTAVApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCTAV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spam Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpamMonitor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnlockerAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UnlockerAssistant" "hkey"="HKLM" "command"="\"C:\\Applications\\Unlocker\\UnlockerAssistant.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services] "Avg7UpdSvc"=dword:00000002 "Avg7Alrt"=dword:00000002 "AVGEMS"=dword:00000002 "Macromedia Licensing Service"=dword:00000003 "Adobe LM Service"=dword:00000003 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Click Maintenance.job Completion time: 06-09-22 12:08:05.25 ComboFix.txt ComboFix2.txt |
|
|
|
|
09-22-2006, 12:30 AM
|
#18 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
Computer update...
My PC seems better. I do spyware scans and it keeps finding a cookies that have a low threat. I have been using AVG and trendmicro and they show little signs, if any, of infections. can't help but feel my pc is little slow (programs take a little longer to start etc).Any suggestions will be welcomed.
|
|
|
|
|
09-22-2006, 06:04 AM
|
#19 (permalink) | |||
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,265
OS: N/A
|
Quote:
Quote:
From Windows Explorer, go to Tools → Folder Options → View tab.
* * * Quote:
__________________
|
|||
|
|
|
|
09-22-2006, 04:44 PM
|
#20 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 46
OS: XP
|
I deleted the file mljgecc.dll. Here is the latest combofix report...
simon - 06-09-23 11:41:59.35 Service Pack 2
ComboFix 06.09.20 - Running from: "C:\Documents and Settings\simon\Desktop\Net Help" Command switches used :: ((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 )))))))))))))))))))))))))))))))))) 2006-09-22 17:11 0 --a------ C:\WINDOWS\system32\sys_dll.dll 2006-09-11 21:23 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll 2006-09-11 18:09 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll 2006-09-09 14:03 278,528 --a------ C:\WINDOWS\system32\livesnth.dll 2006-09-09 14:03 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll 2006-09-08 16:34 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2006-09-08 16:34 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2006-09-06 17:38 4,239,360 --a------ C:\WINDOWS\system32\qtp-mt334.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-22 20:14 0 --a--c--- C:\Documents and Settings\simon\Application Data\.googlewebacchosts 2006-09-22 18:09 -------- d-------- C:\Program Files\Microsoft Bootvis 2006-09-21 16:28 -------- d-------- C:\Program Files\Common Files 2006-09-21 16:16 -------- d-------- C:\Documents and Settings\simon\Application Data\AVG7 2006-09-21 16:15 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-21 16:15 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-09-21 16:15 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-09-21 16:15 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-09-21 16:15 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-09-21 16:15 -------- d-------- C:\Program Files\Grisoft 2006-09-21 16:14 -------- d---s---- C:\Documents and Settings\simon\Application Data\Microsoft 2006-09-20 17:34 -------- d-------- C:\Documents and Settings\simon\Application Data\Lavasoft 2006-09-19 17:13 -------- d-------- C:\Program Files\PrintView 2006-09-12 17:48 -------- d-------- C:\Program Files\Simon Clarke's CV and Cover Letter 2006-09-11 21:23 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-11 18:10 -------- d-------- C:\Program Files\Common Files\InterVideo 2006-09-11 18:10 -------- d-------- C:\Documents and Settings\simon\Application Data\InterVideo 2006-09-11 18:09 -------- d-------- C:\Program Files\InterActual 2006-09-11 18:09 -------- d-------- C:\Program Files\Creative 2006-09-01 23:47 11973 --a--c--- C:\WINDOWS\system32\drivers\secdrv.sys 2006-08-25 20:26 -------- d-------- C:\Documents and Settings\simon\Application Data\PC Tools 2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 21:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-12 11:26 -------- d-------- C:\Program Files\Internet Explorer 2006-08-09 18:38 -------- d-------- C:\Program Files\Boinc 2006-08-08 15:06 -------- d-------- C:\Documents and Settings\simon\Application Data\SolidDocuments 2006-08-08 14:57 -------- d-------- C:\Documents and Settings\simon\Application Data\CTdeveloping 2006-08-05 12:50 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-08-05 11:56 -------- d-------- C:\Documents and Settings\simon\Application Data\com.codeode 2006-08-02 14:35 -------- d-------- C:\Program Files\Google 2006-07-29 19:38 -------- d-------- C:\Program Files\Common Files\Services 2006-07-28 01:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll 2006-07-24 15:14 -------- d-------- C:\Program Files\Online Services 2006-07-21 20:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="\"C:\\Applications\\FreeRAM XP Pro 1.51\\FreeRAM XP Pro.exe\" -win" "RoboForm"="\"C:\\Applications\\Roboform\\RoboTaskBarIcon.exe\"" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "NoDispCPL"=dword:00000000 "NoDispAppearancePage"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispSettingsPage"=dword:00000000 "NoDispScrSavPage"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoCDBurning"=dword:00000000 "NoActiveDesktop"=dword:00000000 "NoViewContextMenu"=dword:00000000 "NoWinKeys"=dword:00000000 "NoShellSearchButton"=dword:00000000 "NoFileAssociate"=dword:00000000 "NoFileMenu"=dword:00000000 "NoFolderOptions"=dword:00000000 "NoFind"=dword:00000000 "NoRun"=dword:00000000 "NoClose"=dword:00000000 "NoCommonGroups"=dword:00000000 "NoRecentDocsHistory"=dword:00000001 "ClearRecentDocsOnExit"=dword:00000000 "NoSimpleStartMenu"=dword:00000000 "HideClock"=dword:00000000 "NoToolbarsOnTaskbar"=dword:00000000 "NoTrayItemsDisplay"=dword:00000000 "StartMenuLogoff"=dword:00000000 "NoSMHelp"=dword:00000000 "NoTrayContextMenu"=dword:00000000 "NoControlPanel"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\APPLIC~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk] "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MI1933~1\\Office\\OSA9.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\APPLIC~1\\WINZIP~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgcc" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus Photo R210 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="E_S4I3H2" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB001\" /M \"Stylus Photo R210\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ImInstaller_IncrediMail] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="incredimail_install[1]" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDLL32" "hkey"="HKLM" "command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NVRTCLK] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NVRTClk" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTAVApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCTAV" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spam Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpamMonitor" "hkey"="HKCU" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnlockerAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UnlockerAssistant" "hkey"="HKLM" "command"="\"C:\\Applications\\Unlocker\\UnlockerAssistant.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services] "Avg7UpdSvc"=dword:00000002 "Avg7Alrt"=dword:00000002 "AVGEMS"=dword:00000002 "Macromedia Licensing Service"=dword:00000003 "Adobe LM Service"=dword:00000003 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Click Maintenance.job Completion time: 06-09-23 11:42:39.79 ComboFix.txt |
|
|
|
| Thread Tools | |
|
|
