Spyware keeps coming back!!!

[batman321]

Hi there,

Below the line is a log file from "Hijackthis" showing my system processes. I have a spyware problem. I run spyware doctor, and many other spyware programs to help get rid of the spyware. But everytime I do a spyware scan, the spyware shows up on the next scan. I have tried running the scan in safe mode, but no difference. Cheers in advance.

-------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:44:41 AM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Applications\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\{1421B616-0BB7-1033-0624-050419050001}\Update.exe
C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe
C:\Applications\Roboform\RoboTaskBarIcon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Applications\Spyware Doctor 4\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Applications\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warez.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe"
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[sUBs]

Please rename Hijackthis.exe

It's currently located at C:\Applications\Hijack This\HijackThis.exe

Rename it from Hijackthis.exe to HJT.exe

Then post a fresh Hijackthis log & tell me what type of antivirus program you have installed

[batman321]

The antivirus software I have been using is:

Spyware Doctor
Ad-Aware SE Personal Edition
Trend Micro HouseCall Online Scanner
Spybot - Search and Destroy
Registry Mechanic

I have yet to use AVG.

Below is the new logfile after I renamed Hijackthis.

-----------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:15:22 PM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Applications\Spyware Doctor 4\sdhelp.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe
C:\Applications\Roboform\RoboTaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Applications\Mozilla Firefox\firefox.exe
C:\Applications\Hijack This\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Applications\Spybot\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\APPLIC~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {97A7E50D-063B-49AF-8A83-37ADE5620F9C} - blank (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\hhvnbyac.dll
O2 - BHO: (no name) - {B9607164-34C2-42F9-A810-A94D733791F8} - C:\WINDOWS\system32\jkkjh.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\vtuttqn.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spyware Doctor] "C:\Applications\Spyware Doctor 4\swdoctor.exe" /RM /FS /X
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll
O20 - Winlogon Notify: vtuttqn - C:\WINDOWS\SYSTEM32\vtuttqn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[sUBs]

* Spyware Doctor - antispyware program. Not antivirus.

* Ad-Aware SE Personal Edition - antispyware program. Not antivirus.

* Spybot - Search and Destroy - antispyware program. Not antivirus.

* Registry Mechanic - This is merely a registry optimizer

* Trend Micro HouseCall Online Scanner - Antivirus... but does not provide any realtime protection


If I provide you with a freeware antivirus, are you willling to install & maintain it?
Take note that your answer shall determine my next course of action.

[batman321]

Cheers

[sUBs]

Let's get rid of the infections first before installing the AV program.


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {97A7E50D-063B-49AF-8A83-37ADE5620F9C} - blank (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


* * * * * *


1. Download this file using either of these links

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop







2. Go to Start → Run → paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /v jkkjh vtuttqn unaoakg hhvnbyac

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[batman321]

I removed 5 of the 7 items in HJT. 2 items were not found by HJT(see below):

(item not found #1 )
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll

(item not found #2)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll

Below is the logfile created by HJT(most recent):

-------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 16:32, on 06-09-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Applications\Spyware Doctor 4\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe
C:\Applications\Roboform\RoboTaskBarIcon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Applications\Mozilla Firefox\firefox.exe
C:\Applications\Hijack This\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Applications\Spybot\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\APPLIC~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--------------------------------------------------------------------------

Below is the logfile created by Combo Fix:

-----------------------------------------------------------------------------

simon - 06-09-21 16:27:39.98 Service Pack 2
ComboFix 06.09.20 - Running from: "C:\Documents and Settings\simon\desktop"
Command switches used :: /v jkkjh vtuttqn unaoakg hhvnbyac

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\vtuttqn.dll
C:\WINDOWS\system32\unaoakg.dll
C:\WINDOWS\system32\hhvnbyac.dll
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ishost.exe
C:\Program Files\ToolBar888
C:\Program Files\winupdates
C:\Program Files\Common Files\{1421B616-0BB7-1033-0624-050419050001}


((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 ))))))))))))))))))))))))))))))))))


2006-09-21 12:53 40,973 ---hs---- C:\WINDOWS\system32\mljgecc.dll
2006-09-21 11:00 40,973 ---hs---- C:\WINDOWS\system32\jkklllm.dll
2006-09-20 18:12 40,973 ---hs---- C:\WINDOWS\system32\byxussp.dll
2006-09-20 16:26 40,973 ---hs---- C:\WINDOWS\system32\ljjkkli.dll
2006-09-20 14:21 40,973 ---hs---- C:\WINDOWS\system32\vtuuutq.dll
2006-09-19 16:58 40,973 ---hs---- C:\WINDOWS\system32\khffgfg.dll
2006-09-19 16:31 94,208 --a------ C:\WINDOWS\system32\uhvjsul.dll
2006-09-19 13:27 40,973 ---hs---- C:\WINDOWS\system32\tuvsrsq.dll
2006-09-19 13:26 18,944 --a------ C:\WINDOWS\system32\winbug32.dll
2006-09-18 15:46 766,804 ---hs---- C:\WINDOWS\system32\hjllm.bak2
2006-09-16 21:03 749,055 ---hs---- C:\WINDOWS\system32\hjllm.bak1
2006-09-16 20:52 281,943 --a------ C:\WINDOWS\system32\pmnlm.dll
2006-09-16 20:41 40,973 ---hs---- C:\WINDOWS\system32\ljjkkji.dll
2006-09-11 21:23 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2006-09-11 18:09 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2006-09-09 14:11 45,056 --a--c--- C:\WINDOWS\system32\wnaspi32.dll
2006-09-09 14:03 278,528 --a------ C:\WINDOWS\system32\livesnth.dll
2006-09-09 14:03 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2006-09-08 16:34 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-08 16:34 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-06 17:38 4,239,360 --a------ C:\WINDOWS\system32\qtp-mt334.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-21 16:28 -------- d-------- C:\Program Files\Common Files
2006-09-21 16:16 -------- d-------- C:\Documents and Settings\simon\Application Data\AVG7
2006-09-21 16:15 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-21 16:15 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-21 16:15 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-21 16:15 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-21 16:15 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-21 16:15 -------- d-------- C:\Program Files\Grisoft
2006-09-21 16:14 -------- d---s---- C:\Documents and Settings\simon\Application Data\Microsoft
2006-09-21 15:12 36 --a--c--- C:\Documents and Settings\simon\Application Data\.googlewebacchosts
2006-09-20 17:34 -------- d-------- C:\Documents and Settings\simon\Application Data\Lavasoft
2006-09-19 17:13 -------- d-------- C:\Program Files\PrintView
2006-09-16 19:51 -------- d-------- C:\Program Files\strCodec
2006-09-12 17:48 -------- d-------- C:\Program Files\Simon Clarke's CV and Cover Letter
2006-09-11 21:23 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-11 18:10 -------- d-------- C:\Program Files\Common Files\InterVideo
2006-09-11 18:10 -------- d-------- C:\Documents and Settings\simon\Application Data\InterVideo
2006-09-11 18:09 -------- d-------- C:\Program Files\InterActual
2006-09-11 18:09 -------- d-------- C:\Program Files\Creative
2006-09-01 23:47 11973 --a--c--- C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-25 20:26 -------- d-------- C:\Documents and Settings\simon\Application Data\PC Tools
2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 21:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-12 11:26 -------- d-------- C:\Program Files\Internet Explorer
2006-08-09 18:38 -------- d-------- C:\Program Files\Boinc
2006-08-08 15:06 -------- d-------- C:\Documents and Settings\simon\Application Data\SolidDocuments
2006-08-08 14:57 -------- d-------- C:\Documents and Settings\simon\Application Data\CTdeveloping
2006-08-05 12:50 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-05 11:56 -------- d-------- C:\Documents and Settings\simon\Application Data\com.codeode
2006-08-02 14:35 -------- d-------- C:\Program Files\Google
2006-07-29 19:38 -------- d-------- C:\Program Files\Common Files\Services
2006-07-28 01:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-07-24 15:14 -------- d-------- C:\Program Files\Online Services
2006-07-21 20:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll
2006-06-22 17:06 69120 --a--c--- C:\WINDOWS\system32\ciodm.dll
2006-06-22 17:06 1435648 --a--c--- C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="\"C:\\Applications\\FreeRAM XP Pro 1.51\\FreeRAM XP Pro.exe\" -win"
"RoboForm"="\"C:\\Applications\\Roboform\\RoboTaskBarIcon.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispCPL"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoCDBurning"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoWinKeys"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoFileAssociate"=dword:00000000
"NoFileMenu"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoFind"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"HideClock"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"StartMenuLogoff"=dword:00000000
"NoSMHelp"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"NoControlPanel"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\APPLIC~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\APPLIC~1\\WINZIP~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus Photo R210 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I3H2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB001\" /M \"Stylus Photo R210\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ImInstaller_IncrediMail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="incredimail_install[1]"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NVRTCLK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVRTClk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTAVApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCTAV"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spam Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpamMonitor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnlockerAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UnlockerAssistant"
"hkey"="HKLM"
"command"="\"C:\\Applications\\Unlocker\\UnlockerAssistant.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WebAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="webxl"
"hkey"="HKLM"
"command"="\"C:\\Applications\\Web Accelerator 1.9\\webxl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002
"AVGEMS"=dword:00000002
"Macromedia Licensing Service"=dword:00000003
"Adobe LM Service"=dword:00000003


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: 06-09-21 16:30:19.53
ComboFix.txt

--------------------------------------------------------------------------

Should that have fixed it? I will run AVG in safe-mode.

Any suggestions/solutions are welcome.

[sUBs]

Carry out the following tasks in the order as I laid out.


Uninstall this program - strCodec

* * * * * *


Download & launch KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)





Select the following option - delete on Reboot
Use your mouse to select all the filenames listed below & then right-click & select Copy

• C:\WINDOWS\system32\mljgecc.dll
  C:\WINDOWS\system32\jkklllm.dll
  C:\WINDOWS\system32\byxussp.dll
  C:\WINDOWS\system32\ljjkkli.dll
  C:\WINDOWS\system32\vtuuutq.dll
  C:\WINDOWS\system32\khffgfg.dll
  C:\WINDOWS\system32\uhvjsul.dll
  C:\WINDOWS\system32\tuvsrsq.dll
  C:\WINDOWS\system32\winbug32.dll
  C:\WINDOWS\system32\hjllm.bak2
  C:\WINDOWS\system32\hjllm.bak1
  C:\WINDOWS\system32\pmnlm.dll
  C:\WINDOWS\system32\ljjkkji.dll
  C:\WINDOWS\system32\wnaspi32.dll

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


* * * * * *


On the reboot, delete this folder - C:\Program Files\strCodec


Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WebAccelerator]

Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry


* * * * * *


Next, perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[batman321]

Logfile of HijackThis v1.99.1
Scan saved at 19:38, on 06-09-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Applications\Spyware Doctor 4\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe
C:\Applications\Roboform\RoboTaskBarIcon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Applications\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Applications\Hijack This\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Applications\Spybot\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\APPLIC~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[batman321]

I can't copy and paste the Kaspersky Report because the browser freezes and has to be restarted. What is your email address? I can send it as an attachment instead. My PC still has infections and my broadband runs 70% of the time.

[batman321]

I am sending the Kaspersky Report to the email: support@techsupportforum.com. I hope you get it seeing as my broadband can be unstable at times.

[sUBs]

Attach the report in your next reply. Try zipping it up to minimise it's filesize

[batman321]

see attachment...

[sUBs]

The log results only looks scary. It's not that bad. :)

Delete this folder - C:\Documents and Settings\simon\.housecall\Quarantine\

Then, have Killbox delete this file - C:\WINDOWS\system32\mljgecc.dll


On the reboot, clear system restore's cache (System Volume Information folder)
by doing this...
Go to Start → Run → type control sysdm.cpl,,4 & press Enter

• Tick on the checkbox - Turn off System Restore on all drives
• Click Apply

Turn it back 'On' by unticking the same checkbox & click OK


That basically removes all the infected files found by Kspersky.
Let me know how that went

[batman321]

This file does not exist on my PC: C:\WINDOWS\system32\mljgecc.dll

I don't have a system32 folder either. I turned off then on system restore using the commands you gave me.

I have been doing AVG scans but it finds hardly any viruses/trojans. Spyware doctor keeps finding 10-30 spywares on each scan. Some virus/spyware replicates itself on deletion. clever!


-------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:19, on 06-09-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Applications\Spyware Doctor 4\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe
C:\Applications\Roboform\RoboTaskBarIcon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Applications\Spyware Doctor 4\swdoctor.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Applications\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Applications\Hijack This\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Applications\Spybot\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\APPLIC~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Applications\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Applications\FreeRAM XP Pro 1.51\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [RoboForm] "C:\Applications\Roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Customize Menu - file://C:\Applications\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Applications\MPEG Joiner\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Applications\MPEG Joiner\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Applications\MPEG Joiner\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Applications\MPEG Joiner\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Applications\Roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\APPLIC~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Applications\Roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Applications\Roboform\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Applications\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Applications\Spyware Doctor 4\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[sUBs]

Please double click on combofix & then show me the log it produces

[batman321]

simon - 06-09-22 12:07:10.62 Service Pack 2
ComboFix 06.09.20 - Running from: "C:\Documents and Settings\simon\Desktop"
Command switches used ::

((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))


2006-09-21 12:53 40,973 ---hs---- C:\WINDOWS\system32\mljgecc.dll
2006-09-11 21:23 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2006-09-11 18:09 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2006-09-09 14:03 278,528 --a------ C:\WINDOWS\system32\livesnth.dll
2006-09-09 14:03 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2006-09-08 16:34 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-08 16:34 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-06 17:38 4,239,360 --a------ C:\WINDOWS\system32\qtp-mt334.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-21 21:24 0 --a--c--- C:\Documents and Settings\simon\Application Data\.googlewebacchosts
2006-09-21 16:28 -------- d-------- C:\Program Files\Common Files
2006-09-21 16:16 -------- d-------- C:\Documents and Settings\simon\Application Data\AVG7
2006-09-21 16:15 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-21 16:15 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-21 16:15 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-21 16:15 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-21 16:15 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-21 16:15 -------- d-------- C:\Program Files\Grisoft
2006-09-21 16:14 -------- d---s---- C:\Documents and Settings\simon\Application Data\Microsoft
2006-09-20 17:34 -------- d-------- C:\Documents and Settings\simon\Application Data\Lavasoft
2006-09-19 17:13 -------- d-------- C:\Program Files\PrintView
2006-09-12 17:48 -------- d-------- C:\Program Files\Simon Clarke's CV and Cover Letter
2006-09-11 21:23 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-11 18:10 -------- d-------- C:\Program Files\Common Files\InterVideo
2006-09-11 18:10 -------- d-------- C:\Documents and Settings\simon\Application Data\InterVideo
2006-09-11 18:09 -------- d-------- C:\Program Files\InterActual
2006-09-11 18:09 -------- d-------- C:\Program Files\Creative
2006-09-01 23:47 11973 --a--c--- C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-25 20:26 -------- d-------- C:\Documents and Settings\simon\Application Data\PC Tools
2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 21:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-12 11:26 -------- d-------- C:\Program Files\Internet Explorer
2006-08-09 18:38 -------- d-------- C:\Program Files\Boinc
2006-08-08 15:06 -------- d-------- C:\Documents and Settings\simon\Application Data\SolidDocuments
2006-08-08 14:57 -------- d-------- C:\Documents and Settings\simon\Application Data\CTdeveloping
2006-08-05 12:50 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-05 11:56 -------- d-------- C:\Documents and Settings\simon\Application Data\com.codeode
2006-08-02 14:35 -------- d-------- C:\Program Files\Google
2006-07-29 19:38 -------- d-------- C:\Program Files\Common Files\Services
2006-07-28 01:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-07-24 15:14 -------- d-------- C:\Program Files\Online Services
2006-07-21 20:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll
2006-06-22 17:06 69120 --a--c--- C:\WINDOWS\system32\ciodm.dll
2006-06-22 17:06 1435648 --a--c--- C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="\"C:\\Applications\\FreeRAM XP Pro 1.51\\FreeRAM XP Pro.exe\" -win"
"RoboForm"="\"C:\\Applications\\Roboform\\RoboTaskBarIcon.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispCPL"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoCDBurning"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoWinKeys"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoFileAssociate"=dword:00000000
"NoFileMenu"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoFind"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"HideClock"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"StartMenuLogoff"=dword:00000000
"NoSMHelp"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"NoControlPanel"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\APPLIC~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\APPLIC~1\\WINZIP~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus Photo R210 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I3H2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB001\" /M \"Stylus Photo R210\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ImInstaller_IncrediMail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="incredimail_install[1]"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NVRTCLK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVRTClk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTAVApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCTAV"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spam Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpamMonitor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnlockerAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UnlockerAssistant"
"hkey"="HKLM"
"command"="\"C:\\Applications\\Unlocker\\UnlockerAssistant.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002
"AVGEMS"=dword:00000002
"Macromedia Licensing Service"=dword:00000003
"Adobe LM Service"=dword:00000003


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: 06-09-22 12:08:05.25
ComboFix.txt
ComboFix2.txt

[batman321]

My PC seems better. I do spyware scans and it keeps finding a cookies that have a low threat. I have been using AVG and trendmicro and they show little signs, if any, of infections. can't help but feel my pc is little slow (programs take a little longer to start etc).Any suggestions will be welcomed.

[sUBs]

Quote:

This file does not exist on my PC: C:\WINDOWS\system32\mljgecc.dll

From combofix's log . . .

Quote:

2006-09-21 12:53 40,973 ---hs---- C:\WINDOWS\system32\mljgecc.dll

It does exist. Have you enabled the viewing of hidden + system files?

From Windows Explorer, go to Tools → Folder Options → View tab.

• Tick - 'Show hidden files and folder'
• Untick - 'Hide file extensions for known types'
• Untick - 'Hide protected operating system files'
• Click Yes to confirm & then click OK

* * *

Quote:

feel my pc is little slow (programs take a little longer to start etc).Any suggestions will be welcomed.

Have you installed any new programs the past few days?

[batman321]

simon - 06-09-23 11:41:59.35 Service Pack 2
ComboFix 06.09.20 - Running from: "C:\Documents and Settings\simon\Desktop\Net Help"
Command switches used ::

((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))


2006-09-22 17:11 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2006-09-11 21:23 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2006-09-11 18:09 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2006-09-09 14:03 278,528 --a------ C:\WINDOWS\system32\livesnth.dll
2006-09-09 14:03 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2006-09-08 16:34 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-08 16:34 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-06 17:38 4,239,360 --a------ C:\WINDOWS\system32\qtp-mt334.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-22 20:14 0 --a--c--- C:\Documents and Settings\simon\Application Data\.googlewebacchosts
2006-09-22 18:09 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-21 16:28 -------- d-------- C:\Program Files\Common Files
2006-09-21 16:16 -------- d-------- C:\Documents and Settings\simon\Application Data\AVG7
2006-09-21 16:15 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-21 16:15 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-21 16:15 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-21 16:15 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-21 16:15 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-21 16:15 -------- d-------- C:\Program Files\Grisoft
2006-09-21 16:14 -------- d---s---- C:\Documents and Settings\simon\Application Data\Microsoft
2006-09-20 17:34 -------- d-------- C:\Documents and Settings\simon\Application Data\Lavasoft
2006-09-19 17:13 -------- d-------- C:\Program Files\PrintView
2006-09-12 17:48 -------- d-------- C:\Program Files\Simon Clarke's CV and Cover Letter
2006-09-11 21:23 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-11 18:10 -------- d-------- C:\Program Files\Common Files\InterVideo
2006-09-11 18:10 -------- d-------- C:\Documents and Settings\simon\Application Data\InterVideo
2006-09-11 18:09 -------- d-------- C:\Program Files\InterActual
2006-09-11 18:09 -------- d-------- C:\Program Files\Creative
2006-09-01 23:47 11973 --a--c--- C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-25 20:26 -------- d-------- C:\Documents and Settings\simon\Application Data\PC Tools
2006-08-22 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 21:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-12 11:26 -------- d-------- C:\Program Files\Internet Explorer
2006-08-09 18:38 -------- d-------- C:\Program Files\Boinc
2006-08-08 15:06 -------- d-------- C:\Documents and Settings\simon\Application Data\SolidDocuments
2006-08-08 14:57 -------- d-------- C:\Documents and Settings\simon\Application Data\CTdeveloping
2006-08-05 12:50 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-05 11:56 -------- d-------- C:\Documents and Settings\simon\Application Data\com.codeode
2006-08-02 14:35 -------- d-------- C:\Program Files\Google
2006-07-29 19:38 -------- d-------- C:\Program Files\Common Files\Services
2006-07-28 01:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-07-24 15:14 -------- d-------- C:\Program Files\Online Services
2006-07-21 20:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="\"C:\\Applications\\FreeRAM XP Pro 1.51\\FreeRAM XP Pro.exe\" -win"
"RoboForm"="\"C:\\Applications\\Roboform\\RoboTaskBarIcon.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispCPL"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoCDBurning"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoWinKeys"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoFileAssociate"=dword:00000000
"NoFileMenu"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoFind"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"HideClock"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"StartMenuLogoff"=dword:00000000
"NoSMHelp"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"NoControlPanel"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\APPLIC~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\APPLIC~1\\WINZIP~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus Photo R210 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I3H2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB001\" /M \"Stylus Photo R210\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ImInstaller_IncrediMail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="incredimail_install[1]"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NVRTCLK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVRTClk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTAVApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCTAV"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spam Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpamMonitor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnlockerAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UnlockerAssistant"
"hkey"="HKLM"
"command"="\"C:\\Applications\\Unlocker\\UnlockerAssistant.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002
"AVGEMS"=dword:00000002
"Macromedia Licensing Service"=dword:00000003
"Adobe LM Service"=dword:00000003


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: 06-09-23 11:42:39.79
ComboFix.txt