Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

multiple iexplore.exe instances in task manager?


  • This topic is locked This topic is locked

#1
fortuitous

fortuitous

    Member

  • Member
  • PipPip
  • 99 posts
Logfile of HijackThis v1.99.1
Scan saved at 17:26:54, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1164877270\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLServiceHost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VC Poker\client.exe
C:\media\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.firstadsol...om/rw?title=New offer!&qs=iframe3?Rw4AAMYwAAASfAEA55IAAAIAAAAAAP8AAAAEEAICAANfzgAAdycAABnnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjE2HyvY.AAAW8iFoA0AAABASX2P-PwAAyEIt4AlAAAAAAAAAAAAAABBHhecTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATbD7TK6RtgFgJuxAB8MY.hBh2EK4cniAEvnFMwAAAAA=,,http://netsearchsoft.com/ads/ads.html (obfuscated)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164877270\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.04\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: VCStudentPoker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCSTUD~1\client.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} (DrsDnld Control) - http://www.mathcentr...rsDnldProj1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7910869A-66BF-4079-95FA-69DC7044C33C}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

theres the log file, dosent make much sence to me. please help me get this sorted. thanks in advance Bob
  • 0

Advertisements


#2
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome. :whistling:

Open HijackThis and put a check next to these:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = offer!&qs=iframe3? Rw4AAMYwAAASfAEA55IAAAIAAAAAAP8AAAAEEAICAANfzgAAdycAABnnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjE2HyvY.AAAW8iFoA0AAABASX2P- PwAAyEIt4AlAAAAAAAAAAAAAABBHhecTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATbD7TK6RtgFgJuxAB8MY.hBh2EK4cniAEvnFMwAAAAA=,,http://netsearchsoft.com/ads/ads.html (obfuscated)

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)


Click "Fix Checked" and close HJT.

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
  • 0

#3
fortuitous

fortuitous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
many thanks, here are the new logs

Bob - 07-01-02 20:21:37.96 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-12-02 to 2007-01-02 ))))))))))))))))))))))))))))))))))


2007-01-02 16:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-02 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-02 16:51 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\SUPERAntiSpyware.com
2007-01-01 21:26 20,480 --a------ C:\WINDOWS\system32\[email protected]@@k.DLL
2007-01-01 20:46 <DIR> d-------- C:\My Music
2007-01-01 20:37 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2006-12-28 15:12 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.04
2006-12-28 14:26 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2006-12-28 12:43 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2006-12-28 12:43 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2006-12-28 12:43 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-12-28 12:43 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2006-12-28 12:43 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2006-12-28 12:43 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2006-12-28 12:43 152,064 --a------ C:\WINDOWS\system32\unrar.dll
2006-12-28 12:43 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2006-12-28 12:43 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2006-12-28 12:43 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2006-12-28 12:43 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2006-12-28 12:43 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2006-12-27 00:03 <DIR> d-------- C:\Program Files\3Puzzles
2006-12-24 18:05 <DIR> d-------- C:\Program Files\Deluxe Snake
2006-12-24 18:04 <DIR> d-------- C:\Program Files\Strike
2006-12-22 20:25 231,936 --a------ C:\WINDOWS\UNINST16.EXE
2006-12-22 20:25 <DIR> d-------- C:\DTTOYS
2006-12-22 20:09 <DIR> d--h----- C:\WINDOWS\PIF
2006-12-22 20:09 <DIR> d-------- C:\Program Files\Charlie II
2006-12-22 20:08 <DIR> d-------- C:\Program Files\Rtab
2006-12-21 14:35 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-12-21 14:34 95,424 --a------ C:\WINDOWS\system32\drivers\slnthal.sys
2006-12-21 14:34 73,832 --a------ C:\WINDOWS\system32\slcoinst.dll
2006-12-21 14:34 73,796 --a------ C:\WINDOWS\system32\slserv.exe
2006-12-21 14:34 32,866 --a------ C:\WINDOWS\slrundll.exe
2006-12-21 14:34 286,792 --a------ C:\WINDOWS\system32\slextspk.dll
2006-12-21 14:34 188,508 --a------ C:\WINDOWS\system32\slgen.dll
2006-12-21 14:34 180,360 --a------ C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-12-21 14:34 13,776 --a------ C:\WINDOWS\system32\drivers\RecAgent.sys
2006-12-21 14:34 13,240 --a------ C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-12-21 14:34 129,535 --a------ C:\WINDOWS\system32\drivers\slnt7554.sys
2006-12-21 14:34 126,686 --a------ C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-12-21 14:34 1,309,184 --a------ C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-12-21 00:40 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-12-19 23:12 <DIR> d-------- C:\Program Files\Inter Action
2006-12-19 19:47 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2006-12-19 19:47 <DIR> d-------- C:\Program Files\Bingo Palace UK
2006-12-19 12:39 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-12-19 12:39 <DIR> d-------- C:\Program Files\Registry Mechanic
2006-12-19 00:25 <DIR> d-------- C:\Program Files\The Breakdown
2006-12-18 19:18 <DIR> d-------- C:\Program Files\Vodei
2006-12-17 18:42 <DIR> dr-h----- C:\Documents and Settings\Bob\Recent
2006-12-17 12:57 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-17 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2006-12-17 12:29 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-17 12:28 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-17 12:28 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-17 12:28 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-17 12:28 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-17 12:28 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-17 12:28 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-17 12:27 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2006-12-17 12:27 <DIR> d-------- C:\Program Files\IVT Corporation
2006-12-16 22:14 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-12-15 12:47 139,264 --a------ C:\WINDOWS\system32\eax.dll
2006-12-15 12:47 <DIR> d-------- C:\Program Files\Creative
2006-12-15 12:32 319,488 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2006-12-15 12:32 <DIR> d-------- C:\Program Files\Mafia
2006-12-14 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-12-14 12:41 <DIR> d-------- C:\Program Files\EA Games
2006-12-13 15:32 <DIR> d-------- C:\Program Files\VCStudentPoker
2006-12-13 12:40 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Tenebril
2006-12-13 12:30 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2006-12-13 12:30 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2006-12-13 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2006-12-13 12:26 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-13 12:25 <DIR> d-------- C:\Program Files\CCleaner
2006-12-13 12:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-12-12 16:59 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Talkback
2006-12-09 22:55 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Leadertech
2006-12-09 22:46 <DIR> d-------- C:\Program Files\Mad Cars
2006-12-08 22:32 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\AdobeUM
2006-12-08 13:21 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-03 19:27 <DIR> d-------- C:\WINDOWS\PlayerStats
2006-12-03 19:27 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Big Slick!
2006-12-03 19:14 <DIR> d-------- C:\Program Files\VC Poker
2006-12-03 18:47 73,728 --------- C:\WINDOWS\system\CMedia.dll
2006-12-03 18:47 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2006-12-03 18:47 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-12-03 18:47 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2006-12-03 18:47 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-12-03 18:47 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2006-12-03 18:47 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2006-12-03 18:47 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2006-12-03 18:46 <DIR> d-------- C:\Program Files\PCI Audio Applications
2006-12-03 18:46 <DIR> d-------- C:\Program Files\C-Media
2006-12-03 18:44 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2006-12-03 18:44 377,358 --a------ C:\WINDOWS\system32\drivers\cmaudio.sys
2006-12-03 18:44 32,768 --a------ C:\WINDOWS\system32\cmnprop.dll
2006-12-03 18:44 139,264 --a------ C:\WINDOWS\cmuninst.exe
2006-12-03 18:44 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-12-03 18:44 1,855,488 --a------ C:\WINDOWS\mixer.exe
2006-12-03 17:17 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-12-02 22:27 <DIR> d-------- C:\Program Files\GustoSoft
2006-12-02 13:32 1,933,312 --a------ C:\WINDOWS\system32\cdintf250.dll
2006-12-02 13:32 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Intuit
2006-12-02 13:31 <DIR> d-------- C:\Program Files\Quicken
2006-12-02 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2006-12-02 13:27 <DIR> d-------- C:\Program Files\QuickSFV
2006-12-02 10:40 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-02 10:40 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-02 10:38 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-02 10:37 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-02 10:36 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-02 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-02 20:21 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-02 17:09 -------- d-------- C:\Documents and Settings\Bob\Application Data\Each Poke Surf
2007-01-02 16:51 -------- d-------- C:\Program Files\Common Files
2007-01-01 20:46 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-01-01 20:46 -------- d-------- C:\Program Files\Common Files\Real
2006-12-29 00:22 -------- d-------- C:\Documents and Settings\Bob\Application Data\Google
2006-12-29 00:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-29 00:21 -------- d-------- C:\Program Files\Google
2006-12-28 15:13 -------- d---s---- C:\Documents and Settings\Bob\Application Data\Microsoft
2006-12-27 19:24 -------- d-------- C:\Program Files\AOL Toolbar
2006-12-15 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-12-15 03:01 -------- d-------- C:\Program Files\Common Files\System
2006-12-14 12:47 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-10 14:10 -------- d-------- C:\Program Files\NetMeeting
2006-12-09 09:04 -------- d-------- C:\Program Files\Spyware Doctor
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-03 18:47 -------- d-------- C:\Program Files\Windows Media Player
2006-12-02 22:54 -------- d-------- C:\Program Files\AOL 9.0
2006-12-02 10:44 -------- d-------- C:\Program Files\Internet Explorer
2006-12-01 19:35 -------- d-------- C:\Documents and Settings\Bob\Application Data\Lavasoft
2006-12-01 19:14 -------- d-------- C:\Program Files\Lavasoft
2006-12-01 18:44 -------- d-------- C:\Documents and Settings\Bob\Application Data\PC Tools
2006-12-01 18:34 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-01 10:05 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-30 09:01 -------- d-------- C:\Program Files\Common Files\Scanner
2006-11-30 09:01 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-30 08:57 -------- d-------- C:\Program Files\AOL
2006-11-30 03:05 -------- d-------- C:\Program Files\Messenger
2006-11-29 16:02 -------- d-------- C:\Program Files\OUGOMessenger
2006-11-29 15:51 -------- d-------- C:\Program Files\Each Poke Surf
2006-11-28 14:56 -------- d--h----- C:\Documents and Settings\Bob\Application Data\GTek
2006-11-28 14:53 -------- d-------- C:\Documents and Settings\Bob\Application Data\Adobe
2006-11-28 14:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-28 14:46 -------- d-------- C:\Program Files\Common Files\L&H
2006-11-28 14:45 -------- d-------- C:\Program Files\Microsoft.NET
2006-11-28 14:45 -------- d-------- C:\Program Files\Microsoft Works
2006-11-28 14:45 -------- d-------- C:\Program Files\Microsoft Office
2006-11-28 14:45 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-11-28 14:45 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-11-28 14:44 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-11-28 14:35 -------- d-------- C:\Program Files\BitComet
2006-11-28 14:31 -------- d-------- C:\Program Files\WinRAR
2006-11-28 14:27 -------- d-------- C:\Program Files\Grisoft
2006-11-28 14:20 -------- d-------- C:\Program Files\XP Codec Pack
2006-11-28 14:20 -------- d-------- C:\Program Files\PowerISO
2006-11-28 14:18 -------- d-------- C:\Program Files\MSN Messenger
2006-11-28 14:16 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-28 14:15 -------- d-------- C:\Program Files\Adobe
2006-11-28 14:11 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-28 14:11 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-28 14:11 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-28 14:11 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-28 14:11 18240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-28 14:11 -------- d-------- C:\Documents and Settings\Bob\Application Data\AVG7
2006-11-28 14:10 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-28 13:57 -------- d-------- C:\Program Files\Zone Labs
2006-11-28 13:51 -------- d-------- C:\Documents and Settings\Bob\Application Data\Mozilla
2006-11-28 13:45 -------- d-------- C:\Program Files\AOL Companion
2006-11-28 13:45 -------- d-------- C:\Documents and Settings\Bob\Application Data\Macromedia
2006-11-28 13:42 -------- d-------- C:\Program Files\VoyagerTest
2006-11-28 13:42 -------- d-------- C:\Program Files\Common Files\FTL Shared
2006-11-28 13:42 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-11-28 13:41 -------- d-------- C:\Program Files\VoyagerModem105Drivers
2006-11-28 13:36 -------- d-------- C:\Program Files\Viewpoint
2006-11-28 13:36 -------- d-------- C:\Program Files\QuickTime
2006-11-28 13:36 -------- d-------- C:\Program Files\Learn2.com
2006-11-28 13:36 -------- d-------- C:\Program Files\Common Files\aolshare
2006-11-28 13:36 -------- d-------- C:\Program Files\Common Files\aolback
2006-11-28 13:36 -------- d-------- C:\Documents and Settings\Bob\Application Data\You've Got Pictures Screensaver
2006-11-28 13:36 -------- d-------- C:\Documents and Settings\Bob\Application Data\AOL
2006-11-28 13:35 -------- d-------- C:\Program Files\Real
2006-11-28 13:35 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-11-28 13:23 -------- d-------- C:\Program Files\Broadcom
2006-11-28 13:21 -------- d-------- C:\Program Files\Intel
2006-11-28 13:20 -------- d-------- C:\Program Files\Analog Devices
2006-11-28 13:17 -------- d-------- C:\Program Files\Dell
2006-11-27 18:36 -------- d--h----- C:\Program Files\Uninstall Information
2006-11-27 18:36 -------- d-------- C:\Documents and Settings\Bob\Application Data\Identities
2006-11-27 18:05 -------- d-------- C:\Program Files\xerox
2006-11-27 18:05 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-27 18:04 0 -rahs---- C:\MSDOS.SYS
2006-11-27 18:04 0 -rahs---- C:\IO.SYS
2006-11-27 18:04 0 --a------ C:\CONFIG.SYS
2006-11-27 18:04 0 --a------ C:\AUTOEXEC.BAT
2006-11-27 18:03 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-27 18:02 -------- d-------- C:\Program Files\Movie Maker
2006-11-27 18:02 -------- d-------- C:\Program Files\Common Files\Services
2006-11-27 18:02 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-11-27 18:01 -------- d-------- C:\Program Files\ComPlus Applications
2006-11-27 18:00 -------- d-------- C:\Program Files\Windows NT
2006-11-27 18:00 -------- d-------- C:\Program Files\Online Services
2006-11-27 18:00 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-27 18:00 -------- d-------- C:\Program Files\MSN
2006-11-27 17:28 62 --ahs---- C:\Documents and Settings\Bob\Application Data\desktop.ini
2006-11-27 17:28 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-27 17:28 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-06 08:28 30988 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 12:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 12:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1164877270\\ee\\AOLHostManager.exe"
"C-Media Mixer"="Mixer.exe /startup"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"RegistryMechanic"=""
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070102-202048-715
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
backup-20070102-202048-329
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.firstadsol...om/rw?title=New offer!&qs=iframe3?Rw4AAMYwAAASfAEA55IAAAIAAAAAAP8AAAAEEAICAANfzgAAdycAABnnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjE2HyvY.AAAW8iFoA0AAABASX2P-PwAAyEIt4AlAAAAAAAAAAAAAABBHhecTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATbD7TK6RtgFgJuxAB8MY.hBh2EK4cniAEvnFMwAAAAA=,,http://netsearchsoft.com/ads/ads.html (obfuscated)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A4C2BE4E91ED30BE.job

Completion time: 07-01-02 20:23:04.74
C:\ComboFix.txt ... 07-01-02 20:23


Logfile of HijackThis v1.99.1
Scan saved at 20:29:52, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1164877270\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLServiceHost.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\media\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164877270\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.04\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: VCStudentPoker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCSTUD~1\client.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} (DrsDnld Control) - http://www.mathcentr...rsDnldProj1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7910869A-66BF-4079-95FA-69DC7044C33C}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

many many thanks again Bob
  • 0

#4
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
It appears you have a keylogger. If you've entered any password, please change the from a clean computer. Contact your banking/credit card services to let them know you may be a victim of identity theft.

Please go here (http://virusscan.jotti.org/) and upload and scan the files listed below:
C:\WINDOWS\system32\[email protected]@@k.DLL
C:\WINDOWS\system32\archlib.dll


Save the results and post them in your next reply.

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\tasks\A4C2BE4E91ED30BE.job
    C:\WINDOWS\iun6002.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please post a new HJT and the nolop! log and the jotti scan logs.

Edited by Tigger93, 02 January 2007 - 04:38 PM.

  • 0

#5
fortuitous

fortuitous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
hi there, thanks very much for the help, youve been brilliant. here are the lasest log files, many thanks again


Scan taken on 03 Jan 2007 13:11:43 (GMT) (scan of C:\WINDOWS\system32\[email protected]@@k.DLL)
AntiVir
Found SPR/PSW.HotKeys riskware
ArcaVir
Found Trojan.Keylogger
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found Trojan.W32.HotKeysHook.A-2
Dr.Web
Found Tool.Hatkeys
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found W32/Hotkeys.B!tr
Kaspersky Anti-Virus
Found nothing
NOD32
Found Win32/Keylogger.HotKeysHook.A
Norman Virus Control
Found W32/HotKeys.A
VirusBuster
Found nothing
VBA32
Found RiskWare.CrackTool.Win32.HotHook.dll


Scan taken on 03 Jan 2007 13:16:31 (GMT) (scan of C:\WINDOWS\system32\archlib.dll)
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Bob\Desktop
[03/01/2007]
[13:44:03]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A4C2BE4E91ED30BE.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Knob Draw Cdrom Boob
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Tenebril
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Bob\Application Data\Adobe
C:\Documents and Settings\Bob\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Bob\Application Data\Aol
C:\Documents and Settings\Bob\Application Data\Avg7
C:\Documents and Settings\Bob\Application Data\Big Slick!
C:\Documents and Settings\Bob\Application Data\Each Poke Surf
C:\Documents and Settings\Bob\Application Data\Google
C:\Documents and Settings\Bob\Application Data\Gtek
C:\Documents and Settings\Bob\Application Data\Identities
C:\Documents and Settings\Bob\Application Data\Intuit
C:\Documents and Settings\Bob\Application Data\Lavasoft
C:\Documents and Settings\Bob\Application Data\Leadertech
C:\Documents and Settings\Bob\Application Data\Macromedia
C:\Documents and Settings\Bob\Application Data\Microsoft
C:\Documents and Settings\Bob\Application Data\Mozilla
C:\Documents and Settings\Bob\Application Data\Pc Tools
C:\Documents and Settings\Bob\Application Data\Real
C:\Documents and Settings\Bob\Application Data\Superantispyware.com
C:\Documents and Settings\Bob\Application Data\Talkback
C:\Documents and Settings\Bob\Application Data\Tenebril
C:\Documents and Settings\Bob\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
  • 0

#6
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\All Users\Application Data\Knob Draw Cdrom Boob
    C:\Documents and Settings\Bob\Application Data\Each Poke Surf
    C:\Program Files\Each Poke Surf
    C:\WINDOWS\system32\[email protected]@@k.DLL
    C:\WINDOWS\system32\archlib.dll



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please post a new HJT log. :whistling:
  • 0

#7
fortuitous

fortuitous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
many thanks, here is the new file

Logfile of HijackThis v1.99.1
Scan saved at 23:23, on 07-01-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLServiceHost.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\common files\aol\1164877270\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1164877270\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\VC Poker\client.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164877270\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.04\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: VCStudentPoker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCSTUD~1\client.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {047C3241-279D-438A-BC34-9AD1C1910FC0} (DrsDnld Control) - http://www.mathcentr...rsDnldProj1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7910869A-66BF-4079-95FA-69DC7044C33C}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

all this makes very little sence to me, you must really know your stuff, thanks again
  • 0

#8
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Can you please run combofix again and post the log it produces?
  • 0

#9
fortuitous

fortuitous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
here you go, thanks


Bob - 07-01-07 17:02:00.90 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Bob\Desktop\Security"

((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))


2007-01-07 13:16 <DIR> d-------- C:\Program Files\PokerPlex
2007-01-07 13:00 96,768 --a------ C:\WINDOWS\system32\UnPoker.exe
2007-01-07 13:00 <DIR> d-------- C:\Program Files\William Hill Poker
2007-01-05 23:47 106 --a------ C:\delete.bat
2007-01-05 18:40 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\uTorrent
2007-01-04 16:42 <DIR> d-------- C:\war
2007-01-03 20:58 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab
2007-01-03 20:57 <DIR> d-------- C:\WINDOWS\Sun
2007-01-03 20:57 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\System Requirements Lab
2007-01-03 20:57 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Sun
2007-01-03 20:55 <DIR> d-------- C:\Program Files\Java
2007-01-03 20:53 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-03 13:52 <DIR> d-------- C:\!KillBox
2007-01-03 13:44 <DIR> d-------- C:\NoLopBackups
2007-01-03 00:49 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-03 00:47 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Real
2007-01-02 16:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-02 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-02 16:51 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\SUPERAntiSpyware.com
2007-01-02 16:41 <DIR> d-------- C:\hijackthis
2007-01-01 20:46 <DIR> d-------- C:\My Music
2007-01-01 20:37 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2006-12-28 15:12 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.04
2006-12-28 14:26 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2006-12-28 12:43 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2006-12-28 12:43 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2006-12-28 12:43 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-12-28 12:43 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2006-12-28 12:43 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2006-12-28 12:43 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2006-12-28 12:43 152,064 --a------ C:\WINDOWS\system32\unrar.dll
2006-12-28 12:43 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2006-12-28 12:43 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2006-12-28 12:43 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2006-12-28 12:43 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2006-12-28 12:43 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2006-12-27 00:03 <DIR> d-------- C:\Program Files\3Puzzles
2006-12-24 18:05 <DIR> d-------- C:\Program Files\Deluxe Snake
2006-12-24 18:04 <DIR> d-------- C:\Program Files\Strike
2006-12-22 20:25 231,936 --a------ C:\WINDOWS\UNINST16.EXE
2006-12-22 20:25 <DIR> d-------- C:\DTTOYS
2006-12-22 20:09 <DIR> d--h----- C:\WINDOWS\PIF
2006-12-22 20:09 <DIR> d-------- C:\Program Files\Charlie II
2006-12-22 20:08 <DIR> d-------- C:\Program Files\Rtab
2006-12-21 14:35 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-12-21 14:34 95,424 --a------ C:\WINDOWS\system32\drivers\slnthal.sys
2006-12-21 14:34 73,832 --a------ C:\WINDOWS\system32\slcoinst.dll
2006-12-21 14:34 73,796 --a------ C:\WINDOWS\system32\slserv.exe
2006-12-21 14:34 32,866 --a------ C:\WINDOWS\slrundll.exe
2006-12-21 14:34 286,792 --a------ C:\WINDOWS\system32\slextspk.dll
2006-12-21 14:34 188,508 --a------ C:\WINDOWS\system32\slgen.dll
2006-12-21 14:34 180,360 --a------ C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-12-21 14:34 13,776 --a------ C:\WINDOWS\system32\drivers\RecAgent.sys
2006-12-21 14:34 13,240 --a------ C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-12-21 14:34 129,535 --a------ C:\WINDOWS\system32\drivers\slnt7554.sys
2006-12-21 14:34 126,686 --a------ C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-12-21 14:34 1,309,184 --a------ C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-12-21 00:40 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-12-19 23:12 <DIR> d-------- C:\Program Files\Inter Action
2006-12-19 19:47 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2006-12-19 19:47 <DIR> d-------- C:\Program Files\Bingo Palace UK
2006-12-19 12:39 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-12-19 12:39 <DIR> d-------- C:\Program Files\Registry Mechanic
2006-12-19 00:25 <DIR> d-------- C:\Program Files\The Breakdown
2006-12-18 19:18 <DIR> d-------- C:\Program Files\Vodei
2006-12-17 18:42 <DIR> dr-h----- C:\Documents and Settings\Bob\Recent
2006-12-17 12:57 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-17 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2006-12-17 12:29 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-17 12:28 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-17 12:28 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-17 12:28 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-17 12:28 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-17 12:28 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-17 12:28 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-17 12:27 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2006-12-17 12:27 <DIR> d-------- C:\Program Files\IVT Corporation
2006-12-16 22:14 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-12-15 12:47 139,264 --a------ C:\WINDOWS\system32\eax.dll
2006-12-15 12:47 <DIR> d-------- C:\Program Files\Creative
2006-12-15 12:32 319,488 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2006-12-15 12:32 <DIR> d-------- C:\Program Files\Mafia
2006-12-14 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-12-14 12:41 <DIR> d-------- C:\Program Files\EA Games
2006-12-13 15:32 <DIR> d-------- C:\Program Files\VCStudentPoker
2006-12-13 12:40 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Tenebril
2006-12-13 12:30 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2006-12-13 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2006-12-13 12:26 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-13 12:25 <DIR> d-------- C:\Program Files\CCleaner
2006-12-13 12:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-12-12 16:59 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Talkback
2006-12-09 22:55 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Leadertech
2006-12-09 22:46 <DIR> d-------- C:\Program Files\Mad Cars
2006-12-08 22:32 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\AdobeUM
2006-12-08 13:21 <DIR> d-------- C:\WINDOWS\Minidump


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-07 14:35 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-03 20:58 -------- d-------- C:\Program Files\Common Files
2007-01-03 00:49 -------- d-------- C:\Program Files\Common Files\Real
2007-01-02 17:09 -------- d-------- C:\Documents and Settings\Bob\Application Data\Each Poke Surf
2007-01-01 21:00 -------- d-------- C:\Program Files\VC Poker
2007-01-01 20:46 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-12-29 00:22 -------- d-------- C:\Documents and Settings\Bob\Application Data\Google
2006-12-29 00:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-29 00:21 -------- d-------- C:\Program Files\Google
2006-12-28 15:13 -------- d---s---- C:\Documents and Settings\Bob\Application Data\Microsoft
2006-12-27 19:24 -------- d-------- C:\Program Files\AOL Toolbar
2006-12-17 12:56 -------- d-------- C:\Program Files\Quicken
2006-12-15 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-12-15 03:01 -------- d-------- C:\Program Files\Common Files\System
2006-12-14 12:47 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-12 16:48 -------- d-------- C:\Program Files\GustoSoft
2006-12-10 14:10 -------- d-------- C:\Program Files\NetMeeting
2006-12-09 09:04 -------- d-------- C:\Program Files\Spyware Doctor
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-03 19:27 -------- d-------- C:\Documents and Settings\Bob\Application Data\Big Slick!
2006-12-03 18:47 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-12-03 18:47 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-12-03 18:47 -------- d-------- C:\Program Files\Windows Media Player
2006-12-03 18:47 -------- d-------- C:\Program Files\PCI Audio Applications
2006-12-03 18:46 -------- d-------- C:\Program Files\C-Media
2006-12-02 22:54 -------- d-------- C:\Program Files\AOL 9.0
2006-12-02 13:32 -------- d-------- C:\Documents and Settings\Bob\Application Data\Intuit
2006-12-02 13:27 -------- d-------- C:\Program Files\QuickSFV
2006-12-02 10:44 -------- d-------- C:\Program Files\Internet Explorer
2006-12-01 19:35 -------- d-------- C:\Documents and Settings\Bob\Application Data\Lavasoft
2006-12-01 19:14 -------- d-------- C:\Program Files\Lavasoft
2006-12-01 18:44 -------- d-------- C:\Documents and Settings\Bob\Application Data\PC Tools
2006-12-01 18:34 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-01 10:05 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-30 09:01 -------- d-------- C:\Program Files\Common Files\Scanner
2006-11-30 09:01 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-30 08:57 -------- d-------- C:\Program Files\AOL
2006-11-30 03:05 -------- d-------- C:\Program Files\Messenger
2006-11-29 16:02 -------- d-------- C:\Program Files\OUGOMessenger
2006-11-28 14:56 -------- d--h----- C:\Documents and Settings\Bob\Application Data\GTek
2006-11-28 14:53 -------- d-------- C:\Documents and Settings\Bob\Application Data\Adobe
2006-11-28 14:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-28 14:46 -------- d-------- C:\Program Files\Common Files\L&H
2006-11-28 14:45 -------- d-------- C:\Program Files\Microsoft.NET
2006-11-28 14:45 -------- d-------- C:\Program Files\Microsoft Works
2006-11-28 14:45 -------- d-------- C:\Program Files\Microsoft Office
2006-11-28 14:45 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-11-28 14:45 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-11-28 14:44 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-11-28 14:35 -------- d-------- C:\Program Files\BitComet
2006-11-28 14:31 -------- d-------- C:\Program Files\WinRAR
2006-11-28 14:27 -------- d-------- C:\Program Files\Grisoft
2006-11-28 14:20 -------- d-------- C:\Program Files\XP Codec Pack
2006-11-28 14:20 -------- d-------- C:\Program Files\PowerISO
2006-11-28 14:18 -------- d-------- C:\Program Files\MSN Messenger
2006-11-28 14:16 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-28 14:15 -------- d-------- C:\Program Files\Adobe
2006-11-28 14:11 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-28 14:11 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-28 14:11 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-28 14:11 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-28 14:11 18240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-28 14:11 -------- d-------- C:\Documents and Settings\Bob\Application Data\AVG7
2006-11-28 14:10 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-28 13:57 -------- d-------- C:\Program Files\Zone Labs
2006-11-28 13:51 -------- d-------- C:\Documents and Settings\Bob\Application Data\Mozilla
2006-11-28 13:45 -------- d-------- C:\Program Files\AOL Companion
2006-11-28 13:45 -------- d-------- C:\Documents and Settings\Bob\Application Data\Macromedia
2006-11-28 13:42 -------- d-------- C:\Program Files\VoyagerTest
2006-11-28 13:42 -------- d-------- C:\Program Files\Common Files\FTL Shared
2006-11-28 13:42 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-11-28 13:41 -------- d-------- C:\Program Files\VoyagerModem105Drivers
2006-11-28 13:36 -------- d-------- C:\Program Files\Viewpoint
2006-11-28 13:36 -------- d-------- C:\Program Files\QuickTime
2006-11-28 13:36 -------- d-------- C:\Program Files\Learn2.com
2006-11-28 13:36 -------- d-------- C:\Program Files\Common Files\aolshare
2006-11-28 13:36 -------- d-------- C:\Program Files\Common Files\aolback
2006-11-28 13:36 -------- d-------- C:\Documents and Settings\Bob\Application Data\You've Got Pictures Screensaver
2006-11-28 13:36 -------- d-------- C:\Documents and Settings\Bob\Application Data\AOL
2006-11-28 13:35 -------- d-------- C:\Program Files\Real
2006-11-28 13:35 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-11-28 13:23 -------- d-------- C:\Program Files\Broadcom
2006-11-28 13:21 -------- d-------- C:\Program Files\Intel
2006-11-28 13:20 -------- d-------- C:\Program Files\Analog Devices
2006-11-28 13:17 -------- d-------- C:\Program Files\Dell
2006-11-27 18:36 -------- d--h----- C:\Program Files\Uninstall Information
2006-11-27 18:36 -------- d-------- C:\Documents and Settings\Bob\Application Data\Identities
2006-11-27 18:05 -------- d-------- C:\Program Files\xerox
2006-11-27 18:05 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-27 18:04 0 -rahs---- C:\MSDOS.SYS
2006-11-27 18:04 0 -rahs---- C:\IO.SYS
2006-11-27 18:04 0 --a------ C:\CONFIG.SYS
2006-11-27 18:04 0 --a------ C:\AUTOEXEC.BAT
2006-11-27 18:03 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-27 18:02 -------- d-------- C:\Program Files\Movie Maker
2006-11-27 18:02 -------- d-------- C:\Program Files\Common Files\Services
2006-11-27 18:02 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-11-27 18:01 -------- d-------- C:\Program Files\ComPlus Applications
2006-11-27 18:00 -------- d-------- C:\Program Files\Windows NT
2006-11-27 18:00 -------- d-------- C:\Program Files\Online Services
2006-11-27 18:00 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-27 18:00 -------- d-------- C:\Program Files\MSN
2006-11-27 17:28 62 --ahs---- C:\Documents and Settings\Bob\Application Data\desktop.ini
2006-11-27 17:28 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-27 17:28 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-06 08:28 30988 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 12:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 12:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1164877270\\ee\\AOLHostManager.exe"
"C-Media Mixer"="Mixer.exe /startup"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"RegistryMechanic"=""
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070102-202048-715
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
backup-20070102-202048-329
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.firstadsol...om/rw?title=New offer!&qs=iframe3?Rw4AAMYwAAASfAEA55IAAAIAAAAAAP8AAAAEEAICAANfzgAAdycAABnnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjE2HyvY.AAAW8iFoA0AAABASX2P-PwAAyEIt4AlAAAAAAAAAAAAAABBHhecTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATbD7TK6RtgFgJuxAB8MY.hBh2EK4cniAEvnFMwAAAAA=,,http://netsearchsoft.com/ads/ads.html (obfuscated)
Completion time: 07-01-07 17:03:25.04
C:\ComboFix.txt ... 07-01-07 17:03
  • 0

#10
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Go ahead and delete these folders:
C:\!KillBox
C:\NoLopBackups
C:\Documents and Settings\Bob\Application Data\Each Poke Surf


And restart your computer. Are you still having any problems?
  • 0

Advertisements


#11
fortuitous

fortuitous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
hi there, still got some problems, even worse now, i only get download speeds of about 25Kbps on my 1mb broadband. here is the hijack this log,

Logfile of HijackThis v1.99.1
Scan saved at 10:47:18, on 16/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1168375672\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\program files\common files\aol\1168375672\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1168375672\ee\aolsoftware.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VC Poker\client.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Poker\Titan Poker\casino.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168375672\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{B7666~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{B7666~1\reboot.ini -l0x9
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{13934EDC-655B-4B09-B9AF-B033892A0398}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{13934EDC-655B-4B09-B9AF-B033892A0398}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#12
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

  • 0

#13
fortuitous

fortuitous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
here is the log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:16:00 17/01/2007

+ Scan result:



E:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\Cache\2DF97B63d01 -> Adware.Casino : Cleaned.
:mozilla.214:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.215:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.406:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.407:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.297:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.298:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.31:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.225:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.226:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.205:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.256:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.269:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.270:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.281:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.364:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.365:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.445:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.448:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.449:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.450:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.459:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.460:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.461:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.462:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.464:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.513:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.264:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.265:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.266:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.267:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.268:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.372:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.373:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.374:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.375:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.376:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.377:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.378:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.379:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.380:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.381:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.382:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.383:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.384:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.385:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.386:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.57:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.58:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.59:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.413:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.414:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.415:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.416:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.417:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.418:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.108:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.221:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.227:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.228:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.157:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.158:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.159:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.229:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.230:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.231:E:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ufws6q8b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end



thanks again
  • 0

#14
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Pretty much clean.

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
[/quote]
  • 0

#15
fortuitous

fortuitous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
"Bob" - 07-01-17 22:31:01 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))


2007-01-17 22:23 <DIR> d-------- C:\Half-Life 2
2007-01-17 11:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-17 11:39 <DIR> d-------- C:\Program Files\Grisoft
2007-01-16 16:05 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-01-16 16:05 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-01-16 16:04 <DIR> d-------- C:\Program Files\Warcraft III
2007-01-16 15:42 <DIR> d-------- C:\Program Files\directx
2007-01-16 15:40 28,672 -ra------ C:\WINDOWS\system32\vorbisfile.dll
2007-01-16 15:40 <DIR> d-------- C:\Program Files\Empire Interactive
2007-01-16 11:34 <DIR> d-------- C:\Program Files\GustoSoft
2007-01-16 11:12 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\AdobeUM
2007-01-16 11:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-16 11:11 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\Adobe
2007-01-16 11:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-16 10:03 <DIR> d-------- C:\Poker
2007-01-15 23:17 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-01-15 23:17 <DIR> dr-h----- C:\DOCUME~1\Bob\Application Data\SecuROM
2007-01-15 23:14 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-15 23:14 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-15 23:11 <DIR> d-------- C:\Program Files\Sierra
2007-01-15 23:08 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\InstallShield
2007-01-15 13:45 <DIR> d-------- C:\DestinatorApps
2007-01-14 14:42 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-14 14:41 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-14 14:41 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-14 14:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-14 12:38 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-14 12:33 <DIR> d-------- C:\Program Files\Electronic Arts
2007-01-12 18:24 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-12 16:55 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-01-12 11:33 <DIR> d-------- C:\Program Files\SpywareGuard
2007-01-12 11:26 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-01-12 11:22 96,768 --a------ C:\WINDOWS\system32\UnPoker.exe
2007-01-12 11:22 <DIR> d-------- C:\Program Files\PokerPlex
2007-01-12 11:01 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Symantec
2007-01-12 03:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-11 17:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-11 17:35 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\Real
2007-01-11 16:48 <DIR> d-------- C:\Hijack this
2007-01-11 16:15 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-11 12:33 58,288 -ra------ C:\WINDOWS\system32\drivers\w810bus.sys
2007-01-11 12:33 5,808 -ra------ C:\WINDOWS\system32\drivers\w810whnt.sys
2007-01-11 12:33 5,808 -ra------ C:\WINDOWS\system32\drivers\w810wh.sys
2007-01-11 12:20 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-11 11:45 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\Lavasoft
2007-01-11 08:52 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-01-11 08:51 83,664 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-11 08:51 110,352 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-11 08:51 <DIR> d-------- C:\Program Files\Symantec
2007-01-11 08:51 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-11 08:51 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\Symantec
2007-01-11 08:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
2007-01-11 05:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-11 03:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-11 00:20 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-01-10 23:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-10 23:59 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\SUPERAntiSpyware.com
2007-01-10 23:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-10 23:57 <DIR> d-------- C:\Program Files\Google
2007-01-10 23:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater
2007-01-10 23:46 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-01-10 23:32 <DIR> d-------- C:\WINDOWS\PlayerStats
2007-01-10 23:32 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\Big Slick!
2007-01-10 16:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-10 14:26 <DIR> d-------- C:\Program Files\DigitalJesters
2007-01-10 11:16 <DIR> d---s---- C:\DOCUME~1\Bob\UserData
2007-01-10 02:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-01-10 02:28 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-01-10 02:28 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-01-10 02:28 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-01-10 02:28 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-01-10 02:28 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-01-10 02:28 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-01-10 02:28 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-01-10 02:28 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-01-10 02:27 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-01-10 02:27 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-01-10 02:27 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-01-10 02:27 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-01-10 02:27 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-01-10 02:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-01-10 02:27 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-01-10 02:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-01-10 02:27 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-01-10 02:27 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-01-10 02:27 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-01-10 02:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-01-10 02:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-01-10 02:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-01-10 02:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-01-10 02:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-01-10 02:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-01-10 02:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-01-10 02:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-01-10 02:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-01-10 02:27 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-01-10 02:27 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-01-10 02:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-01-10 02:27 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-01-10 02:27 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-01-10 02:27 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-01-10 02:27 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-01-10 02:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-01-10 02:27 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-01-10 02:27 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-01-10 02:27 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-01-10 02:27 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-01-10 02:27 <DIR> dr------- C:\Program Files
2007-01-10 02:27 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-01-10 02:27 <DIR> d--hs---- C:\WINDOWS\Installer
2007-01-10 02:27 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-01-10 02:27 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-01-10 02:25 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-01-10 02:25 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-01-10 02:24 <DIR> d--hs---- C:\System Volume Information
2007-01-10 02:24 <DIR> d-------- C:\Documents and Settings
2007-01-10 02:18 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-01-10 02:18 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-01-10 02:18 <DIR> dr------- C:\WINDOWS\Web
2007-01-10 02:18 <DIR> d--h----- C:\WINDOWS\inf
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\WinSxS
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\twain_32
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\wins
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\spool
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\ras
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\npp
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\mui
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\IME
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\ias
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\export
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\config
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\3076
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\2052
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\1054
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\1042
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\1041
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\1037
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\1033
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\1031
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\1028
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32\1025
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system32
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\system
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\security
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Resources
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\repair
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Provisioning
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\PeerNet
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\pchealth
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\mui
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\msapps
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\msagent
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Media
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\java
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\ime
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Help
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\ehome
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\dell
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Debug
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Cursors
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\Config
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\AppPatch
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS\addins
2007-01-10 02:18 <DIR> d-------- C:\WINDOWS
2007-01-10 01:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2007-01-10 00:59 <DIR> d-------- C:\Program Files\uTorrent
2007-01-10 00:59 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\uTorrent
2007-01-10 00:28 <DIR> d-------- C:\NVIDIA
2007-01-10 00:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-01-10 00:21 <DIR> d-------- C:\Program Files\PerformanceTest
2007-01-10 00:12 <DIR> d-------- C:\WINDOWS\Sun
2007-01-10 00:12 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab
2007-01-10 00:12 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\System Requirements Lab
2007-01-10 00:12 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\Sun
2007-01-10 00:11 <DIR> d-------- C:\Program Files\Java
2007-01-10 00:11 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\Talkback
2007-01-10 00:10 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-10 00:07 <DIR> d-------- C:\Program Files\VC Poker
2007-01-09 22:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\nView_Profiles
2007-01-09 22:26 <DIR> d-------- C:\Program Files\id Software
2007-01-09 22:24 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-01-09 22:22 <DIR> d-------- C:\Sierra
2007-01-09 22:19 <DIR> d-------- C:\NeverwinterNights
2007-01-09 22:13 <DIR> d-------- C:\games
2007-01-09 21:07 <DIR> d-------- C:\Media
2007-01-09 20:57 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-09 20:57 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-01-09 20:57 <DIR> d-------- C:\Program Files\IVT Corporation
2007-01-09 20:56 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-01-09 20:55 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-01-09 20:48 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-09 20:48 <DIR> d-------- C:\Program Files\PowerISO
2007-01-09 20:48 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-01-09 20:47 <DIR> d-------- C:\Program Files\AOL
2007-01-09 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-09 20:44 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-01-09 20:43 <DIR> d-------- C:\Program Files\BitComet
2007-01-09 20:42 <DIR> d-------- C:\DOCUME~1\Bob\Contacts
2007-01-09 20:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-09 20:41 <DIR> d-------- C:\Program Files\MSN Messenger
2007-01-09 20:37 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-01-09 20:34 <DIR> d--hs---- C:\RECYCLER
2007-01-09 20:25 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-01-09 20:25 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-01-09 20:25 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2007-01-09 20:25 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-01-09 20:25 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-01-09 20:25 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2007-01-09 20:25 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2007-01-09 20:25 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2007-01-09 20:25 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-01-09 20:25 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-01-09 20:25 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2007-01-09 20:25 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-01-09 20:25 <DIR> d-------- C:\WINDOWS\occache
2007-01-09 20:25 <DIR> d-------- C:\Program Files\Viewpoint
2007-01-09 20:25 <DIR> d-------- C:\Program Files\Real
2007-01-09 20:25 <DIR> d-------- C:\Program Files\QuickTime
2007-01-09 20:25 <DIR> d-------- C:\Program Files\Learn2.com
2007-01-09 20:25 <DIR> d-------- C:\Program Files\Common Files\Real
2007-01-09 20:25 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-01-09 20:25 <DIR> d-------- C:\Program Files\Common Files\aolback
2007-01-09 20:25 <DIR> d-------- C:\Program Files\AOL Toolbar
2007-01-09 20:25 <DIR> d-------- C:\Program Files\AOL Companion
2007-01-09 20:25 <DIR> d-------- C:\My Music
2007-01-09 20:25 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\You've Got Pictures Screensaver
2007-01-09 20:25 <DIR> d-------- C:\DOCUME~1\Bob\Application Data\AOL
2007-01-09 20:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Viewpoint
2007-01-09 20:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\QuickTime
2007-01-09 20:24 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-01-09 20:24 <DIR> d-------- C:\Program Files\AOL 9.0
2007-01-09 20:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-09 20:23 53,248 --a------ C:\WINDOWS\AppRun.exe
2007-01-09 20:23 36,864 --a------ C:\WINDOWS\Restart.exe
2007-01-09 20:23 24,576 --a------ C:\WINDOWS\system32\CoInst.dll
2007-01-09 20:23 138,402 --a------ C:\WINDOWS\system32\drivers\glausb.sys
2007-01-09 20:23 12,288 --------- C:\WINDOWS\system32\CplEng.dll
2007-01-09 20:23 <DIR> d-------- C:\Program Files\VoyagerTest
2007-01-09 20:23 <DIR> d-------- C:\Program Files\Common Files\FTL Shared
2007-01-09 20:23 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2007-01-09 20:12 <DIR> d-------- C:\Setup
2007-01-09 20:10 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-01-09 18:57 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-09 18:57 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-09 18:57 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-09 18:57 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-09 18:57 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-09 18:57 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-09 18:57 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-09 18:57 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-09 18:56 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-01-09 18:56 12,416 --a------ C:\WINDOWS\system32\drivers\asusgsb32.sys
2007-01-09 18:56 <DIR> d-------- C:\Program Files\GameFace Messenger
2007-01-09 18:56 <DIR> d-------- C:\Program Files\ASUS
2007-01-09 18:52 992,896 --a------ C:\WINDOWS\system32\drivers\Bravo_n.sys
2007-01-09 18:52 992,896 --a------ C:\WINDOWS\system32\drivers\Bravo_a.sys
2007-01-09 18:52 46,592 --a------ C:\WINDOWS\system32\asfrench.dll
2007-01-09 18:52 46,080 --a------ C:\WINDOWS\system32\asrussian.dll
2007-01-09 18:52 46,080 --a------ C:\WINDOWS\system32\asgerman.dll
2007-01-09 18:52 46,080 --a------ C:\WINDOWS\system32\aseng.dll
2007-01-09 18:52 45,568 --a------ C:\WINDOWS\system32\askorean.dll
2007-01-09 18:52 45,568 --a------ C:\WINDOWS\system32\asjapan.dll
2007-01-09 18:52 45,568 --a------ C:\WINDOWS\system32\ASCHT.dll
2007-01-09 18:52 45,568 --a------ C:\WINDOWS\system32\aschs.dll
2007-01-09 18:52 37,888 --a------ C:\WINDOWS\system32\ATKOGL32.dll
2007-01-09 18:52 241,152 --a------ C:\WINDOWS\ATKKBService.exe
2007-01-09 18:52 228,224 --a------ C:\WINDOWS\system32\ATKDISP.dll
2007-01-09 18:52 2,032,640 --a------ C:\WINDOWS\system32\ATKOSDX32.dll
2007-01-09 18:52 11,008 --a------ C:\WINDOWS\system32\drivers\atkkbnt.sys
2007-01-09 18:52 10,496 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL
2007-01-09 18:52 1,667,072 --a------ C:\WINDOWS\system32\ATKDispCPL.dll
2007-01-09 18:52 <DIR> d-------- C:\Program Files\ASUSTeK
2007-01-09 18:51 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-01-09 18:51 <DIR> d-------- C:\WINDOWS\nview
2007-01-09 18:50 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2007-01-09 18:48 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-09 18:48 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-09 18:48 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-09 18:48 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-01-09 18:46 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-09 18:46 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-09 18:46 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-09 18:46 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-01-09 18:46 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-09 18:46 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-09 18:46 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-09 18:46 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-09 18:46 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-01-09 18:45 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2007-01-09 18:45 86,016 -r------- C:\WINDOWS\SoundMan.exe
2007-01-09 18:45 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-09 18:45 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-01-09 18:45 4,258,816 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2007-01-09 18:45 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-09 18:45 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2007-01-09 18:45 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-09 18:45 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2007-01-09 18:45 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2007-01-09 18:45 16,120,832 -r------- C:\WINDOWS\RTHDCPL.exe
2007-01-09 18:45 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-09 18:45 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-01-09 18:45 <DIR> d-------- C:\Program Files\Realtek
2007-01-09 18:42 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL
2007-01-09 18:42 289,792 -ra------ C:\WINDOWS\system32\idecoiins.dll
2007-01-09 18:42 289,792 -ra------ C:\WINDOWS\system32\idecoi.dll
2007-01-09 18:42 208,896 --------- C:\WINDOWS\system32\nvuide.exe
2007-01-09 18:42 100,736 -ra------ C:\WINDOWS\system32\drivers\nvata.sys
2007-01-09 18:41 52,736 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2007-01-09 18:41 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll
2007-01-09 18:41 261,120 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-01-09 18:41 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe
2007-01-09 18:41 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-01-09 18:41 208,384 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2007-01-09 18:41 208,384 --a------ C:\WINDOWS\system32\fdco1.dll
2007-01-09 18:41 18,944 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2007-01-09 18:41 159,232 -ra------ C:\WINDOWS\system32\fdco_l1036.dll
2007-01-09 18:41 159,232 -ra------ C:\WINDOWS\system32\fdco_l1034.dll
2007-01-09 18:41 159,232 -ra------ C:\WINDOWS\system32\fdco_l1031.dll
2007-01-09 18:41 158,720 -ra------ C:\WINDOWS\system32\fdco_l1046.dll
2007-01-09 18:41 158,720 -ra------ C:\WINDOWS\system32\fdco_l1040.dll
2007-01-09 18:41 156,672 -ra------ C:\WINDOWS\system32\fdco_l1042.dll
2007-01-09 18:41 156,672 -ra------ C:\WINDOWS\system32\fdco_l1041.dll
2007-01-09 18:41 155,648 -ra------ C:\WINDOWS\system32\fdco_l1028.dll
2007-01-09 18:41 155,136 -ra------ C:\WINDOWS\system32\fdco_l2052.dll
2007-01-09 18:41 109,568 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-01-09 18:41 10,240 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2007-01-09 18:41 10,240 -ra------ C:\WINDOWS\system32\bdco1.dll
2007-01-09 18:41 1,068,800 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-01-09 18:41 <DIR> d-------- C:\WINDOWS\NV836596.TMP
2007-01-09 18:40 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-01-09 18:40 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-01-09 18:40 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-09 18:40 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-01-09 18:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-09 18:35 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-09 18:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-01-09 18:31 0 -rahs---- C:\MSDOS.SYS
2007-01-09 18:31 0 -rahs---- C:\IO.SYS
2007-01-09 18:31 0 --a------ C:\CONFIG.SYS
2007-01-09 18:31 0 --a------ C:\AUTOEXEC.BAT
2007-01-09 18:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-09 18:31 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-01-09 18:31 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-01-09 18:31 <DIR> d-------- C:\DELL
2007-01-09 18:30 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-01-09 18:30 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-01-09 18:30 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-01-09 18:30 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-01-09 18:30 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-09 18:30 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-01-09 18:29 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-01-09 18:29 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-01-09 18:29 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-01-09 18:29 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-01-09 18:29 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-01-09 18:29 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-01-09 18:29 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-01-09 18:29 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-01-09 18:29 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-01-09 18:29 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-01-09 18:29 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-01-09 18:29 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-01-09 18:29 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-01-09 18:29 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-09 18:29 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-01-09 18:29 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-01-09 18:29 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-01-09 18:29 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-01-09 18:29 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-01-09 18:29 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-01-09 18:29 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-01-09 18:29 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-01-09 18:29 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-01-09 18:29 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-01-09 18:29 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-01-09 18:29 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-01-09 18:29 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-01-09 18:29 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-01-09 18:29 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-01-09 18:29 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-09 18:29 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-01-09 18:29 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-01-09 18:29 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-01-09 18:29 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-09 18:29 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-01-09 18:29 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-01-09 18:29 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-01-09 18:29 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-09 18:29 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-01-09 18:29 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-01-09 18:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-01-09 18:29 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-01-09 18:29 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-01-09 18:29 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-01-09 18:29 <DIR> d---s---- C:\WINDOWS\Tasks
2007-01-09 18:29 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-01-09 18:29 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-01-09 18:29 <DIR> d-------- C:\WINDOWS\srchasst
2007-01-09 18:29 <DIR> d-------- C:\WINDOWS\Registration
2007-01-09 18:29 <DIR> d-------- C:\Program Files\Online Services
2007-01-09 18:29 <DIR> d-------- C:\Program Files\Movie Maker
2007-01-09 18:29 <DIR> d-------- C:\Program Files\Messenger
2007-01-09 18:29 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-01-09 18:28 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-01-09 18:28 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-01-09 18:28 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-01-09 18:28 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-01-09 18:28 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-01-09 18:28 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-01-09 18:28 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-01-09 18:28 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-01-09 18:28 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-01-09 18:28 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-01-09 18:28 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-01-09 18:28 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-01-09 18:28 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-01-09 18:28 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-01-09 18:28 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-01-09 18:28 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-01-09 18:28 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-01-09 18:28 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-01-09 18:28 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-01-09 18:28 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-01-09 18:28 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-01-09 18:28 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-01-09 18:28 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-01-09 18:28 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-01-09 18:28 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-01-09 18:28 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-01-09 18:28 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-01-09 18:28 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-01-09 18:28 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-01-09 18:28 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-01-09 18:28 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-01-09 18:28 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-01-09 18:28 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-09 18:28 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-01-09 18:28 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-01-09 18:28 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-01-09 18:28 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-01-09 18:28 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-01-09 18:28 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-01-09 18:28 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-01-09 18:28 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-01-09 18:28 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-01-09 18:28 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-01-09 18:28 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-01-09 18:28 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-01-09 18:28 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-01-09 18:28 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-09 18:28 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-01-09 18:28 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-01-09 18:28 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-01-09 18:28 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-09 18:28 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-01-09 18:28 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-01-09 18:28 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-01-09 18:28 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-01-09 18:28 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-01-09 18:28 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-01-09 18:28 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-01-09 18:28 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-01-09 18:28 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-01-09 18:28 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-01-09 18:28 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-01-09 18:28 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-01-09 18:28 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-01-09 18:28 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-01-09 18:28 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-01-09 18:28 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-01-09 18:28 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-01-09 18:28 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-01-09 18:28 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-09 18:28 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-01-09 18:28 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-01-09 18:28 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-01-09 18:28 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-01-09 18:28 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-01-09 18:28 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-09 18:28 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-01-09 18:28 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-01-09 18:28 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-01-09 18:28 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-01-09 18:28 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-01-09 18:28 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-01-09 18:28 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-01-09 18:28 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-01-09 18:28 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-01-09 18:28 <DIR> d-------- C:\WINDOWS\system32\Com
2007-01-09 18:28 <DIR> d-------- C:\Program Files\Windows NT
2007-01-09 18:28 <DIR> d-------- C:\Program Files\MSN Gaming Zone


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-15 23:54 -------- d---s---- C:\DOCUME~1\Bob\Application Data\microsoft
2007-01-10 02:27 62 --ahs---- C:\DOCUME~1\Bob\Application Data\desktop.ini
2007-01-09 22:30 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-01-09 20:37 -------- d-------- C:\DOCUME~1\Bob\Application Data\mozilla
2007-01-09 20:26 -------- d-------- C:\DOCUME~1\Bob\Application Data\macromedia
2007-01-09 18:36 -------- d-------- C:\DOCUME~1\Bob\Application Data\identities
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-02 16:10 80912 --a------ C:\WINDOWS\system32\sherlock2.exe
2006-10-28 18:10 16384 --a------ C:\WINDOWS\system32\ac3config.exe
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"GameFace Messenger"="C:\\Program Files\\GameFace Messenger\\GameFace.exe"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1168375672\\ee\\AOLSoftware.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATWPKT2


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Bob.job

Completion time: 07-01-17 22:36:38



Logfile of HijackThis v1.99.1
Scan saved at 22:38:05, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1168375672\ee\AOLSoftware.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1168375672\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1168375672\ee\aolsoftware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168375672\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM&
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP