Logfile of HijackThis v1.99.1
Scan saved at 1:55:39 AM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Common Files\AOL\1147054468\ee\AOLSoftware.exe
C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Useful Programs\Helpful Programs\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147054468\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
Logfile from Combofix.exe follows
_________________________________________________________________
Eric - 06-11-19 23:48:50.51 Service Pack 2
ComboFix 06.11.19 - Running from: "C:\Documents and Settings\Eric\Desktop\Spyware Removal"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\SSTEM~1
C:\QooBox\Purity\Program Files\SSTEM~1\explorer.exe
C:\QooBox\Purity\Program Files\SSTEM~1\s?stem
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1\j?vaw.exe
((((((((((((((((((((((((((((((( Files Created from 2006-10-19 to 2006-11-19 ))))))))))))))))))))))))))))))))))
2006-11-19 23:37 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-19 22:49 <DIR> d-------- C:\WINDOWS\temp
2006-11-19 03:18 759,688 ---hs---- C:\WINDOWS\system32\llkkj.bak1
2006-11-19 03:18 60,436 --a------ C:\WINDOWS\system32\donotuse.dll
2006-11-19 03:17 692,276 ---hs---- C:\WINDOWS\system32\jkkll.dll
2006-11-19 02:05 40,973 ---hs---- C:\WINDOWS\system32\ddccccy.dll
2006-11-15 02:38 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\Apple Computer
2006-11-15 02:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-15 02:30 <DIR> d-------- C:\Program Files\QuickTime
2006-11-11 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2006-11-08 02:28 <DIR> d-------- C:\Program Files\Excite
2006-11-06 13:49 299,520 --a------ C:\WINDOWS\uninst.exe
2006-11-06 13:48 4,672 --a------ C:\WINDOWS\system32\LXASUSCI.DLL
2006-11-06 13:48 33,792 --a------ C:\WINDOWS\system32\LXASUSCI.EXE
2006-11-06 13:39 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-11-06 13:36 <DIR> d-------- C:\Program Files\LexmarkX83
2006-11-06 12:45 <DIR> d-------- C:\Documents and Settings\Eric\WINDOWS
2006-11-03 00:10 <DIR> d-------- C:\Program Files\MTV Networks
2006-11-01 12:34 <DIR> d-------- C:\Program Files\AC3Filter
2006-10-31 17:35 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-31 17:35 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-31 17:35 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-31 17:15 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-31 17:14 46,208 --a------ C:\WINDOWS\system32\drivers\IrBus.sys
2006-10-31 17:14 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-31 17:14 17,024 --a------ C:\WINDOWS\system32\drivers\hidir.sys
2006-10-24 12:10 <DIR> d-------- C:\Program Files\TMPGENC
2006-10-24 11:43 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\Opera
2006-10-24 10:44 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-24 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-10-23 14:51 <DIR> d-------- C:\Program Files\hp deskjet 930c series
2006-10-23 14:51 <DIR> d-------- C:\Program Files\Hewlett-Packard
2006-10-23 14:50 53,248 --a------ C:\WINDOWS\system32\hpfinsta.exe
2006-10-23 14:50 274,432 --------- C:\WINDOWS\system32\hpfinst.dll
2006-10-23 14:50 262,144 --a------ C:\WINDOWS\system32\hpzcon04.dll
2006-10-23 14:50 200,704 --a------ C:\WINDOWS\system32\hpzcoi04.dll
2006-10-23 14:50 114,744 --a------ C:\WINDOWS\system32\hpzlnt04.dll
2006-10-22 21:58 <DIR> dr-h----- C:\Documents and Settings\Eric\Recent
2006-10-22 19:54 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\InstallShield
2006-10-21 21:28 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\uTorrent
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-19 23:49 -------- d-------- C:\Program Files\Common Files
2006-11-19 23:39 -------- d-------- C:\Program Files\Java
2006-11-19 23:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-19 02:21 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-10 03:10 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 13:07 353 --a--c--- C:\Documents and Settings\Eric\Application Data\AutoGK.ini
2006-11-01 04:35 -------- d-------- C:\Documents and Settings\Eric\Application Data\DivX
2006-10-25 12:36 -------- d-------- C:\Program Files\AOD
2006-10-24 11:56 -------- d-------- C:\Documents and Settings\Eric\Application Data\Adobe
2006-10-24 10:52 -------- d-------- C:\Program Files\Adobe
2006-10-24 10:49 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-22 20:06 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-17 16:42 -------- d-------- C:\Program Files\Google
2006-10-16 18:00 -------- d-------- C:\Documents and Settings\Eric\Application Data\Mozilla
2006-10-16 16:07 -------- d-------- C:\Program Files\DivX
2006-10-08 20:50 161555 --a------ C:\WINDOWS\EXPStudio's Audio Converter FREE Uninstaller.exe
2006-10-08 20:50 -------- d-------- C:\Program Files\EXPStudio
2006-10-08 20:41 -------- d-------- C:\Program Files\illiminable
2006-10-08 19:32 -------- d---s---- C:\Documents and Settings\Eric\Application Data\Microsoft
2006-10-08 19:32 -------- d-------- C:\Program Files\APSW
2006-10-08 15:36 -------- d-------- C:\Program Files\Kodak
2006-10-08 15:35 -------- d-------- C:\Program Files\Common Files\Kodak
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 03:45 96256 --a------ C:\WINDOWS\system32\drivers\sptd4877.sys
2006-08-27 19:54 98304 --a--c--- C:\WINDOWS\system32\CmdLineExt.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"=""
"BlockAds"="\"C:\\Program Files\\Tweak-XP Pro 3\\AdBlocker.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"Lexmark X83 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X83.exe"
"Lexmark X83 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X83.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1147054468\\ee\\AOLSoftware.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://doppler.tbo.com/wfla_nowrad_fl.sm.jpg"
"SubscribedURL"="http://doppler.tbo.com/wfla_nowrad_fl.sm.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,e4,00,00,00,23,00,00,00,2b,02,00,00,df,01,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,a0,00,00,00,78,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,a0,00,00,00,78,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoStrCmpLogical"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray curb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Playinside"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Eric\\APPLIC~1\\GREATD~1\\Playinside.exe"
"inimapping"="0"
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"="\"C:\\DOCUME~1\\ERIC\\LOCALS~1\\TEMP\\RAR$EX01.516\\PROCEXP.EXE\""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A6AFB94790702A57.job
Completion time: 06-11-19 23:51:10.26
C:\ComboFix.txt ... 06-11-19 23:51
_________________________________________________________________