ok soory for all this and thanks for helping as these spyware seems nasty anyway heres the data from the combofix
-------------------------------------------------------------------------------------
Start Time= Tue 07/04/2006 13:39:19.59
Running from: C:\Documents and Settings\carol\Desktop
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))
13:37:38.09
* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
2006-06-18 17:35:06 77,824 "C:\WINDOWS\system32\jgdndl.exe"
2006-06-18 17:35:18 45,056 "C:\WINDOWS\system32\tfthot.exe"
2006-07-04 13:35:10 2 "C:\WINDOWS\system32\wapitr.exe"
2006-06-18 15:33:12 14,482 "C:\WINDOWS\system32\clcbt.exe"
2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe"
2006-06-18 15:43:20 8,644 "C:\WINDOWS\system32\slx.exe???????????????????"
2006-06-18 17:36:06 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-05-19 15:52:28 2,702,848 "C:\WINDOWS\system32\MSHTML.DLL"
2006-05-14 02:13:42 257,536 "C:\WINDOWS\system32\oakley.dll"
2006-05-08 10:50:58 461,824 "C:\WINDOWS\system32\URLMON.DLL"
2006-06-18 17:35:18 208,896 "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-18 17:35:18 28,672 "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-18 15:32:52 13,312 "C:\WINDOWS\system32\maxd641.exe"
2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-18 15:33:10 63,962 "C:\WINDOWS\system32\taskdir.exe"
2006-06-02 13:39:46 286,000 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-18 15:33:24 149,504 "C:\WINDOWS\system32\dcom_21.dll"
2006-04-28 10:57:16 351,744 "C:\WINDOWS\system32\DXTMSFT.DLL"
2006-05-26 22:19:50 163,840 "C:\WINDOWS\system32\JGDW400.DLL"
2006-04-06 16:15:48 27,648 "C:\WINDOWS\system32\JGPL400.DLL"
2006-05-17 22:58:56 458,752 "C:\WINDOWS\system32\jscript.dll"
2006-04-28 10:58:48 12,288 "C:\WINDOWS\system32\JSPROXY.DLL"
2006-06-19 11:29:16 24,576 "C:\WINDOWS\system32\msxml3a.dll"
2006-05-14 02:13:42 169,984 "C:\WINDOWS\system32\rasmans.dll"
2006-06-18 15:33:20 57,344 "C:\WINDOWS\system32\senssrv.dll"
2006-05-26 15:40:58 1,339,904 "C:\WINDOWS\system32\SHDOCVW.DLL"
2006-06-18 17:35:24 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-04-28 10:58:58 575,488 "C:\WINDOWS\system32\WININET.DLL"
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
2006-06-18 17:35:18 28,672 "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-18 15:32:52 13,312 "C:\WINDOWS\system32\maxd641.exe"
2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-18 15:33:10 63,962 "C:\WINDOWS\system32\taskdir.exe"
2006-06-02 13:39:46 286,000 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-18 17:35:06 77,824 "C:\WINDOWS\system32\jgdndl.exe"
2006-06-18 17:35:18 45,056 "C:\WINDOWS\system32\tfthot.exe"
2006-07-04 13:35:10 2 "C:\WINDOWS\system32\wapitr.exe"
2006-06-18 15:33:12 14,482 "C:\WINDOWS\system32\clcbt.exe"
2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe"
2006-06-18 15:43:20 8,644 "C:\WINDOWS\system32\slx.exe???????????????????"
2006-06-18 17:36:06 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-06-18 15:33:24 149,504 "C:\WINDOWS\system32\dcom_21.dll"
2006-04-28 10:57:16 351,744 "C:\WINDOWS\system32\DXTMSFT.DLL"
2006-05-26 22:19:50 163,840 "C:\WINDOWS\system32\JGDW400.DLL"
2006-04-06 16:15:48 27,648 "C:\WINDOWS\system32\JGPL400.DLL"
2006-05-17 22:58:56 458,752 "C:\WINDOWS\system32\jscript.dll"
2006-04-28 10:58:48 12,288 "C:\WINDOWS\system32\JSPROXY.DLL"
2006-06-19 11:29:16 24,576 "C:\WINDOWS\system32\msxml3a.dll"
2006-05-14 02:13:42 169,984 "C:\WINDOWS\system32\rasmans.dll"
2006-06-18 15:33:20 57,344 "C:\WINDOWS\system32\senssrv.dll"
2006-05-26 15:40:58 1,339,904 "C:\WINDOWS\system32\SHDOCVW.DLL"
2006-06-18 17:35:24 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-04-28 10:58:58 575,488 "C:\WINDOWS\system32\WININET.DLL"
2006-05-19 15:52:28 2,702,848 "C:\WINDOWS\system32\MSHTML.DLL"
2006-05-14 02:13:42 257,536 "C:\WINDOWS\system32\oakley.dll"
2006-05-08 10:50:58 461,824 "C:\WINDOWS\system32\URLMON.DLL"
2006-06-18 17:35:18 208,896 "C:\WINDOWS\system32\x3cqp0.dll"
((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\carol\Application Data\Sskknwrd.dll
C:\Documents and Settings\carol\Application Data\Sskuknwrd.dll
C:\Documents and Settings\carol\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\system32\bk.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
13:39:03.23
((((((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\atmtd.dll.tmp
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-07-04 13:35:10 2 ( A.... ) "C:\WINDOWS\system32\wapitr.exe"
2006-07-04 13:35:08 81920 ( A.... ) "C:\WINDOWS\system32\mmc.dll"
2006-07-04 13:35:08 ( .D... ) "C:\Documents and Settings\carol\Application Data\F?nts"
2006-07-04 13:34:52 143360 ( A.... ) "C:\WINDOWS\sys0342458777-19.exe"
2006-07-04 13:34:52 0 ( A.... ) "C:\Documents and Settings\carol\Application Data\internaldb41.dat"
2006-07-03 18:43:58 5624 ( A.... ) "C:\Program Files\hijackthis.log"
2006-07-03 13:48:02 833 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-07-03 13:48:02 833 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-07-03 13:47:30 ( .D... ) "C:\Program Files\çasks"
2006-07-03 12:52:00 ( .D... ) "C:\Documents and Settings\carol\Application Data\Lavasoft"
2006-07-03 12:51:54 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-03 12:27:12 ( .D... ) "C:\Program Files\Yahoo!"
2006-07-01 10:31:46 236818 ( A.... ) "C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe"
2006-07-01 10:31:42 ( .D... ) "C:\Program Files\Common Files\S?mantec"
2006-07-01 10:31:24 319294 ( A.... ) "C:\WINDOWS\YOINSI.exe"
2006-06-30 14:10:32 143360 ( A.... ) "C:\WINDOWS\ms042458777-194.exe"
2006-06-23 20:09:00 ( .D... ) "C:\Program Files\Guild Wars"
2006-06-20 14:44:50 32540 ( A.... ) "C:\WINDOWS\system32\adrot-uninst.exe"
2006-06-20 14:38:50 32976 ( A.... ) "C:\WINDOWS\system32\uninstIcn.exe"
2006-06-20 07:55:24 389120 ( A.... ) "C:\WINDOWS\system32\nodeipproc.dll"
2006-06-20 00:51:04 ( .D... ) "C:\Documents and Settings\carol\Application Data\vlc"
2006-06-20 00:48:32 ( .D... ) "C:\Program Files\VideoLAN"
2006-06-19 21:14:06 ( .D... ) "C:\Program Files\games"
2006-06-19 20:57:30 129649 ( A.... ) "C:\WINDOWS\elpp100drop.exe"
2006-06-19 20:57:28 25105 ( A.... ) "C:\WINDOWS\idlemg.exe"
2006-06-19 20:57:26 114137 ( A.... ) "C:\WINDOWS\justin2a.exe"
2006-06-19 11:58:18 ( .D... ) "C:\Program Files\BitLord"
2006-06-19 11:29:24 45996 ( A.... ) "C:\WINDOWS\system32\UnIrimon.exe"
2006-06-19 11:29:16 24576 ( A.... ) "C:\WINDOWS\system32\msxml3a.dll"
2006-06-18 18:31:18 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-06-18 18:07:36 ( .D... ) "C:\Documents and Settings\carol\Application Data\Macromedia"
2006-06-18 17:38:14 45087 ( A.... ) "C:\WINDOWS\system32\podsregq.exe"
2006-06-18 17:36:50 ( .D... ) "C:\Program Files\Windows"
2006-06-18 17:36:40 2088960 ( A.... ) "C:\WINDOWS\cfg32.exe"
2006-06-18 17:36:12 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-06-18 17:36:10 45068 ( A.... ) "C:\WINDOWS\system32\ZICORN003.exe"
2006-06-18 17:36:06 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-06-18 17:35:34 53120 ( A.... ) "C:\WINDOWS\optimize.exe"
2006-06-18 17:35:24 45056 ( A.... ) "C:\WINDOWS\System32tfthot.exe"
2006-06-18 17:35:24 28672 ( A.... ) "C:\WINDOWS\System32ftuninst.exe"
2006-06-18 17:35:24 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-06-18 17:35:18 208896 ( A.... ) "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-18 17:35:18 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-06-18 17:35:18 28672 ( A.... ) "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-18 17:35:18 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-06-18 17:35:06 77824 ( A.... ) "C:\WINDOWS\system32\jgdndl.exe"
2006-06-18 17:35:06 77824 ( A.... ) "C:\WINDOWS\system32\cloudsim.exe"
2006-06-18 17:34:50 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-06-18 17:34:50 5632 ( A.... ) "C:\WINDOWS\pi1_36.exe"
2006-06-18 17:34:22 159838 ( A.... ) "C:\WINDOWS\system32\rwinpqez.exe"
2006-06-18 17:34:22 42784 ( A.... ) "C:\WINDOWS\thiselt.exe"
2006-06-18 17:30:00 13373 ( A.... ) "C:\WINDOWS\pre.exe"
2006-06-18 17:29:44 13373 ( A.... ) "C:\WINDOWS\system32\a.exe"
2006-06-18 17:25:52 ( .D... ) "C:\Program Files\WinRAR"
2006-06-18 17:21:46 ( .D... ) "C:\Documents and Settings\carol\Application Data\Identities"
2006-06-18 17:21:42 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-06-18 17:21:36 ( .DS.. ) "C:\Documents and Settings\carol\Application Data\Microsoft"
2006-06-18 17:15:50 ( .D... ) "C:\Program Files\xerox"
2006-06-18 17:15:50 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-06-18 17:15:34 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-06-18 17:12:40 ( .D... ) "C:\Program Files\Common Files\Services"
2006-06-18 17:12:34 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-06-18 17:12:28 ( .D... ) "C:\Program Files\Movie Maker"
2006-06-18 17:12:22 ( .D... ) "C:\Program Files\Outlook Express"
2006-06-18 17:12:22 ( .D... ) "C:\Program Files\NetMeeting"
2006-06-18 17:12:16 ( .D... ) "C:\Program Files\Common Files\System"
2006-06-18 17:12:12 ( .D... ) "C:\Program Files\Internet Explorer"
2006-06-18 17:10:54 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-06-18 17:10:54 ( .D... ) "C:\Program Files\Online Services"
2006-06-18 17:10:52 ( .D... ) "C:\Program Files\Windows Media Player"
2006-06-18 17:10:44 ( .D... ) "C:\Program Files\Messenger"
2006-06-18 17:10:40 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-06-18 17:10:12 ( .D... ) "C:\Program Files\Windows NT"
2006-06-18 17:10:12 ( .D... ) "C:\Program Files\MSN"
2006-06-18 15:44:10 8644 ( A.... ) "C:\WINDOWS\system32\kernels8.exe"
2006-06-18 15:43:58 55388 ( A.... ) "C:\WINDOWS\system32\spoolsvv.exe"
2006-06-18 15:43:26 17 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq8.exe"
2006-06-18 15:43:20 8644 ( A.... ) "C:\WINDOWS\system32\slx.exe???????????????????"
2006-06-18 15:33:36 7680 ( A.... ) "C:\WINDOWS\comdlg66.dll"
2006-06-18 15:33:24 149504 ( A.... ) "C:\WINDOWS\system32\dcom_21.dll"
2006-06-18 15:33:20 57344 ( A.... ) "C:\WINDOWS\system32\senssrv.dll"
2006-06-18 15:33:12 14482 ( A.... ) "C:\WINDOWS\system32\clcbt.exe"
2006-06-18 15:33:10 63962 ( A.... ) "C:\WINDOWS\system32\taskdir.exe"
2006-06-18 15:33:10 63962 ( A.... ) "C:\WINDOWS\system32\ipod.raw.exe"
2006-06-18 15:32:52 21504 ( A.... ) "C:\WINDOWS\system32\66783cac.exe"
2006-06-18 15:32:52 13312 ( A.... ) "C:\WINDOWS\system32\maxd641.exe"
2006-06-18 15:32:48 19258 ( A.... ) "C:\WINDOWS\xpupdate.exe"
2006-06-18 15:32:48 19258 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq2.exe"
2006-06-18 15:32:48 7482 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq7.exe"
2006-06-18 15:32:48 7482 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq6.exe"
2006-06-18 15:32:48 4287 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq5.exe"
2006-06-18 15:32:46 5036 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq1.exe"
2006-06-18 14:45:14 ( .D... ) "C:\Program Files\CCleaner"
2006-06-18 14:41:14 234248 ( A.... ) "C:\WINDOWS\Tagasuarus2.exe"
2006-06-18 09:55:38 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-06-18 09:55:34 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-06-18 09:55:34 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-06-18 09:55:34 ( .D... ) "C:\Program Files\Common Files"
2006-06-18 09:55:08 62 ( A.SH. ) "C:\Documents and Settings\carol\Application Data\desktop.ini"
2006-06-15 18:39:06 131072 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-06-15 15:26:44 1142784 ( A.... ) "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-15 15:26:40 24576 ( A.... ) "C:\WINDOWS\system32\nr1rnqm8.exe"
2006-06-08 18:19:52 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-07 10:55:52 3626 ( A.... ) "C:\Program Files\Common Files\howy.html"
2006-06-06 15:20:40 610648 ( A.... ) "C:\WINDOWS\system32\WINSSWEBAGENT.DLL"
2006-06-06 08:03:38 60416 ( A.... ) "C:\WINDOWS\system32\adrotate.dll"
2006-06-06 07:48:36 139264 ( A.... ) "C:\WINDOWS\system32\ushr.dll"
2006-06-02 13:39:54 579888 ( ..... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-06-02 13:39:46 402736 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-02 13:39:46 286000 ( ..... ) "C:\WINDOWS\system32\WgaTray.exe"
2006-05-26 22:19:50 163840 ( A.... ) "C:\WINDOWS\system32\JGDW400.DLL"
2006-05-26 15:40:58 1339904 ( A.... ) "C:\WINDOWS\system32\SHDOCVW.DLL"
2006-05-19 15:52:28 2702848 ( A.... ) "C:\WINDOWS\system32\MSHTML.DLL"
2006-05-17 22:58:56 458752 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-14 02:13:42 364544 ( A.... ) "C:\WINDOWS\system32\ipsmsnap.dll"
2006-05-14 02:13:42 334848 ( A.... ) "C:\WINDOWS\system32\ipsecsnp.dll"
2006-05-14 02:13:42 257536 ( A.... ) "C:\WINDOWS\system32\oakley.dll"
2006-05-14 02:13:42 169984 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2006-05-14 02:13:42 159744 ( A.... ) "C:\WINDOWS\system32\ipsecsvc.dll"
2006-05-14 02:13:42 98304 ( A.... ) "C:\WINDOWS\system32\polstore.dll"
2006-05-14 02:13:42 29184 ( A.... ) "C:\WINDOWS\system32\winipsec.dll"
2006-05-08 10:50:58 461824 ( A.... ) "C:\WINDOWS\system32\URLMON.DLL"
2006-04-28 10:58:58 575488 ( A.... ) "C:\WINDOWS\system32\WININET.DLL"
2006-04-28 10:58:48 12288 ( A.... ) "C:\WINDOWS\system32\JSPROXY.DLL"
2006-04-28 10:57:16 351744 ( A.... ) "C:\WINDOWS\system32\DXTMSFT.DLL"
2006-04-06 16:15:48 27648 ( A.... ) "C:\WINDOWS\system32\JGPL400.DLL"
2005-02-16 11:06:16 218112 ( A.... ) "C:\Program Files\HijackThis.exe"
((((((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))))))
2006-07-04 13:34 143,360 C:\WINDOWS\sys0342458777-19.exe
2006-07-03 13:47 833 C:\WINDOWS\system32\nt68rrtc12.sys
2006-07-01 10:31 81,920 C:\WINDOWS\system32\mmc.dll
2006-06-30 14:10 143,360 C:\WINDOWS\ms042458777-194.exe
2006-06-20 07:55 389,120 C:\WINDOWS\system32\nodeipproc.dll
2006-06-19 21:09 32,976 C:\WINDOWS\system32\uninstIcn.exe
2006-06-19 11:29 45,996 C:\WINDOWS\system32\UnIrimon.exe
2006-06-19 11:29 24,576 C:\WINDOWS\system32\msxml3a.dll
2006-06-19 11:25 32,540 C:\WINDOWS\system32\adrot-uninst.exe
2006-06-19 11:18 114,137 C:\WINDOWS\justin2a.exe
2006-06-18 18:09 5,967,776 C:\WINDOWS\system32\MRT.exe
2006-06-18 17:48 593,408 C:\WINDOWS\system32\h323msp.dll
2006-06-18 17:48 548,352 C:\WINDOWS\system32\rtcdll.dll
2006-06-18 17:48 439,808 C:\WINDOWS\system32\ipnathlp.dll
2006-06-18 17:48 36,864 C:\WINDOWS\system32\mf3216.dll
2006-06-18 17:48 306,176 C:\WINDOWS\system32\netapi32.dll
2006-06-18 17:48 26,112 C:\WINDOWS\system32\xpsp1hfm.exe
2006-06-18 17:47 947,472 C:\WINDOWS\system32\msjava.dll
2006-06-18 17:47 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-06-18 17:47 49,424 C:\WINDOWS\system32\clspack.exe
2006-06-18 17:47 46,352 C:\WINDOWS\setdebug.exe
2006-06-18 17:47 404,752 C:\WINDOWS\system32\javart.dll
2006-06-18 17:47 313,856 C:\WINDOWS\system32\dx3j.dll
2006-06-18 17:47 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-06-18 17:47 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-06-18 17:47 187,152 C:\WINDOWS\system32\javacypt.dll
2006-06-18 17:47 172,304 C:\WINDOWS\system32\jview.exe
2006-06-18 17:47 171,792 C:\WINDOWS\system32\wjview.exe
2006-06-18 17:47 171,280 C:\WINDOWS\system32\jit.dll
2006-06-18 17:47 154,384 C:\WINDOWS\system32\msawt.dll
2006-06-18 17:47 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-06-18 17:47 139,536 C:\WINDOWS\system32\javaee.dll
2006-06-18 17:47 113 C:\WINDOWS\system32\zonedon.reg
2006-06-18 17:47 113 C:\WINDOWS\system32\zonedoff.reg
2006-06-18 17:43 991,232 C:\WINDOWS\system32\esent.dll
2006-06-18 17:38 45,087 C:\WINDOWS\system32\podsregq.exe
2006-06-18 17:36 48,167 C:\WINDOWS\system32\VSL05.exe
2006-06-18 17:36 45,068 C:\WINDOWS\system32\ZICORN003.exe
2006-06-18 17:36 32,768 C:\WINDOWS\unstall.exe
2006-06-18 17:36 2,088,960 C:\WINDOWS\cfg32.exe
2006-06-18 17:36 139,264 C:\WINDOWS\system32\ushr.dll
2006-06-18 17:35 8,464 C:\WINDOWS\system32\sporder.dll
2006-06-18 17:35 77,824 C:\WINDOWS\system32\jgdndl.exe
2006-06-18 17:35 77,824 C:\WINDOWS\system32\cloudsim.exe
2006-06-18 17:35 53,120 C:\WINDOWS\optimize.exe
2006-06-18 17:35 45,056 C:\WINDOWS\System32tfthot.exe
2006-06-18 17:35 45,056 C:\WINDOWS\system32\tfthot.exe
2006-06-18 17:35 28,672 C:\WINDOWS\System32ftuninst.exe
2006-06-18 17:35 28,672 C:\WINDOWS\system32\gbe90qs.exe
2006-06-18 17:35 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-06-18 17:35 208,896 C:\WINDOWS\system32\x3cqp0.dll
2006-06-18 17:35 129,649 C:\WINDOWS\elpp100drop.exe
2006-06-18 17:34 5,632 C:\WINDOWS\pi1_36.exe
2006-06-18 17:34 42,784 C:\WINDOWS\thiselt.exe
2006-06-18 17:34 319,294 C:\WINDOWS\YOINSI.exe
2006-06-18 17:34 25,105 C:\WINDOWS\idlemg.exe
2006-06-18 17:34 24,576 C:\WINDOWS\system32\nr1rnqm8.exe
2006-06-18 17:34 234,248 C:\WINDOWS\Tagasuarus2.exe
2006-06-18 17:34 232,749 C:\WINDOWS\pf78.exe
2006-06-18 17:34 159,838 C:\WINDOWS\system32\rwinpqez.exe
2006-06-18 17:34 131,072 C:\WINDOWS\system32\mptft.exe
2006-06-18 17:34 1,142,784 C:\WINDOWS\system32\ssn6tuu.exe
2006-06-18 17:29 13,373 C:\WINDOWS\system32\a.exe
2006-06-18 17:29 13,373 C:\WINDOWS\pre.exe
2006-06-18 17:21 267,767,808 C:\hiberfil.sys
2006-06-18 17:15 112,128 C:\WINDOWS\system32\mapi32.dll
2006-06-18 17:15 0 C:\MSDOS.SYS
2006-06-18 17:15 0 C:\IO.SYS
2006-06-18 17:15 0 C:\CONFIG.SYS
2006-06-18 17:15 0 C:\AUTOEXEC.BAT
2006-06-18 17:12 91,136 C:\WINDOWS\system32\MSOERT2.DLL
2006-06-18 17:12 9,728 C:\WINDOWS\system32\mstinit.exe
2006-06-18 17:12 77,824 C:\WINDOWS\system32\isign32.dll
2006-06-18 17:12 73,728 C:\WINDOWS\system32\ils.dll
2006-06-18 17:12 69,632 C:\WINDOWS\system32\icwdial.dll
2006-06-18 17:12 65,536 C:\WINDOWS\system32\msconf.dll
2006-06-18 17:12 64,512 C:\WINDOWS\system32\acctres.dll
2006-06-18 17:12 63,488 C:\WINDOWS\system32\srclient.dll
2006-06-18 17:12 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-06-18 17:12 596,480 C:\WINDOWS\system32\INETCOMM.DLL
2006-06-18 17:12 47,616 C:\WINDOWS\system32\INETRES.DLL
2006-06-18 17:12 40,960 C:\WINDOWS\system32\safrslv.dll
2006-06-18 17:12 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-06-18 17:12 361,984 C:\WINDOWS\system32\qmgr.dll
2006-06-18 17:12 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-06-18 17:12 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-06-18 17:12 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-06-18 17:12 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-06-18 17:12 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-06-18 17:12 26,624 C:\WINDOWS\system32\safrdm.dll
2006-06-18 17:12 250,368 C:\WINDOWS\system32\mstask.dll
2006-06-18 17:12 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-06-18 17:12 229,376 C:\WINDOWS\system32\MSOEACCT.DLL
2006-06-18 17:12 226,816 C:\WINDOWS\system32\srrstr.dll
2006-06-18 17:12 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-06-18 17:12 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-06-18 17:12 158,720 C:\WINDOWS\system32\srsvc.dll
2006-06-18 17:12 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-06-18 17:12 11,264 C:\WINDOWS\system32\atrace.dll
2006-06-18 17:10 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-06-18 17:10 974,336 C:\WINDOWS\system32\msdtctm.dll
2006-06-18 17:10 9,728 C:\WINDOWS\system32\reset.exe
2006-06-18 17:10 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-06-18 17:10 9,216 C:\WINDOWS\system32\icaapi.dll
2006-06-18 17:10 89,600 C:\WINDOWS\system32\comrepl.dll
2006-06-18 17:10 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-06-18 17:10 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-06-18 17:10 80,384 C:\WINDOWS\system32\charmap.exe
2006-06-18 17:10 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-06-18 17:10 73,216 C:\WINDOWS\system32\avwav.dll
2006-06-18 17:10 61,952 C:\WINDOWS\system32\rdshost.exe
2006-06-18 17:10 605,696 C:\WINDOWS\system32\getuname.dll
2006-06-18 17:10 6,144 C:\WINDOWS\system32\msdtc.exe
2006-06-18 17:10 598,016 C:\WINDOWS\system32\mstscax.dll
2006-06-18 17:10 57,856 C:\WINDOWS\system32\licwmi.dll
2006-06-18 17:10 56,832 C:\WINDOWS\system32\sol.exe
2006-06-18 17:10 56,320 C:\WINDOWS\system32\remotepg.dll
2006-06-18 17:10 55,296 C:\WINDOWS\system32\freecell.exe
2006-06-18 17:10 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-06-18 17:10 54,272 C:\WINDOWS\system32\stclient.dll
2006-06-18 17:10 534,016 C:\WINDOWS\system32\spider.exe
2006-06-18 17:10 53,248 C:\WINDOWS\system32\servdeps.dll
2006-06-18 17:10 5,632 C:\WINDOWS\system32\write.exe
2006-06-18 17:10 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-06-18 17:10 499,200 C:\WINDOWS\system32\comuid.dll
2006-06-18 17:10 44,544 C:\WINDOWS\system32\hticons.dll
2006-06-18 17:10 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-06-18 17:10 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-06-18 17:10 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-06-18 17:10 4,096 C:\WINDOWS\system32\mtxex.dll
2006-06-18 17:10 388,608 C:\WINDOWS\system32\mstsc.exe
2006-06-18 17:10 368,640 C:\WINDOWS\system32\msdtcprx.dll
2006-06-18 17:10 35,328 C:\WINDOWS\system32\winchat.exe
2006-06-18 17:10 339,968 C:\WINDOWS\system32\mspaint.exe
2006-06-18 17:10 33,792 C:\WINDOWS\system32\regini.exe
2006-06-18 17:10 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-06-18 17:10 25,600 C:\WINDOWS\system32\comaddin.dll
2006-06-18 17:10 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-06-18 17:10 227,840 C:\WINDOWS\system32\avtapi.dll
2006-06-18 17:10 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-06-18 17:10 200,192 C:\WINDOWS\system32\termsrv.dll
2006-06-18 17:10 20,992 C:\WINDOWS\system32\msg.exe
2006-06-18 17:10 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-06-18 17:10 18,432 C:\WINDOWS\system32\qprocess.exe
2006-06-18 17:10 179,200 C:\WINDOWS\system32\accwiz.exe
2006-06-18 17:10 174,592 C:\WINDOWS\system32\cmprops.dll
2006-06-18 17:10 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-06-18 17:10 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-06-18 17:10 16,384 C:\WINDOWS\system32\tskill.exe
2006-06-18 17:10 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-06-18 17:10 16,384 C:\WINDOWS\system32\avmeter.dll
2006-06-18 17:10 150,528 C:\WINDOWS\system32\msdtcuiu.dll
2006-06-18 17:10 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-06-18 17:10 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-06-18 17:10 15,360 C:\WINDOWS\system32\logoff.exe
2006-06-18 17:10 147,456 C:\WINDOWS\system32\comsnap.dll
2006-06-18 17:10 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-06-18 17:10 14,848 C:\WINDOWS\system32\tscon.exe
2006-06-18 17:10 14,848 C:\WINDOWS\system32\shadow.exe
2006-06-18 17:10 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-06-18 17:10 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-06-18 17:10 135,680 C:\WINDOWS\system32\rdchost.dll
2006-06-18 17:10 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-06-18 17:10 126,976 C:\WINDOWS\system32\mshearts.exe
2006-06-18 17:10 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-06-18 17:10 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-06-18 17:10 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-06-18 17:10 119,808 C:\WINDOWS\system32\winmine.exe
2006-06-18 17:10 116,736 C:\WINDOWS\system32\mplay32.exe
2006-06-18 17:10 114,688 C:\WINDOWS\system32\calc.exe
2006-06-18 17:10 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-06-18 17:10 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-06-18 17:10 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-06-18 17:10 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-06-18 15:53 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-06-18 15:52 14,048 C:\WINDOWS\system32\spmsg.dll
2006-06-18 15:51 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-06-18 15:51 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-06-18 15:51 331,776 C:\WINDOWS\system32\winhttp.dll
2006-06-18 15:51 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-06-18 15:51 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-06-18 15:49 465,176 C:\WINDOWS\system32\wuapi.dll
2006-06-18 15:49 41,240 C:\WINDOWS\system32\wups.dll
2006-06-18 15:49 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-06-18 15:49 18,200 C:\WINDOWS\system32\wups2.dll
2006-06-18 15:49 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-06-18 15:49 127,256 C:\WINDOWS\system32\wucltui.dll
2006-06-18 15:33 7,680 C:\WINDOWS\comdlg66.dll
2006-06-18 15:33 63,962 C:\WINDOWS\system32\taskdir.exe
2006-06-18 15:33 63,962 C:\WINDOWS\system32\ipod.raw.exe
2006-06-18 15:33 57,344 C:\WINDOWS\system32\senssrv.dll
2006-06-18 15:33 55,388 C:\WINDOWS\system32\spoolsvv.exe
2006-06-18 15:33 149,504 C:\WINDOWS\system32\dcom_21.dll
2006-06-18 15:33 14,482 C:\WINDOWS\system32\clcbt.exe
2006-06-18 15:32 8,644 C:\WINDOWS\system32\kernels8.exe
2006-06-18 15:32 7,482 C:\WINDOWS\system32\dlh9jkdq7.exe
2006-06-18 15:32 7,482 C:\WINDOWS\system32\dlh9jkdq6.exe
2006-06-18 15:32 5,036 C:\WINDOWS\system32\dlh9jkdq1.exe
2006-06-18 15:32 4,287 C:\WINDOWS\system32\dlh9jkdq5.exe
2006-06-18 15:32 21,504 C:\WINDOWS\system32\66783cac.exe
2006-06-18 15:32 19,258 C:\WINDOWS\xpupdate.exe
2006-06-18 15:32 19,258 C:\WINDOWS\system32\dlh9jkdq2.exe
2006-06-18 15:32 17 C:\WINDOWS\system32\dlh9jkdq8.exe
2006-06-18 15:32 13,312 C:\WINDOWS\system32\maxd641.exe
2006-06-18 14:41 2 C:\WINDOWS\system32\wapitr.exe
2006-06-18 09:57 9,759 C:\WINDOWS\system32\HSF_INST.dll
2006-06-18 09:57 67,072 C:\WINDOWS\system32\usbui.dll
2006-06-18 09:57 3,494,303 C:\WINDOWS\system32\nv4_disp.dll
2006-06-18 09:56 4,096 C:\WINDOWS\system32\ksuser.dll
2006-06-18 09:55 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-06-18 09:55 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-06-18 09:55 71,168 C:\WINDOWS\system32\storprop.dll
2006-06-18 09:55 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-06-18 09:55 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-06-18 09:55 6,656 C:\WINDOWS\system32\batt.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdest.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdur.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdru.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdro.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-06-18 09:55 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-06-18 09:55 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-06-18 09:55 15,360 C:\WINDOWS\TASKMAN.EXE
2006-06-18 09:55 13,312 C:\WINDOWS\system32\irclass.dll
2006-06-18 09:55 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-06-18 09:49 402,653,184 C:\pagefile.sys
2006-06-06 15:20 610,648 C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-06-06 08:03 60,416 C:\WINDOWS\system32\adrotate.dll
2006-06-02 13:39 402,736 C:\WINDOWS\system32\WgaLogon.dll
2006-06-02 13:39 286,000 C:\WINDOWS\system32\WgaTray.exe
2006-05-26 15:40 1,339,904 C:\WINDOWS\system32\SHDOCVW.DLL
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"pop06apelt"="C:\\WINDOWS\\thiselt.exe"
"TheMonitor"="C:\\WINDOWS\\CCZoop05.exe"
"66783cac.exe"="C:\\WINDOWS\\System32\\66783cac.exe"
"adstart"="iexplore.exe
http://iesettingsupdate"
"ms042458777-194"="C:\\WINDOWS\\ms042458777-194.exe"
"sys02942458777-1"="C:\\WINDOWS\\sys02942458777-1.exe"
"ms05458777-1942"="C:\\WINDOWS\\ms05458777-1942.exe"
"BrowserUpdateSched"="C:\\WINDOWS\\system32\\rwinpqez.exe GID003"
"sys0342458777-19"="C:\\WINDOWS\\sys0342458777-19.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"66783cac.exe"="C:\\Documents and Settings\\carol\\Local Settings\\Application Data\\66783cac.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"Iens"="\"C:\\PROGRA~1\\ASKS~1\\logonui.exe\" -vt ndrv"
"Hxtk"="C:\\Program Files\\Common Files\\S?mantec\\w?nspool.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN\\kyzezeso.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Common Files\\howy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\\Program Files\\CCleaner\\kyzezeso.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ec,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\\Program Files\\Windows NT\\kyzezeso.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ee,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Contents of the 'Scheduled Tasks' folder
Completion time: Tue 07/04/2006 13:39:25.32
ComboFix ver 06.07.04 - This logfile is located at C:\ComboFix.txt
ComboFix.2006-07-04.133708.txt
ComboFix.2006-07-04.133919.txt
-------------------------------------------------------------------------------------
and heres another try from the hijack this program
-------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:48:18 PM, on 7/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\System32\66783cac.exe
C:\WINDOWS\ms042458777-194.exe
C:\WINDOWS\system32\rwinpqez.exe
C:\WINDOWS\sys0342458777-19.exe
C:\PROGRA~1\ASKS~1\logonui.exe
C:\Program Files\Common Files\S?mantec\w?nspool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {14FF2DD1-C2C9-4A81-8ED8-ECA22E5B56FD} - C:\Program Files\Online Services\hore.dll
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\System32\nodeipproc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [66783cac.exe] C:\WINDOWS\System32\66783cac.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe
http://iesettingsupdate
O4 - HKLM\..\Run: [ms042458777-194] C:\WINDOWS\ms042458777-194.exe
O4 - HKLM\..\Run: [sys02942458777-1] C:\WINDOWS\sys02942458777-1.exe
O4 - HKLM\..\Run: [ms05458777-1942] C:\WINDOWS\ms05458777-1942.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinpqez.exe GID003
O4 - HKLM\..\Run: [sys0342458777-19] C:\WINDOWS\sys0342458777-19.exe
O4 - HKCU\..\Run: [66783cac.exe] C:\Documents and Settings\carol\Local Settings\Application Data\66783cac.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Iens] "C:\PROGRA~1\ASKS~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Hxtk] C:\Program Files\Common Files\S?mantec\w?nspool.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinpqez.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) -
http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0670934031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1125871453
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} -
http://installs.spamblockerutility.com/ ... tility.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
http://download.cdn.winsoftware.com/fil ... nstall.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
-------------------------------------------------------------------------------------
thank you for taking time away from your day to help as nothing i do seems to put a dent into these beasts