Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

in need of help from malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

in need of help from malware

Unread postby slickutica » July 3rd, 2006, 4:38 pm

like the topic says in being haunted by this malware or whatever it says as i have tryed using Spybot search & destroy,Ad-Aware and these two programs can't delete it and Ccleaner i think got infected as it don't do nothing now to do away with these two programs which spybot search & destroy gave info about

the main biggie is this "Command Service" as all my programs can't even touch this and ive looked all over in my computer for this but can not find it

and the second is "Surfsidekick" but unlike that "command Service" i found files for it under "SurfSideKick 3" in program files and inside it has three files which none can be deleted
here are the names of the files
Ssk
SskBho.dll
SskCore.dll

anyway any feed back would be nice as i tryed to explain it the best i could and ill be happy to give more info if it's needed
slickutica
Active Member
 
Posts: 4
Joined: July 3rd, 2006, 4:21 pm
Top
Advertisement
Register to Remove

Unread postby slickutica » July 3rd, 2006, 4:49 pm

my bad in new to this stuff and didn't see the "hijackthis program was needed but here it is i hope

Logfile of HijackThis v1.99.1
Scan saved at 1:47:55 PM, on 7/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\System32\66783cac.exe
C:\WINDOWS\ms042458777-194.exe
C:\WINDOWS\ms05458777-1942.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rwinpqez.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ASKS~1\logonui.exe
C:\Program Files\Common Files\S?mantec\w?nspool.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {14FF2DD1-C2C9-4A81-8ED8-ECA22E5B56FD} - C:\Program Files\Online Services\hore.dll
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\System32\nodeipproc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [66783cac.exe] C:\WINDOWS\System32\66783cac.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [ms042458777-194] C:\WINDOWS\ms042458777-194.exe
O4 - HKLM\..\Run: [sys02942458777-1] C:\WINDOWS\sys02942458777-1.exe
O4 - HKLM\..\Run: [ms05458777-1942] C:\WINDOWS\ms05458777-1942.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [66783cac.exe] C:\Documents and Settings\carol\Local Settings\Application Data\66783cac.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Iens] "C:\PROGRA~1\ASKS~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Hxtk] C:\Program Files\Common Files\S?mantec\w?nspool.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinpqez.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0670934031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1125871453
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ ... tility.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
slickutica
Active Member
 
Posts: 4
Joined: July 3rd, 2006, 4:21 pm
Top

Unread postby Elrond » July 3rd, 2006, 5:20 pm

Hi slickutica
Welcome to Malware Removal Forums.
I'm looking over your log file and will get back to you soon.

Elrond
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top

Unread postby Elrond » July 3rd, 2006, 6:22 pm

You have some infections in there. However, in order to be able to help you I need a complete HijackThis log. The log that you posted seems to be cut off at the end. There should be more. Please repost it and be sure that every thing is copied and pasted into this topic.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top

Unread postby slickutica » July 3rd, 2006, 9:36 pm

ok ill try this again this time i made sure that i got everything thing hijack this gave me and thanks for helping me out


Logfile of HijackThis v1.99.1
Scan saved at 6:35:09 PM, on 7/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\System32\66783cac.exe
C:\WINDOWS\ms042458777-194.exe
C:\WINDOWS\ms05458777-1942.exe
C:\WINDOWS\system32\rwinpqez.exe
C:\PROGRA~1\ASKS~1\logonui.exe
C:\Program Files\Common Files\S?mantec\w?nspool.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {14FF2DD1-C2C9-4A81-8ED8-ECA22E5B56FD} - C:\Program Files\Online Services\hore.dll
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\System32\nodeipproc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [66783cac.exe] C:\WINDOWS\System32\66783cac.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [ms042458777-194] C:\WINDOWS\ms042458777-194.exe
O4 - HKLM\..\Run: [sys02942458777-1] C:\WINDOWS\sys02942458777-1.exe
O4 - HKLM\..\Run: [ms05458777-1942] C:\WINDOWS\ms05458777-1942.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinpqez.exe GID003
O4 - HKCU\..\Run: [66783cac.exe] C:\Documents and Settings\carol\Local Settings\Application Data\66783cac.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Iens] "C:\PROGRA~1\ASKS~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Hxtk] C:\Program Files\Common Files\S?mantec\w?nspool.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinpqez.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0670934031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1125871453
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ ... tility.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
slickutica
Active Member
 
Posts: 4
Joined: July 3rd, 2006, 4:21 pm
Top

Unread postby Elrond » July 3rd, 2006, 10:13 pm

Thanks slickutica

The log looks chopped of but I will take your word for it that this all of it.

First of all, with each post please read through the whole post. Be sure that you understand the instructions. If you have any questions please ask them before you start doing the fixes. You may want to print out this post so that you have a hard copy of these instructions. You can also copy the content of the post and paste it into Notepad. If you can not find Notepad let me know.


Now to start the cleanup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please run a new HijackThis scan and post the log from HijackThis together with the log from Combofix in this topic. That will give us a strting point for the next step.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top

Unread postby slickutica » July 4th, 2006, 4:51 pm

ok soory for all this and thanks for helping as these spyware seems nasty anyway heres the data from the combofix
-------------------------------------------------------------------------------------
Start Time= Tue 07/04/2006 13:39:19.59
Running from: C:\Documents and Settings\carol\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))

13:37:38.09

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-18 17:35:06 77,824 "C:\WINDOWS\system32\jgdndl.exe"
2006-06-18 17:35:18 45,056 "C:\WINDOWS\system32\tfthot.exe"
2006-07-04 13:35:10 2 "C:\WINDOWS\system32\wapitr.exe"
2006-06-18 15:33:12 14,482 "C:\WINDOWS\system32\clcbt.exe"
2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe"
2006-06-18 15:43:20 8,644 "C:\WINDOWS\system32\slx.exe???????????????????"
2006-06-18 17:36:06 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-05-19 15:52:28 2,702,848 "C:\WINDOWS\system32\MSHTML.DLL"
2006-05-14 02:13:42 257,536 "C:\WINDOWS\system32\oakley.dll"
2006-05-08 10:50:58 461,824 "C:\WINDOWS\system32\URLMON.DLL"
2006-06-18 17:35:18 208,896 "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-18 17:35:18 28,672 "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-18 15:32:52 13,312 "C:\WINDOWS\system32\maxd641.exe"
2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-18 15:33:10 63,962 "C:\WINDOWS\system32\taskdir.exe"
2006-06-02 13:39:46 286,000 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-18 15:33:24 149,504 "C:\WINDOWS\system32\dcom_21.dll"
2006-04-28 10:57:16 351,744 "C:\WINDOWS\system32\DXTMSFT.DLL"
2006-05-26 22:19:50 163,840 "C:\WINDOWS\system32\JGDW400.DLL"
2006-04-06 16:15:48 27,648 "C:\WINDOWS\system32\JGPL400.DLL"
2006-05-17 22:58:56 458,752 "C:\WINDOWS\system32\jscript.dll"
2006-04-28 10:58:48 12,288 "C:\WINDOWS\system32\JSPROXY.DLL"
2006-06-19 11:29:16 24,576 "C:\WINDOWS\system32\msxml3a.dll"
2006-05-14 02:13:42 169,984 "C:\WINDOWS\system32\rasmans.dll"
2006-06-18 15:33:20 57,344 "C:\WINDOWS\system32\senssrv.dll"
2006-05-26 15:40:58 1,339,904 "C:\WINDOWS\system32\SHDOCVW.DLL"
2006-06-18 17:35:24 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-04-28 10:58:58 575,488 "C:\WINDOWS\system32\WININET.DLL"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *




DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-18 17:35:18 28,672 "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-18 15:32:52 13,312 "C:\WINDOWS\system32\maxd641.exe"
2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-18 15:33:10 63,962 "C:\WINDOWS\system32\taskdir.exe"
2006-06-02 13:39:46 286,000 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-18 17:35:06 77,824 "C:\WINDOWS\system32\jgdndl.exe"
2006-06-18 17:35:18 45,056 "C:\WINDOWS\system32\tfthot.exe"
2006-07-04 13:35:10 2 "C:\WINDOWS\system32\wapitr.exe"
2006-06-18 15:33:12 14,482 "C:\WINDOWS\system32\clcbt.exe"
2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe"
2006-06-18 15:43:20 8,644 "C:\WINDOWS\system32\slx.exe???????????????????"
2006-06-18 17:36:06 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-06-18 15:33:24 149,504 "C:\WINDOWS\system32\dcom_21.dll"
2006-04-28 10:57:16 351,744 "C:\WINDOWS\system32\DXTMSFT.DLL"
2006-05-26 22:19:50 163,840 "C:\WINDOWS\system32\JGDW400.DLL"
2006-04-06 16:15:48 27,648 "C:\WINDOWS\system32\JGPL400.DLL"
2006-05-17 22:58:56 458,752 "C:\WINDOWS\system32\jscript.dll"
2006-04-28 10:58:48 12,288 "C:\WINDOWS\system32\JSPROXY.DLL"
2006-06-19 11:29:16 24,576 "C:\WINDOWS\system32\msxml3a.dll"
2006-05-14 02:13:42 169,984 "C:\WINDOWS\system32\rasmans.dll"
2006-06-18 15:33:20 57,344 "C:\WINDOWS\system32\senssrv.dll"
2006-05-26 15:40:58 1,339,904 "C:\WINDOWS\system32\SHDOCVW.DLL"
2006-06-18 17:35:24 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-04-28 10:58:58 575,488 "C:\WINDOWS\system32\WININET.DLL"
2006-05-19 15:52:28 2,702,848 "C:\WINDOWS\system32\MSHTML.DLL"
2006-05-14 02:13:42 257,536 "C:\WINDOWS\system32\oakley.dll"
2006-05-08 10:50:58 461,824 "C:\WINDOWS\system32\URLMON.DLL"
2006-06-18 17:35:18 208,896 "C:\WINDOWS\system32\x3cqp0.dll"


((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\carol\Application Data\Sskknwrd.dll
C:\Documents and Settings\carol\Application Data\Sskuknwrd.dll
C:\Documents and Settings\carol\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



13:39:03.23
((((((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\atmtd.dll.tmp
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-04 13:35:10 2 ( A.... ) "C:\WINDOWS\system32\wapitr.exe"
2006-07-04 13:35:08 81920 ( A.... ) "C:\WINDOWS\system32\mmc.dll"
2006-07-04 13:35:08 ( .D... ) "C:\Documents and Settings\carol\Application Data\F?nts"
2006-07-04 13:34:52 143360 ( A.... ) "C:\WINDOWS\sys0342458777-19.exe"
2006-07-04 13:34:52 0 ( A.... ) "C:\Documents and Settings\carol\Application Data\internaldb41.dat"
2006-07-03 18:43:58 5624 ( A.... ) "C:\Program Files\hijackthis.log"
2006-07-03 13:48:02 833 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-07-03 13:48:02 833 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-07-03 13:47:30 ( .D... ) "C:\Program Files\çasks"
2006-07-03 12:52:00 ( .D... ) "C:\Documents and Settings\carol\Application Data\Lavasoft"
2006-07-03 12:51:54 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-03 12:27:12 ( .D... ) "C:\Program Files\Yahoo!"
2006-07-01 10:31:46 236818 ( A.... ) "C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe"
2006-07-01 10:31:42 ( .D... ) "C:\Program Files\Common Files\S?mantec"
2006-07-01 10:31:24 319294 ( A.... ) "C:\WINDOWS\YOINSI.exe"
2006-06-30 14:10:32 143360 ( A.... ) "C:\WINDOWS\ms042458777-194.exe"
2006-06-23 20:09:00 ( .D... ) "C:\Program Files\Guild Wars"
2006-06-20 14:44:50 32540 ( A.... ) "C:\WINDOWS\system32\adrot-uninst.exe"
2006-06-20 14:38:50 32976 ( A.... ) "C:\WINDOWS\system32\uninstIcn.exe"
2006-06-20 07:55:24 389120 ( A.... ) "C:\WINDOWS\system32\nodeipproc.dll"
2006-06-20 00:51:04 ( .D... ) "C:\Documents and Settings\carol\Application Data\vlc"
2006-06-20 00:48:32 ( .D... ) "C:\Program Files\VideoLAN"
2006-06-19 21:14:06 ( .D... ) "C:\Program Files\games"
2006-06-19 20:57:30 129649 ( A.... ) "C:\WINDOWS\elpp100drop.exe"
2006-06-19 20:57:28 25105 ( A.... ) "C:\WINDOWS\idlemg.exe"
2006-06-19 20:57:26 114137 ( A.... ) "C:\WINDOWS\justin2a.exe"
2006-06-19 11:58:18 ( .D... ) "C:\Program Files\BitLord"
2006-06-19 11:29:24 45996 ( A.... ) "C:\WINDOWS\system32\UnIrimon.exe"
2006-06-19 11:29:16 24576 ( A.... ) "C:\WINDOWS\system32\msxml3a.dll"
2006-06-18 18:31:18 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-06-18 18:07:36 ( .D... ) "C:\Documents and Settings\carol\Application Data\Macromedia"
2006-06-18 17:38:14 45087 ( A.... ) "C:\WINDOWS\system32\podsregq.exe"
2006-06-18 17:36:50 ( .D... ) "C:\Program Files\Windows"
2006-06-18 17:36:40 2088960 ( A.... ) "C:\WINDOWS\cfg32.exe"
2006-06-18 17:36:12 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-06-18 17:36:10 45068 ( A.... ) "C:\WINDOWS\system32\ZICORN003.exe"
2006-06-18 17:36:06 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-06-18 17:35:34 53120 ( A.... ) "C:\WINDOWS\optimize.exe"
2006-06-18 17:35:24 45056 ( A.... ) "C:\WINDOWS\System32tfthot.exe"
2006-06-18 17:35:24 28672 ( A.... ) "C:\WINDOWS\System32ftuninst.exe"
2006-06-18 17:35:24 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-06-18 17:35:18 208896 ( A.... ) "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-18 17:35:18 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-06-18 17:35:18 28672 ( A.... ) "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-18 17:35:18 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-06-18 17:35:06 77824 ( A.... ) "C:\WINDOWS\system32\jgdndl.exe"
2006-06-18 17:35:06 77824 ( A.... ) "C:\WINDOWS\system32\cloudsim.exe"
2006-06-18 17:34:50 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-06-18 17:34:50 5632 ( A.... ) "C:\WINDOWS\pi1_36.exe"
2006-06-18 17:34:22 159838 ( A.... ) "C:\WINDOWS\system32\rwinpqez.exe"
2006-06-18 17:34:22 42784 ( A.... ) "C:\WINDOWS\thiselt.exe"
2006-06-18 17:30:00 13373 ( A.... ) "C:\WINDOWS\pre.exe"
2006-06-18 17:29:44 13373 ( A.... ) "C:\WINDOWS\system32\a.exe"
2006-06-18 17:25:52 ( .D... ) "C:\Program Files\WinRAR"
2006-06-18 17:21:46 ( .D... ) "C:\Documents and Settings\carol\Application Data\Identities"
2006-06-18 17:21:42 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-06-18 17:21:36 ( .DS.. ) "C:\Documents and Settings\carol\Application Data\Microsoft"
2006-06-18 17:15:50 ( .D... ) "C:\Program Files\xerox"
2006-06-18 17:15:50 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-06-18 17:15:34 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-06-18 17:12:40 ( .D... ) "C:\Program Files\Common Files\Services"
2006-06-18 17:12:34 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-06-18 17:12:28 ( .D... ) "C:\Program Files\Movie Maker"
2006-06-18 17:12:22 ( .D... ) "C:\Program Files\Outlook Express"
2006-06-18 17:12:22 ( .D... ) "C:\Program Files\NetMeeting"
2006-06-18 17:12:16 ( .D... ) "C:\Program Files\Common Files\System"
2006-06-18 17:12:12 ( .D... ) "C:\Program Files\Internet Explorer"
2006-06-18 17:10:54 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-06-18 17:10:54 ( .D... ) "C:\Program Files\Online Services"
2006-06-18 17:10:52 ( .D... ) "C:\Program Files\Windows Media Player"
2006-06-18 17:10:44 ( .D... ) "C:\Program Files\Messenger"
2006-06-18 17:10:40 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-06-18 17:10:12 ( .D... ) "C:\Program Files\Windows NT"
2006-06-18 17:10:12 ( .D... ) "C:\Program Files\MSN"
2006-06-18 15:44:10 8644 ( A.... ) "C:\WINDOWS\system32\kernels8.exe"
2006-06-18 15:43:58 55388 ( A.... ) "C:\WINDOWS\system32\spoolsvv.exe"
2006-06-18 15:43:26 17 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq8.exe"
2006-06-18 15:43:20 8644 ( A.... ) "C:\WINDOWS\system32\slx.exe???????????????????"
2006-06-18 15:33:36 7680 ( A.... ) "C:\WINDOWS\comdlg66.dll"
2006-06-18 15:33:24 149504 ( A.... ) "C:\WINDOWS\system32\dcom_21.dll"
2006-06-18 15:33:20 57344 ( A.... ) "C:\WINDOWS\system32\senssrv.dll"
2006-06-18 15:33:12 14482 ( A.... ) "C:\WINDOWS\system32\clcbt.exe"
2006-06-18 15:33:10 63962 ( A.... ) "C:\WINDOWS\system32\taskdir.exe"
2006-06-18 15:33:10 63962 ( A.... ) "C:\WINDOWS\system32\ipod.raw.exe"
2006-06-18 15:32:52 21504 ( A.... ) "C:\WINDOWS\system32\66783cac.exe"
2006-06-18 15:32:52 13312 ( A.... ) "C:\WINDOWS\system32\maxd641.exe"
2006-06-18 15:32:48 19258 ( A.... ) "C:\WINDOWS\xpupdate.exe"
2006-06-18 15:32:48 19258 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq2.exe"
2006-06-18 15:32:48 7482 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq7.exe"
2006-06-18 15:32:48 7482 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq6.exe"
2006-06-18 15:32:48 4287 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq5.exe"
2006-06-18 15:32:46 5036 ( A.... ) "C:\WINDOWS\system32\dlh9jkdq1.exe"
2006-06-18 14:45:14 ( .D... ) "C:\Program Files\CCleaner"
2006-06-18 14:41:14 234248 ( A.... ) "C:\WINDOWS\Tagasuarus2.exe"
2006-06-18 09:55:38 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-06-18 09:55:34 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-06-18 09:55:34 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-06-18 09:55:34 ( .D... ) "C:\Program Files\Common Files"
2006-06-18 09:55:08 62 ( A.SH. ) "C:\Documents and Settings\carol\Application Data\desktop.ini"
2006-06-15 18:39:06 131072 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-06-15 15:26:44 1142784 ( A.... ) "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-15 15:26:40 24576 ( A.... ) "C:\WINDOWS\system32\nr1rnqm8.exe"
2006-06-08 18:19:52 5967776 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-06-07 10:55:52 3626 ( A.... ) "C:\Program Files\Common Files\howy.html"
2006-06-06 15:20:40 610648 ( A.... ) "C:\WINDOWS\system32\WINSSWEBAGENT.DLL"
2006-06-06 08:03:38 60416 ( A.... ) "C:\WINDOWS\system32\adrotate.dll"
2006-06-06 07:48:36 139264 ( A.... ) "C:\WINDOWS\system32\ushr.dll"
2006-06-02 13:39:54 579888 ( ..... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-06-02 13:39:46 402736 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-02 13:39:46 286000 ( ..... ) "C:\WINDOWS\system32\WgaTray.exe"
2006-05-26 22:19:50 163840 ( A.... ) "C:\WINDOWS\system32\JGDW400.DLL"
2006-05-26 15:40:58 1339904 ( A.... ) "C:\WINDOWS\system32\SHDOCVW.DLL"
2006-05-19 15:52:28 2702848 ( A.... ) "C:\WINDOWS\system32\MSHTML.DLL"
2006-05-17 22:58:56 458752 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-14 02:13:42 364544 ( A.... ) "C:\WINDOWS\system32\ipsmsnap.dll"
2006-05-14 02:13:42 334848 ( A.... ) "C:\WINDOWS\system32\ipsecsnp.dll"
2006-05-14 02:13:42 257536 ( A.... ) "C:\WINDOWS\system32\oakley.dll"
2006-05-14 02:13:42 169984 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2006-05-14 02:13:42 159744 ( A.... ) "C:\WINDOWS\system32\ipsecsvc.dll"
2006-05-14 02:13:42 98304 ( A.... ) "C:\WINDOWS\system32\polstore.dll"
2006-05-14 02:13:42 29184 ( A.... ) "C:\WINDOWS\system32\winipsec.dll"
2006-05-08 10:50:58 461824 ( A.... ) "C:\WINDOWS\system32\URLMON.DLL"
2006-04-28 10:58:58 575488 ( A.... ) "C:\WINDOWS\system32\WININET.DLL"
2006-04-28 10:58:48 12288 ( A.... ) "C:\WINDOWS\system32\JSPROXY.DLL"
2006-04-28 10:57:16 351744 ( A.... ) "C:\WINDOWS\system32\DXTMSFT.DLL"
2006-04-06 16:15:48 27648 ( A.... ) "C:\WINDOWS\system32\JGPL400.DLL"
2005-02-16 11:06:16 218112 ( A.... ) "C:\Program Files\HijackThis.exe"


((((((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))))))


2006-07-04 13:34 143,360 C:\WINDOWS\sys0342458777-19.exe
2006-07-03 13:47 833 C:\WINDOWS\system32\nt68rrtc12.sys
2006-07-01 10:31 81,920 C:\WINDOWS\system32\mmc.dll
2006-06-30 14:10 143,360 C:\WINDOWS\ms042458777-194.exe
2006-06-20 07:55 389,120 C:\WINDOWS\system32\nodeipproc.dll
2006-06-19 21:09 32,976 C:\WINDOWS\system32\uninstIcn.exe
2006-06-19 11:29 45,996 C:\WINDOWS\system32\UnIrimon.exe
2006-06-19 11:29 24,576 C:\WINDOWS\system32\msxml3a.dll
2006-06-19 11:25 32,540 C:\WINDOWS\system32\adrot-uninst.exe
2006-06-19 11:18 114,137 C:\WINDOWS\justin2a.exe
2006-06-18 18:09 5,967,776 C:\WINDOWS\system32\MRT.exe
2006-06-18 17:48 593,408 C:\WINDOWS\system32\h323msp.dll
2006-06-18 17:48 548,352 C:\WINDOWS\system32\rtcdll.dll
2006-06-18 17:48 439,808 C:\WINDOWS\system32\ipnathlp.dll
2006-06-18 17:48 36,864 C:\WINDOWS\system32\mf3216.dll
2006-06-18 17:48 306,176 C:\WINDOWS\system32\netapi32.dll
2006-06-18 17:48 26,112 C:\WINDOWS\system32\xpsp1hfm.exe
2006-06-18 17:47 947,472 C:\WINDOWS\system32\msjava.dll
2006-06-18 17:47 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-06-18 17:47 49,424 C:\WINDOWS\system32\clspack.exe
2006-06-18 17:47 46,352 C:\WINDOWS\setdebug.exe
2006-06-18 17:47 404,752 C:\WINDOWS\system32\javart.dll
2006-06-18 17:47 313,856 C:\WINDOWS\system32\dx3j.dll
2006-06-18 17:47 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-06-18 17:47 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-06-18 17:47 187,152 C:\WINDOWS\system32\javacypt.dll
2006-06-18 17:47 172,304 C:\WINDOWS\system32\jview.exe
2006-06-18 17:47 171,792 C:\WINDOWS\system32\wjview.exe
2006-06-18 17:47 171,280 C:\WINDOWS\system32\jit.dll
2006-06-18 17:47 154,384 C:\WINDOWS\system32\msawt.dll
2006-06-18 17:47 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-06-18 17:47 139,536 C:\WINDOWS\system32\javaee.dll
2006-06-18 17:47 113 C:\WINDOWS\system32\zonedon.reg
2006-06-18 17:47 113 C:\WINDOWS\system32\zonedoff.reg
2006-06-18 17:43 991,232 C:\WINDOWS\system32\esent.dll
2006-06-18 17:38 45,087 C:\WINDOWS\system32\podsregq.exe
2006-06-18 17:36 48,167 C:\WINDOWS\system32\VSL05.exe
2006-06-18 17:36 45,068 C:\WINDOWS\system32\ZICORN003.exe
2006-06-18 17:36 32,768 C:\WINDOWS\unstall.exe
2006-06-18 17:36 2,088,960 C:\WINDOWS\cfg32.exe
2006-06-18 17:36 139,264 C:\WINDOWS\system32\ushr.dll
2006-06-18 17:35 8,464 C:\WINDOWS\system32\sporder.dll
2006-06-18 17:35 77,824 C:\WINDOWS\system32\jgdndl.exe
2006-06-18 17:35 77,824 C:\WINDOWS\system32\cloudsim.exe
2006-06-18 17:35 53,120 C:\WINDOWS\optimize.exe
2006-06-18 17:35 45,056 C:\WINDOWS\System32tfthot.exe
2006-06-18 17:35 45,056 C:\WINDOWS\system32\tfthot.exe
2006-06-18 17:35 28,672 C:\WINDOWS\System32ftuninst.exe
2006-06-18 17:35 28,672 C:\WINDOWS\system32\gbe90qs.exe
2006-06-18 17:35 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-06-18 17:35 208,896 C:\WINDOWS\system32\x3cqp0.dll
2006-06-18 17:35 129,649 C:\WINDOWS\elpp100drop.exe
2006-06-18 17:34 5,632 C:\WINDOWS\pi1_36.exe
2006-06-18 17:34 42,784 C:\WINDOWS\thiselt.exe
2006-06-18 17:34 319,294 C:\WINDOWS\YOINSI.exe
2006-06-18 17:34 25,105 C:\WINDOWS\idlemg.exe
2006-06-18 17:34 24,576 C:\WINDOWS\system32\nr1rnqm8.exe
2006-06-18 17:34 234,248 C:\WINDOWS\Tagasuarus2.exe
2006-06-18 17:34 232,749 C:\WINDOWS\pf78.exe
2006-06-18 17:34 159,838 C:\WINDOWS\system32\rwinpqez.exe
2006-06-18 17:34 131,072 C:\WINDOWS\system32\mptft.exe
2006-06-18 17:34 1,142,784 C:\WINDOWS\system32\ssn6tuu.exe
2006-06-18 17:29 13,373 C:\WINDOWS\system32\a.exe
2006-06-18 17:29 13,373 C:\WINDOWS\pre.exe
2006-06-18 17:21 267,767,808 C:\hiberfil.sys
2006-06-18 17:15 112,128 C:\WINDOWS\system32\mapi32.dll
2006-06-18 17:15 0 C:\MSDOS.SYS
2006-06-18 17:15 0 C:\IO.SYS
2006-06-18 17:15 0 C:\CONFIG.SYS
2006-06-18 17:15 0 C:\AUTOEXEC.BAT
2006-06-18 17:12 91,136 C:\WINDOWS\system32\MSOERT2.DLL
2006-06-18 17:12 9,728 C:\WINDOWS\system32\mstinit.exe
2006-06-18 17:12 77,824 C:\WINDOWS\system32\isign32.dll
2006-06-18 17:12 73,728 C:\WINDOWS\system32\ils.dll
2006-06-18 17:12 69,632 C:\WINDOWS\system32\icwdial.dll
2006-06-18 17:12 65,536 C:\WINDOWS\system32\msconf.dll
2006-06-18 17:12 64,512 C:\WINDOWS\system32\acctres.dll
2006-06-18 17:12 63,488 C:\WINDOWS\system32\srclient.dll
2006-06-18 17:12 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-06-18 17:12 596,480 C:\WINDOWS\system32\INETCOMM.DLL
2006-06-18 17:12 47,616 C:\WINDOWS\system32\INETRES.DLL
2006-06-18 17:12 40,960 C:\WINDOWS\system32\safrslv.dll
2006-06-18 17:12 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-06-18 17:12 361,984 C:\WINDOWS\system32\qmgr.dll
2006-06-18 17:12 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-06-18 17:12 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-06-18 17:12 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-06-18 17:12 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-06-18 17:12 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-06-18 17:12 26,624 C:\WINDOWS\system32\safrdm.dll
2006-06-18 17:12 250,368 C:\WINDOWS\system32\mstask.dll
2006-06-18 17:12 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-06-18 17:12 229,376 C:\WINDOWS\system32\MSOEACCT.DLL
2006-06-18 17:12 226,816 C:\WINDOWS\system32\srrstr.dll
2006-06-18 17:12 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-06-18 17:12 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-06-18 17:12 158,720 C:\WINDOWS\system32\srsvc.dll
2006-06-18 17:12 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-06-18 17:12 11,264 C:\WINDOWS\system32\atrace.dll
2006-06-18 17:10 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-06-18 17:10 974,336 C:\WINDOWS\system32\msdtctm.dll
2006-06-18 17:10 9,728 C:\WINDOWS\system32\reset.exe
2006-06-18 17:10 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-06-18 17:10 9,216 C:\WINDOWS\system32\icaapi.dll
2006-06-18 17:10 89,600 C:\WINDOWS\system32\comrepl.dll
2006-06-18 17:10 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-06-18 17:10 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-06-18 17:10 80,384 C:\WINDOWS\system32\charmap.exe
2006-06-18 17:10 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-06-18 17:10 73,216 C:\WINDOWS\system32\avwav.dll
2006-06-18 17:10 61,952 C:\WINDOWS\system32\rdshost.exe
2006-06-18 17:10 605,696 C:\WINDOWS\system32\getuname.dll
2006-06-18 17:10 6,144 C:\WINDOWS\system32\msdtc.exe
2006-06-18 17:10 598,016 C:\WINDOWS\system32\mstscax.dll
2006-06-18 17:10 57,856 C:\WINDOWS\system32\licwmi.dll
2006-06-18 17:10 56,832 C:\WINDOWS\system32\sol.exe
2006-06-18 17:10 56,320 C:\WINDOWS\system32\remotepg.dll
2006-06-18 17:10 55,296 C:\WINDOWS\system32\freecell.exe
2006-06-18 17:10 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-06-18 17:10 54,272 C:\WINDOWS\system32\stclient.dll
2006-06-18 17:10 534,016 C:\WINDOWS\system32\spider.exe
2006-06-18 17:10 53,248 C:\WINDOWS\system32\servdeps.dll
2006-06-18 17:10 5,632 C:\WINDOWS\system32\write.exe
2006-06-18 17:10 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-06-18 17:10 499,200 C:\WINDOWS\system32\comuid.dll
2006-06-18 17:10 44,544 C:\WINDOWS\system32\hticons.dll
2006-06-18 17:10 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-06-18 17:10 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-06-18 17:10 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-06-18 17:10 4,096 C:\WINDOWS\system32\mtxex.dll
2006-06-18 17:10 388,608 C:\WINDOWS\system32\mstsc.exe
2006-06-18 17:10 368,640 C:\WINDOWS\system32\msdtcprx.dll
2006-06-18 17:10 35,328 C:\WINDOWS\system32\winchat.exe
2006-06-18 17:10 339,968 C:\WINDOWS\system32\mspaint.exe
2006-06-18 17:10 33,792 C:\WINDOWS\system32\regini.exe
2006-06-18 17:10 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-06-18 17:10 25,600 C:\WINDOWS\system32\comaddin.dll
2006-06-18 17:10 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-06-18 17:10 227,840 C:\WINDOWS\system32\avtapi.dll
2006-06-18 17:10 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-06-18 17:10 200,192 C:\WINDOWS\system32\termsrv.dll
2006-06-18 17:10 20,992 C:\WINDOWS\system32\msg.exe
2006-06-18 17:10 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-06-18 17:10 18,432 C:\WINDOWS\system32\qprocess.exe
2006-06-18 17:10 179,200 C:\WINDOWS\system32\accwiz.exe
2006-06-18 17:10 174,592 C:\WINDOWS\system32\cmprops.dll
2006-06-18 17:10 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-06-18 17:10 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-06-18 17:10 16,384 C:\WINDOWS\system32\tskill.exe
2006-06-18 17:10 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-06-18 17:10 16,384 C:\WINDOWS\system32\avmeter.dll
2006-06-18 17:10 150,528 C:\WINDOWS\system32\msdtcuiu.dll
2006-06-18 17:10 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-06-18 17:10 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-06-18 17:10 15,360 C:\WINDOWS\system32\logoff.exe
2006-06-18 17:10 147,456 C:\WINDOWS\system32\comsnap.dll
2006-06-18 17:10 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-06-18 17:10 14,848 C:\WINDOWS\system32\tscon.exe
2006-06-18 17:10 14,848 C:\WINDOWS\system32\shadow.exe
2006-06-18 17:10 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-06-18 17:10 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-06-18 17:10 135,680 C:\WINDOWS\system32\rdchost.dll
2006-06-18 17:10 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-06-18 17:10 126,976 C:\WINDOWS\system32\mshearts.exe
2006-06-18 17:10 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-06-18 17:10 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-06-18 17:10 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-06-18 17:10 119,808 C:\WINDOWS\system32\winmine.exe
2006-06-18 17:10 116,736 C:\WINDOWS\system32\mplay32.exe
2006-06-18 17:10 114,688 C:\WINDOWS\system32\calc.exe
2006-06-18 17:10 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-06-18 17:10 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-06-18 17:10 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-06-18 17:10 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-06-18 15:53 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-06-18 15:52 14,048 C:\WINDOWS\system32\spmsg.dll
2006-06-18 15:51 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-06-18 15:51 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-06-18 15:51 331,776 C:\WINDOWS\system32\winhttp.dll
2006-06-18 15:51 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-06-18 15:51 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-06-18 15:49 465,176 C:\WINDOWS\system32\wuapi.dll
2006-06-18 15:49 41,240 C:\WINDOWS\system32\wups.dll
2006-06-18 15:49 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-06-18 15:49 18,200 C:\WINDOWS\system32\wups2.dll
2006-06-18 15:49 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-06-18 15:49 127,256 C:\WINDOWS\system32\wucltui.dll
2006-06-18 15:33 7,680 C:\WINDOWS\comdlg66.dll
2006-06-18 15:33 63,962 C:\WINDOWS\system32\taskdir.exe
2006-06-18 15:33 63,962 C:\WINDOWS\system32\ipod.raw.exe
2006-06-18 15:33 57,344 C:\WINDOWS\system32\senssrv.dll
2006-06-18 15:33 55,388 C:\WINDOWS\system32\spoolsvv.exe
2006-06-18 15:33 149,504 C:\WINDOWS\system32\dcom_21.dll
2006-06-18 15:33 14,482 C:\WINDOWS\system32\clcbt.exe
2006-06-18 15:32 8,644 C:\WINDOWS\system32\kernels8.exe
2006-06-18 15:32 7,482 C:\WINDOWS\system32\dlh9jkdq7.exe
2006-06-18 15:32 7,482 C:\WINDOWS\system32\dlh9jkdq6.exe
2006-06-18 15:32 5,036 C:\WINDOWS\system32\dlh9jkdq1.exe
2006-06-18 15:32 4,287 C:\WINDOWS\system32\dlh9jkdq5.exe
2006-06-18 15:32 21,504 C:\WINDOWS\system32\66783cac.exe
2006-06-18 15:32 19,258 C:\WINDOWS\xpupdate.exe
2006-06-18 15:32 19,258 C:\WINDOWS\system32\dlh9jkdq2.exe
2006-06-18 15:32 17 C:\WINDOWS\system32\dlh9jkdq8.exe
2006-06-18 15:32 13,312 C:\WINDOWS\system32\maxd641.exe
2006-06-18 14:41 2 C:\WINDOWS\system32\wapitr.exe
2006-06-18 09:57 9,759 C:\WINDOWS\system32\HSF_INST.dll
2006-06-18 09:57 67,072 C:\WINDOWS\system32\usbui.dll
2006-06-18 09:57 3,494,303 C:\WINDOWS\system32\nv4_disp.dll
2006-06-18 09:56 4,096 C:\WINDOWS\system32\ksuser.dll
2006-06-18 09:55 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-06-18 09:55 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-06-18 09:55 71,168 C:\WINDOWS\system32\storprop.dll
2006-06-18 09:55 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-06-18 09:55 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-06-18 09:55 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-06-18 09:55 6,656 C:\WINDOWS\system32\batt.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-06-18 09:55 6,144 C:\WINDOWS\system32\kbdest.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdur.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdru.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdro.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-06-18 09:55 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-06-18 09:55 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-06-18 09:55 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-06-18 09:55 15,360 C:\WINDOWS\TASKMAN.EXE
2006-06-18 09:55 13,312 C:\WINDOWS\system32\irclass.dll
2006-06-18 09:55 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-06-18 09:49 402,653,184 C:\pagefile.sys
2006-06-06 15:20 610,648 C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-06-06 08:03 60,416 C:\WINDOWS\system32\adrotate.dll
2006-06-02 13:39 402,736 C:\WINDOWS\system32\WgaLogon.dll
2006-06-02 13:39 286,000 C:\WINDOWS\system32\WgaTray.exe
2006-05-26 15:40 1,339,904 C:\WINDOWS\system32\SHDOCVW.DLL


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"pop06apelt"="C:\\WINDOWS\\thiselt.exe"
"TheMonitor"="C:\\WINDOWS\\CCZoop05.exe"
"66783cac.exe"="C:\\WINDOWS\\System32\\66783cac.exe"
"adstart"="iexplore.exe http://iesettingsupdate"
"ms042458777-194"="C:\\WINDOWS\\ms042458777-194.exe"
"sys02942458777-1"="C:\\WINDOWS\\sys02942458777-1.exe"
"ms05458777-1942"="C:\\WINDOWS\\ms05458777-1942.exe"
"BrowserUpdateSched"="C:\\WINDOWS\\system32\\rwinpqez.exe GID003"
"sys0342458777-19"="C:\\WINDOWS\\sys0342458777-19.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"66783cac.exe"="C:\\Documents and Settings\\carol\\Local Settings\\Application Data\\66783cac.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"Iens"="\"C:\\PROGRA~1\\ASKS~1\\logonui.exe\" -vt ndrv"
"Hxtk"="C:\\Program Files\\Common Files\\S?mantec\\w?nspool.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN\\kyzezeso.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Common Files\\howy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\\Program Files\\CCleaner\\kyzezeso.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ec,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\\Program Files\\Windows NT\\kyzezeso.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ee,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder

Completion time: Tue 07/04/2006 13:39:25.32
ComboFix ver 06.07.04 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-04.133708.txt
ComboFix.2006-07-04.133919.txt
-------------------------------------------------------------------------------------

and heres another try from the hijack this program

-------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:48:18 PM, on 7/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\System32\66783cac.exe
C:\WINDOWS\ms042458777-194.exe
C:\WINDOWS\system32\rwinpqez.exe
C:\WINDOWS\sys0342458777-19.exe
C:\PROGRA~1\ASKS~1\logonui.exe
C:\Program Files\Common Files\S?mantec\w?nspool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {14FF2DD1-C2C9-4A81-8ED8-ECA22E5B56FD} - C:\Program Files\Online Services\hore.dll
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\System32\nodeipproc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [66783cac.exe] C:\WINDOWS\System32\66783cac.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [ms042458777-194] C:\WINDOWS\ms042458777-194.exe
O4 - HKLM\..\Run: [sys02942458777-1] C:\WINDOWS\sys02942458777-1.exe
O4 - HKLM\..\Run: [ms05458777-1942] C:\WINDOWS\ms05458777-1942.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinpqez.exe GID003
O4 - HKLM\..\Run: [sys0342458777-19] C:\WINDOWS\sys0342458777-19.exe
O4 - HKCU\..\Run: [66783cac.exe] C:\Documents and Settings\carol\Local Settings\Application Data\66783cac.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Iens] "C:\PROGRA~1\ASKS~1\logonui.exe" -vt ndrv
O4 - HKCU\..\Run: [Hxtk] C:\Program Files\Common Files\S?mantec\w?nspool.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinpqez.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0670934031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1125871453
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ ... tility.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
-------------------------------------------------------------------------------------

thank you for taking time away from your day to help as nothing i do seems to put a dent into these beasts
slickutica
Active Member
 
Posts: 4
Joined: July 3rd, 2006, 4:21 pm
Top

Unread postby Elrond » July 4th, 2006, 10:27 pm

Hi slickutica

First of all, read through the whole post. Be sure that you understand the instructions. If you have any questions please ask them before you start doing the fixes. You may want to print out this post so that you have a hard copy of these instructions as you will be offline for part of the fix. You can also copy the content of the post and paste it into Notepad. If you can not find Notepad let me know.


Go to start > controlpanel > software > add/remove programs and uninstall next if present:
Zenosearch
Purityscan
Oin
Snowballwars by OIN
Reboot afterwards!!


Next please download ewido antispyware from
http://www.ewido.net/en/download/ .
Install it.

After it's downloaded and installed, it should aumatically update itself;
The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield'. Then right click on ewdio in the system tray and uncheck "Start with Windows".
If Ewido doesn't updates itself, you should do it manually. Go to the toolbar and find Update. Under manual Update click "Start Update".

Once Ewido is Updated and the preliminaries are done Ewido should be set up like this. Do not run an Ewido scan yet.:
  • Click on Scanner
  • Click on the Settings tab.
    • Under How to act?
      Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      All checkboxes should be ticked.
    • Under Possibly unwanted software:
      All checkboxes should be ticked.
    • Under Reports:
      Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      Select Scan every file.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

    When I instruct you to run the Ewido scan
  • Start Ewido by clicking the Ewido Icon
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished:
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.



Reboot in Safe Mode:
Restart the computer. When the BIOS has finished loading (before Windows starts loading) start rapidly tapping the "F8". A menu opens. Select "Safe Mode". The computer will start in safe mode.
[color=]This can be tricky. If Windows starts up in normal mode, repeat the process. If you have a keyboard with a "F Lock" key click it so that the "F" light above it is on when you start tapping the "F8" key.[/color]


Run Ewido according to the instructions above.

Follow the instructions for Saving the Report


Reboot in Normal Mode


Run a HijackThis scan and post it together with the report from Ewido in this topic.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top

Unread postby Elrond » July 5th, 2006, 12:18 am

Furthermore I do not see any Antivirus or Firewall in your logs. Do you have any security programs installed on that computer? If so which ones? Please give me your answer with your next post.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top

Unread postby Nellie2 » July 24th, 2006, 5:36 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 261 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index