View Full Version : Command Service cmdService removal
Hi,
Having problems (like many other looks like) removing command serivce cmdservice from my pc. Below is the HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 12:42:54, on 01/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\{DCF157DC-0710-2057-1017-05041505002c}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANKF~1\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157101562514
O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\c6002gdmg60a2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Thank you in advance for your help
Dan
steamwiz
2006-09-02, 17:39
HI
Where are you seeing command service, I don't see it ?
you have many different infections...
First put hijackthis into a permanent folder (for your own safety)... then I'll tell you what to delete ... here's how :-
PLease do this first - go to C: and create a new permanent folder (call it hijackthis) ...Then put (or download - choose "save" not "run") the hijackthis.exe file in it (You must unzip it if it's zipped)...... so you have C:\hijackthis\hijackthis.exe.....then run hijackthis by clicking this .exe file -that way you will have backups if you accidentally remove the wrong item ( running from a temporary folder it will not be able to create backups ) click Do a system scan and save a logfile
Or if you find that difficult to follow....
Download a self-extracting copy of HijackThis from :-
http://downloads.malwareremoval.com/hijackthis_sfx.exe
1. save it to your Desktop.
2. Double-click on the file hijackthis_sfx.exe and it will self-extract into its own folder,
C:\Program Files\HijackThis
3. Go to this folder and run the hijackthis.exe file
4. click Do a system scan and save a logfile
5. Copy & paste the logfile into your next post here...
steam
Hi,
Sorry I have taken so long to reply. I had a few days off work!!! Lucky me.
Anyway since i have been away I think there are more infections on the pc. I have run spybot and some have been deleted but there are still a few left!
I have done what you have said and the HJT log is below. I await your next instructions. THANK YOU.
Logfile of HijackThis v1.99.1
Scan saved at 13:09:03, on 07/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U2Fsdmlh\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\nwnmff_16.exe
C:\kybrdff_16.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
c:\kybrdff_15.exe
C:\Program Files\Common Files\{DCF157DC-0710-2057-1017-05041505002c}\Update.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
C:\WINDOWS\System32\zstatus.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\FRANKF~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\FRANKF~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_15.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157101562514
O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\p84ulih9184.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2Fsdmlh\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
steamwiz
2006-09-07, 18:36
HI
Yes, you have a fair bit of malware on that computer...
2 things I need to ask you...
1.
I had a few days off work... since i have been away I think there are more infections on the pc.
This sounds like a work computer ?
2. Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
why do you have NO service packs ?
without the service packs you have no hope of keeping clean, as they they plug countless security vulnerabilities in both XP & IE.
First you need to install Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME
Go here to download SP1a
http://www.download.com/Windows-XP-Service-Pack-1a-SP1a-/3000-2098_4-10147920.html?tag=lst-0-19
cheers
steam
Thanks. I have installed SP1a like you said and below is the new HJT log. What's next? Really apprieciate your help, new at this stuff so hopefully will get this pc running properly. Thanks again
Logfile of HijackThis v1.99.1
Scan saved at 09:46:58, on 08/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U2Fsdmlh\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\dfndrff_16.exe
C:\kybrdff_15.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
c:\kybrdff_17.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\{DCF157DC-0710-2057-1017-05041505002c}\Update.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\nwnmff_17.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_17.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_17.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\p84ulih9184.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2Fsdmlh\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
steamwiz
2006-09-08, 19:50
HI
SO... IS this works computer ? and if it is, don't you have an IT department to attend to problems ?
Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
and save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Do not proceed with the rest of the fix if you fail to run combofix
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
steam
thanks but combofix didnt work. this is a small company only 3 pcs so no IT department i'm afraid!
I managed to get combofix to work, the first part of the log is below. I couldnt paste all as it said there are too many characters. I will post the second part on the next reply along with HJT report. I have scanned the pc with ewido anti-spyware and it seems to be a little better but still not right. Thanks again
06-09-11 12:22:15.75
ComboFix 06.09.11 - Running from: C:\Documents and Settings\Frankfurt01\Desktop
Microsoft Windows XP [Version 5.1.2600]
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\surfsidekick 3\Ssk.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
C:\Program Files\surfsidekick 3\Ssk.exe
((((((((((((((((((((((((((((((( Files Created from 2006-08-11 to 2006-09-11 ))))))))))))))))))))))))))))))))))
2006-09-11 10:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-08 09:29 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-08 09:29 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-09-08 09:29 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-09-08 09:29 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-09-08 09:29 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-09-08 09:29 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-09-08 09:29 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-09-08 09:29 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-09-08 09:29 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-09-08 09:29 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-09-08 09:29 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-09-08 09:29 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-09-08 09:29 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-09-08 09:29 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-09-08 09:29 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-09-08 09:29 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-09-08 09:29 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-09-08 09:29 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-09-08 09:29 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-09-08 09:29 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-09-08 09:29 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-09-08 09:29 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-09-08 09:29 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2006-09-08 09:29 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-09-08 09:29 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-09-08 09:29 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-09-08 09:29 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2006-09-08 09:29 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-09-08 09:29 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-09-08 09:29 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-09-08 09:29 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-09-08 09:29 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-09-08 09:29 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-09-08 09:29 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-09-08 09:29 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-09-08 09:29 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-09-08 09:29 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-09-08 09:29 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-09-08 09:29 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-09-08 09:29 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-09-08 09:29 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-09-08 09:28 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-09-08 09:28 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-09-08 09:28 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-08 09:28 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-09-08 09:28 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-09-08 09:28 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-09-08 09:28 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-09-08 09:28 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-09-08 09:28 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-08 09:28 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-09-08 09:28 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-09-08 09:28 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2006-09-08 09:28 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-09-08 09:28 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-09-08 09:28 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-09-08 09:28 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-09-08 09:28 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-08 09:28 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-09-08 09:28 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-09-08 09:28 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-09-08 09:28 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-09-08 09:28 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-09-08 09:28 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-09-08 09:28 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-09-08 09:28 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-08 09:28 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-09-08 09:28 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-09-08 09:28 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-09-08 09:28 511,488 --a------ C:\WINDOWS\system32\qedit.dll
2006-09-08 09:28 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-09-08 09:28 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-09-08 09:28 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-08 09:28 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-09-08 09:28 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-09-08 09:28 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-09-08 09:28 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-08 09:28 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-09-08 09:28 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-09-08 09:28 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-09-08 09:28 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-09-08 09:28 357,376 --a------ C:\WINDOWS\system32\qdvd.dll
2006-09-08 09:28 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-09-08 09:28 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-09-08 09:28 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-09-08 09:28 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-09-08 09:28 31,744 --a------ C:\WINDOWS\system32\pid.dll
2006-09-08 09:28 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-09-08 09:28 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-09-08 09:28 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-09-08 09:28 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-09-08 09:28 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-09-08 09:28 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-09-08 09:28 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-09-08 09:28 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-09-08 09:28 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-09-08 09:28 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-09-08 09:28 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-09-08 09:28 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-08 09:28 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-09-08 09:28 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-09-08 09:28 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-09-08 09:28 184,832 --a------ C:\WINDOWS\system32\qcap.dll
2006-09-08 09:28 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-09-08 09:28 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-09-08 09:28 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-09-08 09:28 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-09-08 09:28 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-09-08 09:28 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-09-08 09:28 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-09-08 09:28 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-09-08 09:28 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-09-08 09:28 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-08 09:28 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-08 09:28 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-08 09:28 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-08 09:28 134,144 --a------ C:\WINDOWS\regedit.exe
2006-09-08 09:28 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-09-08 09:28 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-09-08 09:28 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-09-08 09:28 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-09-08 09:28 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-09-08 09:28 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-09-08 09:28 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-09-08 09:28 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-08 09:28 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-09-08 09:28 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-09-08 09:28 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-09-08 09:28 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-09-08 09:28 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-09-08 09:28 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-09-08 09:28 1,142,784 --a------ C:\WINDOWS\system32\quartz.dll
2006-09-08 09:27 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-09-08 09:27 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-09-08 09:27 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-09-08 09:27 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-09-08 09:27 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-09-08 09:27 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-09-08 09:27 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-09-08 09:27 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-09-08 09:27 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-09-08 09:27 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-09-08 09:27 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-09-08 09:27 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-09-08 09:27 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-09-08 09:27 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-09-08 09:27 33,808 --a------ C:\WINDOWS\system32\ntio.sys
2006-09-08 09:27 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-09-08 09:27 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-09-08 09:27 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-09-08 09:27 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-09-08 09:27 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-09-08 09:27 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-08 09:27 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-09-08 09:27 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-09-08 09:27 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-09-08 09:27 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-09-08 09:27 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-09-08 09:27 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-09-08 09:27 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-09-08 09:27 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-09-08 09:27 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-09-08 09:27 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-09-08 09:27 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-09-08 09:27 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-09-08 09:27 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-09-08 09:27 12,288 --------- C:\WINDOWS\system32\encapi.dll
2006-09-08 09:27 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-09-08 09:27 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-09-08 09:27 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-09-08 09:27 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-09-08 09:26 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-08 09:26 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-09-08 09:26 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-08 09:26 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-09-08 09:26 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-09-08 09:26 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-08 09:26 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-09-08 09:26 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-09-08 09:26 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-09-08 09:26 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-09-08 09:26 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-09-08 09:26 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-09-08 09:26 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-09-08 09:26 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-09-08 09:26 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-09-08 09:26 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-08 09:26 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-09-08 09:26 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-09-08 09:26 348,195 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-09-08 09:26 348,191 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-09-08 09:26 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-09-08 09:26 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-08 09:26 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-09-08 09:26 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-09-08 09:26 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-09-08 09:26 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-09-08 09:26 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2006-09-08 09:26 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-08 09:26 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-09-08 09:26 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-09-08 09:26 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-09-08 09:26 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-08 09:26 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-09-08 09:26 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-09-08 09:26 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-09-08 09:26 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-09-08 09:26 192,512 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-09-08 09:26 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-09-08 09:26 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-09-08 09:26 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-09-08 09:26 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-09-08 09:26 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-09-08 09:26 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-09-08 09:26 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-09-08 09:26 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2006-09-08 09:26 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-09-08 09:26 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-09-08 09:26 1,503,262 --a------ C:\WINDOWS\system32\msjet40.dll
2006-09-08 09:26 1,220,608 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-09-08 09:26 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-08 09:25 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-09-08 09:25 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-09-08 09:25 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-08 09:25 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-08 09:25 512,031 --a------ C:\WINDOWS\system32\msexch40.dll
2006-09-08 09:25 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-09-08 09:25 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-09-08 09:25 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-09-08 09:25 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-08 09:25 319,519 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-09-08 09:25 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-09-08 09:25 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-09-08 09:25 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-09-08 09:25 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-09-08 09:25 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-09-08 09:25 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-09-08 09:25 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-09-08 09:25 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-09-08 09:25 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-09-08 09:25 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-08 09:25 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-09-08 09:25 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-09-08 09:23 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-09-08 09:23 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-08 09:23 89,088 --a------ C:\WINDOWS\system32\mqsec.dll
2006-09-08 09:23 73,728 --a------ C:\WINDOWS\system32\tlntsess.exe
2006-09-08 09:23 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-09-08 09:23 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2006-09-08 09:23 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-09-08 09:23 67,584 --a------ C:\WINDOWS\system32\tlntsvr.exe
2006-09-08 09:23 67,584 --a------ C:\WINDOWS\system32\fdeploy.dll
2006-09-08 09:23 613,888 --a------ C:\WINDOWS\system32\mqqm.dll
2006-09-08 09:23 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-09-08 09:23 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
part 2 of combofix:
2006-09-08 09:23 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-08 09:23 57,856 --a------ C:\WINDOWS\system32\tlntadmn.exe
2006-09-08 09:23 57,344 --a------ C:\WINDOWS\system32\nwwks.dll
2006-09-08 09:23 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
2006-09-08 09:23 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-09-08 09:23 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-09-08 09:23 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
2006-09-08 09:23 469,504 --a------ C:\WINDOWS\system32\mqutil.dll
2006-09-08 09:23 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-09-08 09:23 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-09-08 09:23 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-09-08 09:23 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-09-08 09:23 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-09-08 09:23 29,696 --------- C:\WINDOWS\system32\asr_pfu.exe
2006-09-08 09:23 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-09-08 09:23 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
2006-09-08 09:23 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-09-08 09:23 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2006-09-08 09:23 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-09-08 09:23 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-09-08 09:23 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
2006-09-08 09:23 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-09-08 09:23 183,296 --a------ C:\WINDOWS\system32\gptext.dll
2006-09-08 09:23 164,864 --a------ C:\WINDOWS\system32\mqrt.dll
2006-09-08 09:23 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
2006-09-08 09:23 156,672 --a------ C:\WINDOWS\system32\appmgmts.dll
2006-09-08 09:23 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-09-08 09:23 14,848 --a------ C:\WINDOWS\system32\mqise.dll
2006-09-08 09:23 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-09-08 09:23 130,048 --a------ C:\WINDOWS\system32\mqad.dll
2006-09-08 09:23 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-09-08 09:23 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-09-08 09:23 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-09-08 09:23 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-09-08 09:23 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
2006-09-08 09:23 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-09-08 09:23 113,152 --a------ C:\WINDOWS\system32\gpresult.exe
2006-09-08 09:23 103,936 --a------ C:\WINDOWS\system32\rsnotify.exe
2006-09-08 09:23 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-09-08 09:23 10,752 --------- C:\WINDOWS\system32\spiisupd.exe
2006-09-08 09:22 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-08 09:22 94,720 --a------ C:\WINDOWS\system32\dmusic.dll
2006-09-08 09:22 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-09-08 09:22 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-09-08 09:22 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-09-08 09:22 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-09-08 09:22 786,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-09-08 09:22 77,312 --a------ C:\WINDOWS\system32\dmscript.dll
2006-09-08 09:22 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-09-08 09:22 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-09-08 09:22 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-09-08 09:22 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-09-08 09:22 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-09-08 09:22 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-09-08 09:22 58,368 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-09-08 09:22 57,344 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-09-08 09:22 56,320 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-09-08 09:22 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-09-08 09:22 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-09-08 09:22 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-09-08 09:22 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-09-08 09:22 49,664 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-09-08 09:22 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-09-08 09:22 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-09-08 09:22 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2006-09-08 09:22 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-09-08 09:22 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-09-08 09:22 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
2006-09-08 09:22 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-09-08 09:22 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-09-08 09:22 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-08 09:22 31,744 --a------ C:\WINDOWS\system32\dmloader.dll
2006-09-08 09:22 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-09-08 09:22 29,696 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-09-08 09:22 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-09-08 09:22 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-09-08 09:22 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-09-08 09:22 26,112 --a------ C:\WINDOWS\system32\dmband.dll
2006-09-08 09:22 253,440 --a------ C:\WINDOWS\system32\ddraw.dll
2006-09-08 09:22 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-09-08 09:22 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-09-08 09:22 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-09-08 09:22 206,336 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-09-08 09:22 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-09-08 09:22 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-09-08 09:22 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-09-08 09:22 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-09-08 09:22 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-09-08 09:22 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-09-08 09:22 172,544 --a------ C:\WINDOWS\system32\dmime.dll
2006-09-08 09:22 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-09-08 09:22 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-09-08 09:22 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-09-08 09:22 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-09-08 09:22 156,672 --a------ C:\WINDOWS\system32\dpnet.dll
2006-09-08 09:22 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-09-08 09:22 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-09-08 09:22 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-09-08 09:22 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-09-08 09:22 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-09-08 09:22 110,080 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-09-08 09:22 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-09-08 09:22 1,180,672 --a------ C:\WINDOWS\system32\d3d8.dll
2006-09-08 09:22 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-09-08 09:21 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-09-08 09:21 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-09-08 09:21 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-09-08 09:21 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-09-08 09:21 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-09-08 09:21 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-09-08 09:21 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-09-08 09:21 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-09-08 09:21 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-09-08 09:21 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-09-08 09:21 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-09-08 09:21 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-09-08 09:21 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-09-08 09:21 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-09-08 09:21 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-09-08 09:21 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-09-08 09:21 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-09-08 09:21 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-09-08 09:21 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-09-08 09:21 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-09-07 08:38 96,768 --------- C:\WINDOWS\system32\repairs303169590.dll
2006-09-06 11:51 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-01 11:30 32,768 --a------ C:\setup9x.exe
2006-09-01 09:16 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-01 08:37 1,233 --a------ C:\WINDOWS\system32\rkydbacc.sys
2006-09-01 08:36 192 --a------ C:\ggg.bat
2006-09-01 08:35 138,862 --a------ C:\install.exe
2006-08-31 13:21 192 --a------ C:\WINDOWS\system32\ggg.bat
2006-08-31 13:21 128 --a------ C:\WINDOWS\system32\dr.exe
2006-08-31 13:20 138,862 --a------ C:\WINDOWS\system32\install.exe
2006-08-31 11:46 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2006-08-31 11:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-08-31 11:37 0 --a------ C:\WINDOWS\b.exe
2006-08-28 07:44 98,304 --------- C:\WINDOWS\apptune5.exe
2006-08-28 07:44 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL
2006-08-28 07:44 69,632 --a------ C:\WINDOWS\system32\zlmhp1.dll
2006-08-28 07:44 54,784 --a------ C:\WINDOWS\system32\zPJL.dll
2006-08-28 07:44 45,056 --------- C:\WINDOWS\system32\zpp.dll
2006-08-28 07:44 40,960 --------- C:\WINDOWS\system32\isutil.dll
2006-08-28 07:44 36,864 --------- C:\WINDOWS\system32\zpppcl.dll
2006-08-28 07:44 28,672 --a------ C:\WINDOWS\system32\zlm.dll
2006-08-28 07:44 19,456 --a------ C:\WINDOWS\system32\ZTAG32.DLL
2006-08-28 07:44 151,552 --------- C:\WINDOWS\system32\SDhp1000.DLL
2006-08-28 07:44 12,288 --a------ C:\WINDOWS\system32\IMF32.DLL
2006-08-28 07:44 1,953,792 --------- C:\WINDOWS\system32\pcldll6l.dll
2006-08-28 07:43 900,388 --------- C:\WINDOWS\system32\hpflash1.exe
2006-08-28 07:43 90,112 --------- C:\WINDOWS\system32\ZShp1005.dll
2006-08-28 07:43 90,112 --------- C:\WINDOWS\system32\vs1005.dll
2006-08-28 07:43 9,216 --------- C:\WINDOWS\system32\Zlang.dll
2006-08-28 07:43 70,656 --------- C:\WINDOWS\system32\Sd32.dll
2006-08-28 07:43 40,960 --------- C:\WINDOWS\system32\zstatus.exe
2006-08-28 07:43 32,768 --a------ C:\WINDOWS\closewnd.exe
2006-08-28 07:43 23,552 --------- C:\WINDOWS\system32\ZGDI32.DLL
2006-08-28 07:43 147,456 --------- C:\WINDOWS\system32\ZUNINST.EXE
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-11 12:21 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Skype
2006-09-11 11:50 -------- d-------- C:\Program Files\SurfSideKick 3
2006-09-11 11:44 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-11 10:44 -------- d-------- C:\Program Files\Common Files
2006-09-11 10:17 -------- d-------- C:\Program Files\Common Files\qwzz
2006-09-11 09:47 6020448 --a------ C:\Program Files\ewido-setup_4.0.0.172c.exe
2006-09-11 09:36 275734 --a------ C:\Program Files\combofix.exe
2006-09-08 09:46 -------- d-------- C:\Program Files\HijackThis
2006-09-08 09:43 -------- d-------- C:\Program Files\Internet Explorer
2006-09-08 09:39 -------- d-------- C:\Program Files\NetMeeting
2006-09-08 09:34 -------- d-------- C:\Program Files\Messenger
2006-09-08 09:33 -------- d-------- C:\Program Files\Windows Media Player
2006-09-08 09:33 -------- d-------- C:\Program Files\Outlook Express
2006-09-08 09:33 -------- d-------- C:\Program Files\Movie Maker
2006-09-08 09:33 -------- d-------- C:\Program Files\Common Files\System
2006-09-08 09:19 2028640 --a------ C:\Program Files\sp1aexpress_usa.exe
2006-09-07 13:08 282601 --a------ C:\Program Files\hijackthis_sfx.exe
2006-09-06 12:00 -------- d-------- C:\Program Files\PrintView
2006-09-01 12:31 212843 --a------ C:\Program Files\hijackthis_199.zip
2006-09-01 12:12 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-01 12:12 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Sun
2006-09-01 11:52 1468464 --a------ C:\Program Files\ccsetup132.exe
2006-09-01 11:52 -------- d-------- C:\Program Files\CCleaner
2006-09-01 11:49 -------- d-------- C:\Program Files\RegistryEasy
2006-09-01 11:45 1023089 --a------ C:\Program Files\RegistryEasy_Setup.exe
2006-09-01 11:43 5037072 --a------ C:\Program Files\spybotsd14.exe
2006-09-01 11:38 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Registry Booster
2006-09-01 11:22 2855080 --a------ C:\Program Files\aawsepersonal.exe
2006-09-01 11:22 -------- d-------- C:\Program Files\Lavasoft
2006-09-01 11:22 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Lavasoft
2006-09-01 11:11 3877544 --a------ C:\Program Files\spyhunterS.exe
2006-09-01 10:38 278927592 --a------ C:\Program Files\WindowsXP-KB835935-SP2-ENU.exe
2006-09-01 09:16 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-01 09:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-31 11:45 -------- d-------- C:\Program Files\WinRAR
2006-08-29 09:09 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Apple Computer
2006-08-28 07:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-28 07:44 -------- d-------- C:\Program Files\hp LaserJet 1005
2006-08-10 10:24 -------- d-------- C:\Program Files\QuickTime
2006-08-10 10:23 -------- d-------- C:\Program Files\iTunes
2006-08-10 10:23 -------- d-------- C:\Program Files\iPod
2006-08-10 10:10 -------- d-------- C:\Program Files\Java
2006-08-10 10:09 -------- d-------- C:\Program Files\Common Files\Java
2006-06-21 12:13 10641672 --a------ C:\Program Files\SkypeSetup.exe
2006-06-21 12:08 1113368 --a------ C:\WINDOWS\Duncan_ferguson.scr
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"qwzz"="C:\\PROGRA~1\\COMMON~1\\qwzz\\qwzzm.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"rkydbacc"="RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6"
"PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
Completion time: 11/09/2006 12:23:51.12
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
Thanks for your help....i just hope this malware goes soon as its really quite annoying!!!!
Logfile of HijackThis v1.99.1
Scan saved at 12:40:22, on 11/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
steamwiz
2006-09-11, 18:23
HI
Your hijackthis now shows no malware running, which is a big improvement from your first log... the log is not clean yet though...
Allthough the combofix log was quite large, it had a lot of sectons missing which I expected to see, please check the logs you have against what you have posted and see if you missed posting some....
Also now that you have run EWIDO ... I hope you saved the log ... I would like to see that as well please...
If you can't find any extra parts of the combofix log to post, please run combofix again and post any new logs in full.
steam
thanks, combofix log in 2 parts:
Frankfurt01 - 06-09-12 9:16:49.54
ComboFix 06.09.11 - Running from: C:\Documents and Settings\Frankfurt01\Desktop
Microsoft Windows XP [Version 5.1.2600]
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Frankfurt01\Application Data\Sskknwrd.dll
C:\Documents and Settings\Frankfurt01\Application Data\Sskuknwrd.dll
C:\WINDOWS\system32\bk.exe
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
C:\Program Files\surfsidekick 3\Ssk.exe
((((((((((((((((((((((((((((((( Files Created from 2006-08-12 to 2006-09-12 ))))))))))))))))))))))))))))))))))
2006-09-11 12:15 991,232 --a------ C:\WINDOWS\system32\esent.dll
2006-09-11 10:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-08 09:29 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-08 09:29 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-09-08 09:29 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-09-08 09:29 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-09-08 09:29 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-09-08 09:29 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-09-08 09:29 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-09-08 09:29 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-09-08 09:29 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-09-08 09:29 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-09-08 09:29 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-09-08 09:29 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-09-08 09:29 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-09-08 09:29 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-09-08 09:29 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-09-08 09:29 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-09-08 09:29 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-09-08 09:29 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-09-08 09:29 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-09-08 09:29 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-09-08 09:29 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-09-08 09:29 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2006-09-08 09:29 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-09-08 09:29 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-09-08 09:29 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-09-08 09:29 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2006-09-08 09:29 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-09-08 09:29 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-09-08 09:29 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-09-08 09:29 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-09-08 09:29 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-09-08 09:29 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-09-08 09:29 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-09-08 09:29 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-09-08 09:29 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-09-08 09:29 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-09-08 09:29 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-09-08 09:29 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-09-08 09:28 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-09-08 09:28 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-09-08 09:28 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-08 09:28 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-09-08 09:28 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-09-08 09:28 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-09-08 09:28 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-09-08 09:28 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-09-08 09:28 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-08 09:28 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-09-08 09:28 72,192 --a------ C:\WINDOWS\system32\telnet.exe
2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-09-08 09:28 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-09-08 09:28 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-09-08 09:28 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-09-08 09:28 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-09-08 09:28 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-09-08 09:28 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-08 09:28 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-09-08 09:28 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-09-08 09:28 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-09-08 09:28 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-09-08 09:28 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-09-08 09:28 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-09-08 09:28 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-09-08 09:28 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-08 09:28 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-09-08 09:28 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-09-08 09:28 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-09-08 09:28 511,488 --a------ C:\WINDOWS\system32\qedit.dll
2006-09-08 09:28 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-09-08 09:28 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-09-08 09:28 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-08 09:28 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-09-08 09:28 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-09-08 09:28 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-09-08 09:28 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-08 09:28 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-09-08 09:28 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-09-08 09:28 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-09-08 09:28 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-09-08 09:28 357,376 --a------ C:\WINDOWS\system32\qdvd.dll
2006-09-08 09:28 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-09-08 09:28 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-09-08 09:28 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-09-08 09:28 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-09-08 09:28 31,744 --a------ C:\WINDOWS\system32\pid.dll
2006-09-08 09:28 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-09-08 09:28 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-09-08 09:28 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-09-08 09:28 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-09-08 09:28 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-09-08 09:28 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-09-08 09:28 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-09-08 09:28 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-09-08 09:28 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-09-08 09:28 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-09-08 09:28 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-08 09:28 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-09-08 09:28 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-09-08 09:28 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-09-08 09:28 184,832 --a------ C:\WINDOWS\system32\qcap.dll
2006-09-08 09:28 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-09-08 09:28 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-09-08 09:28 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-09-08 09:28 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-09-08 09:28 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-09-08 09:28 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-09-08 09:28 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-09-08 09:28 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-09-08 09:28 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-09-08 09:28 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-08 09:28 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-08 09:28 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-08 09:28 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-08 09:28 134,144 --a------ C:\WINDOWS\regedit.exe
2006-09-08 09:28 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-09-08 09:28 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-09-08 09:28 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-09-08 09:28 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-09-08 09:28 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-09-08 09:28 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-09-08 09:28 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-09-08 09:28 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-08 09:28 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-09-08 09:28 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-09-08 09:28 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-09-08 09:28 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-09-08 09:28 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-09-08 09:27 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-09-08 09:27 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-09-08 09:27 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-09-08 09:27 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-09-08 09:27 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-09-08 09:27 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-09-08 09:27 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-09-08 09:27 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-09-08 09:27 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-09-08 09:27 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-09-08 09:27 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-09-08 09:27 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-09-08 09:27 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-09-08 09:27 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-09-08 09:27 33,808 --a------ C:\WINDOWS\system32\ntio.sys
2006-09-08 09:27 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-09-08 09:27 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-09-08 09:27 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-09-08 09:27 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-09-08 09:27 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-08 09:27 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-09-08 09:27 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-09-08 09:27 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-09-08 09:27 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-09-08 09:27 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-09-08 09:27 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-09-08 09:27 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-09-08 09:27 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-09-08 09:27 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-09-08 09:27 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-09-08 09:27 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-09-08 09:27 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-09-08 09:27 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-09-08 09:27 12,288 --------- C:\WINDOWS\system32\encapi.dll
2006-09-08 09:27 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-09-08 09:27 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-09-08 09:27 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-09-08 09:27 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-09-08 09:26 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2006-09-08 09:26 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-08 09:26 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-09-08 09:26 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-09-08 09:26 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-09-08 09:26 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-08 09:26 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-09-08 09:26 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-09-08 09:26 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-09-08 09:26 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-09-08 09:26 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-09-08 09:26 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-09-08 09:26 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-09-08 09:26 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-09-08 09:26 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-09-08 09:26 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-08 09:26 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-09-08 09:26 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-09-08 09:26 348,195 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-09-08 09:26 348,191 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-09-08 09:26 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-09-08 09:26 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-08 09:26 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-09-08 09:26 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-09-08 09:26 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-09-08 09:26 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-09-08 09:26 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2006-09-08 09:26 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-08 09:26 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-09-08 09:26 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-09-08 09:26 230,400 --a------ C:\WINDOWS\system32\msieftp.dll
2006-09-08 09:26 229,376 --a------ C:\WINDOWS\system32\MSOEACCT.DLL
2006-09-08 09:26 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-09-08 09:26 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-09-08 09:26 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-09-08 09:26 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-09-08 09:26 192,512 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-09-08 09:26 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-09-08 09:26 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-09-08 09:26 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-09-08 09:26 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-09-08 09:26 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-09-08 09:26 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-09-08 09:26 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2006-09-08 09:26 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-09-08 09:26 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-09-08 09:26 1,503,262 --a------ C:\WINDOWS\system32\msjet40.dll
2006-09-08 09:26 1,220,608 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-09-08 09:26 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-08 09:25 68,608 --a------ C:\WINDOWS\system32\mscms.dll
2006-09-08 09:25 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-09-08 09:25 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-08 09:25 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-08 09:25 512,031 --a------ C:\WINDOWS\system32\msexch40.dll
2006-09-08 09:25 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-09-08 09:25 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-09-08 09:25 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-09-08 09:25 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-08 09:25 319,519 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-09-08 09:25 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-09-08 09:25 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-09-08 09:25 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-09-08 09:25 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-09-08 09:25 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-09-08 09:25 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-09-08 09:25 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-09-08 09:25 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-09-08 09:25 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-09-08 09:25 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-08 09:25 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-09-08 09:25 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-09-08 09:23 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-09-08 09:23 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-08 09:23 88,576 --a------ C:\WINDOWS\system32\mqsec.dll
2006-09-08 09:23 73,728 --a------ C:\WINDOWS\system32\tlntsess.exe
2006-09-08 09:23 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-09-08 09:23 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2006-09-08 09:23 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-09-08 09:23 67,584 --a------ C:\WINDOWS\system32\tlntsvr.exe
2006-09-08 09:23 67,584 --a------ C:\WINDOWS\system32\fdeploy.dll
2006-09-08 09:23 608,768 --a------ C:\WINDOWS\system32\mqqm.dll
2006-09-08 09:23 596,480 --a------ C:\WINDOWS\system32\INETCOMM.DLL
2006-09-08 09:23 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-09-08 09:23 57,856 --a------ C:\WINDOWS\system32\tlntadmn.exe
2006-09-08 09:23 57,856 --a------ C:\WINDOWS\system32\nwwks.dll
2006-09-08 09:23 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
2006-09-08 09:23 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-09-08 09:23 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-09-08 09:23 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
2006-09-08 09:23 467,456 --a------ C:\WINDOWS\system32\mqutil.dll
2006-09-08 09:23 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-09-08 09:23 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-09-08 09:23 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
combofix part 2:
2006-09-08 09:23 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-09-08 09:23 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-09-08 09:23 29,696 --------- C:\WINDOWS\system32\asr_pfu.exe
2006-09-08 09:23 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-09-08 09:23 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
2006-09-08 09:23 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2006-09-08 09:23 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-09-08 09:23 237,056 --a------ C:\WINDOWS\system32\icm32.dll
2006-09-08 09:23 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
2006-09-08 09:23 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-09-08 09:23 183,808 --a------ C:\WINDOWS\system32\gptext.dll
2006-09-08 09:23 165,888 --a------ C:\WINDOWS\system32\mqrt.dll
2006-09-08 09:23 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
2006-09-08 09:23 156,672 --a------ C:\WINDOWS\system32\appmgmts.dll
2006-09-08 09:23 14,848 --a------ C:\WINDOWS\system32\mqise.dll
2006-09-08 09:23 130,048 --a------ C:\WINDOWS\system32\mqad.dll
2006-09-08 09:23 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-09-08 09:23 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-09-08 09:23 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-09-08 09:23 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-09-08 09:23 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
2006-09-08 09:23 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-09-08 09:23 113,152 --a------ C:\WINDOWS\system32\gpresult.exe
2006-09-08 09:23 103,936 --a------ C:\WINDOWS\system32\rsnotify.exe
2006-09-08 09:23 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-09-08 09:23 10,752 --------- C:\WINDOWS\system32\spiisupd.exe
2006-09-08 09:22 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-08 09:22 94,720 --a------ C:\WINDOWS\system32\dmusic.dll
2006-09-08 09:22 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-09-08 09:22 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-09-08 09:22 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-09-08 09:22 786,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-09-08 09:22 77,312 --a------ C:\WINDOWS\system32\dmscript.dll
2006-09-08 09:22 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-09-08 09:22 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-09-08 09:22 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-09-08 09:22 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-09-08 09:22 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-09-08 09:22 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-09-08 09:22 58,368 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-09-08 09:22 57,344 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-09-08 09:22 56,320 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-09-08 09:22 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-09-08 09:22 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-09-08 09:22 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-09-08 09:22 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-09-08 09:22 49,664 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-09-08 09:22 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-09-08 09:22 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-09-08 09:22 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2006-09-08 09:22 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-09-08 09:22 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-09-08 09:22 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
2006-09-08 09:22 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-09-08 09:22 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-09-08 09:22 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-08 09:22 31,744 --a------ C:\WINDOWS\system32\dmloader.dll
2006-09-08 09:22 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-09-08 09:22 29,696 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-09-08 09:22 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-09-08 09:22 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-09-08 09:22 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-09-08 09:22 26,112 --a------ C:\WINDOWS\system32\dmband.dll
2006-09-08 09:22 253,440 --a------ C:\WINDOWS\system32\ddraw.dll
2006-09-08 09:22 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-09-08 09:22 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-09-08 09:22 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-09-08 09:22 206,336 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-09-08 09:22 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-09-08 09:22 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-09-08 09:22 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-09-08 09:22 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-09-08 09:22 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-09-08 09:22 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-09-08 09:22 172,544 --a------ C:\WINDOWS\system32\dmime.dll
2006-09-08 09:22 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-09-08 09:22 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-09-08 09:22 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-09-08 09:22 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-09-08 09:22 156,672 --a------ C:\WINDOWS\system32\dpnet.dll
2006-09-08 09:22 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-09-08 09:22 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-09-08 09:22 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-09-08 09:22 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-09-08 09:22 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-09-08 09:22 110,080 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-09-08 09:22 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-09-08 09:22 1,180,672 --a------ C:\WINDOWS\system32\d3d8.dll
2006-09-08 09:22 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-09-08 09:21 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-09-08 09:21 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-09-08 09:21 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-09-08 09:21 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-09-08 09:21 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-09-08 09:21 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-09-08 09:21 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-09-08 09:21 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-09-08 09:21 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-09-08 09:21 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-09-08 09:21 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-09-08 09:21 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-09-08 09:21 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-09-08 09:21 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-09-08 09:21 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-09-08 09:21 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-09-08 09:21 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-09-08 09:21 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-09-08 09:21 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-09-07 08:38 96,768 --------- C:\WINDOWS\system32\repairs303169590.dll
2006-09-06 11:51 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-01 11:30 32,768 --a------ C:\setup9x.exe
2006-09-01 09:16 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-01 08:36 192 --a------ C:\ggg.bat
2006-09-01 08:35 138,862 --a------ C:\install.exe
2006-08-31 13:21 192 --a------ C:\WINDOWS\system32\ggg.bat
2006-08-31 13:21 128 --a------ C:\WINDOWS\system32\dr.exe
2006-08-31 13:20 138,862 --a------ C:\WINDOWS\system32\install.exe
2006-08-31 11:46 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2006-08-31 11:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-08-31 11:37 0 --a------ C:\WINDOWS\b.exe
2006-08-28 07:44 98,304 --------- C:\WINDOWS\apptune5.exe
2006-08-28 07:44 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL
2006-08-28 07:44 69,632 --a------ C:\WINDOWS\system32\zlmhp1.dll
2006-08-28 07:44 54,784 --a------ C:\WINDOWS\system32\zPJL.dll
2006-08-28 07:44 45,056 --------- C:\WINDOWS\system32\zpp.dll
2006-08-28 07:44 40,960 --------- C:\WINDOWS\system32\isutil.dll
2006-08-28 07:44 36,864 --------- C:\WINDOWS\system32\zpppcl.dll
2006-08-28 07:44 28,672 --a------ C:\WINDOWS\system32\zlm.dll
2006-08-28 07:44 19,456 --a------ C:\WINDOWS\system32\ZTAG32.DLL
2006-08-28 07:44 151,552 --------- C:\WINDOWS\system32\SDhp1000.DLL
2006-08-28 07:44 12,288 --a------ C:\WINDOWS\system32\IMF32.DLL
2006-08-28 07:44 1,953,792 --------- C:\WINDOWS\system32\pcldll6l.dll
2006-08-28 07:43 900,388 --------- C:\WINDOWS\system32\hpflash1.exe
2006-08-28 07:43 90,112 --------- C:\WINDOWS\system32\ZShp1005.dll
2006-08-28 07:43 90,112 --------- C:\WINDOWS\system32\vs1005.dll
2006-08-28 07:43 9,216 --------- C:\WINDOWS\system32\Zlang.dll
2006-08-28 07:43 70,656 --------- C:\WINDOWS\system32\Sd32.dll
2006-08-28 07:43 40,960 --------- C:\WINDOWS\system32\zstatus.exe
2006-08-28 07:43 32,768 --a------ C:\WINDOWS\closewnd.exe
2006-08-28 07:43 23,552 --------- C:\WINDOWS\system32\ZGDI32.DLL
2006-08-28 07:43 147,456 --------- C:\WINDOWS\system32\ZUNINST.EXE
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-12 09:17 -------- d-------- C:\Program Files\SurfSideKick 3
2006-09-12 08:01 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-11 13:33 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Skype
2006-09-11 13:04 -------- d-------- C:\Program Files\Windows Media Player
2006-09-11 13:01 -------- d-------- C:\Program Files\Outlook Express
2006-09-11 13:01 -------- d-------- C:\Program Files\Common Files\System
2006-09-11 12:40 -------- d-------- C:\Program Files\HijackThis
2006-09-11 10:44 -------- d-------- C:\Program Files\Common Files
2006-09-11 10:17 -------- d-------- C:\Program Files\Common Files\qwzz
2006-09-11 09:47 6020448 --a------ C:\Program Files\ewido-setup_4.0.0.172c.exe
2006-09-11 09:36 275734 --a------ C:\Program Files\combofix.exe
2006-09-08 09:43 -------- d-------- C:\Program Files\Internet Explorer
2006-09-08 09:39 -------- d-------- C:\Program Files\NetMeeting
2006-09-08 09:34 -------- d-------- C:\Program Files\Messenger
2006-09-08 09:33 -------- d-------- C:\Program Files\Movie Maker
2006-09-08 09:19 2028640 --a------ C:\Program Files\sp1aexpress_usa.exe
2006-09-07 13:08 282601 --a------ C:\Program Files\hijackthis_sfx.exe
2006-09-06 12:00 -------- d-------- C:\Program Files\PrintView
2006-09-01 12:31 212843 --a------ C:\Program Files\hijackthis_199.zip
2006-09-01 12:12 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-01 12:12 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Sun
2006-09-01 11:52 1468464 --a------ C:\Program Files\ccsetup132.exe
2006-09-01 11:52 -------- d-------- C:\Program Files\CCleaner
2006-09-01 11:49 -------- d-------- C:\Program Files\RegistryEasy
2006-09-01 11:45 1023089 --a------ C:\Program Files\RegistryEasy_Setup.exe
2006-09-01 11:43 5037072 --a------ C:\Program Files\spybotsd14.exe
2006-09-01 11:38 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Registry Booster
2006-09-01 11:22 2855080 --a------ C:\Program Files\aawsepersonal.exe
2006-09-01 11:22 -------- d-------- C:\Program Files\Lavasoft
2006-09-01 11:22 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Lavasoft
2006-09-01 11:11 3877544 --a------ C:\Program Files\spyhunterS.exe
2006-09-01 10:38 278927592 --a------ C:\Program Files\WindowsXP-KB835935-SP2-ENU.exe
2006-09-01 09:16 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-01 09:11 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-31 11:45 -------- d-------- C:\Program Files\WinRAR
2006-08-29 09:09 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Apple Computer
2006-08-28 07:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-28 07:44 -------- d-------- C:\Program Files\hp LaserJet 1005
2006-08-10 10:24 -------- d-------- C:\Program Files\QuickTime
2006-08-10 10:23 -------- d-------- C:\Program Files\iTunes
2006-08-10 10:23 -------- d-------- C:\Program Files\iPod
2006-08-10 10:10 -------- d-------- C:\Program Files\Java
2006-08-10 10:09 -------- d-------- C:\Program Files\Common Files\Java
2006-07-21 10:30 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-13 10:50 595968 --a------ C:\WINDOWS\system32\xpsp2res.dll
2006-06-21 12:13 10641672 --a------ C:\Program Files\SkypeSetup.exe
2006-06-21 12:08 1113368 --a------ C:\WINDOWS\Duncan_ferguson.scr
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"qwzz"="C:\\PROGRA~1\\COMMON~1\\qwzz\\qwzzm.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"rkydbacc"="RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6"
"PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
Completion time: 12/09/2006 9:17:54.20
ComboFix.txt
ComboFixpart1.txt
ComboFixpart2.txt
I have also re-scanned the pc with ewido and the log is below:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 09:50:12 12/09/2006
+ Scan result:
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : No action taken.
C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
[1164] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[1324] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[1388] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[1944] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[1992] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[2036] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[204] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[252] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[2996] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[300] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[336] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[436] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[516] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[564] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[576] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[652] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[712] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[760] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[800] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[816] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[840] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[868] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[960] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[976] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[992] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
C:\Program Files\Common Files\qwzz\qwzzd\qwzzc.dll -> Adware.TargetServer : No action taken.
C:\nwnmff_16.exe_tobedeleted -> Downloader.Adload.fg : No action taken.
C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
::Report end
thanks for your help....i hope we are nearly there!!!
I have also re-scanned the pc with ewido and the log is below:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 09:50:12 12/09/2006
+ Scan result:
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : No action taken.
C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
[1164] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[1324] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[1388] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[1944] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[1992] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[2036] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[204] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[252] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[2996] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[300] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[336] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[436] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[516] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[564] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[576] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[652] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[712] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[760] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[800] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[816] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[840] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[868] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[960] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[976] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[992] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
C:\Program Files\Common Files\qwzz\qwzzd\qwzzc.dll -> Adware.TargetServer : No action taken.
C:\nwnmff_16.exe_tobedeleted -> Downloader.Adload.fg : No action taken.
C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
::Report end
thanks for your help....i hope we are nearly there!!!
when ewido finishes scanning it gives the option to remove all malware and quarantine but when i click on remove it seems to freeze the pc. i think thats why the log says "no action taken".
steamwiz
2006-09-12, 20:48
Hi
First go to Add\Remove programs in the Control Panel and uninstall SurfSideKick
Then try to run EWIDO again ... post the new log...
Also post a new hijackthis log...
steam
Hi,
Thanks I think its gone! but i know nothing so maybe not!!
I uninstalled the sidesurf and below is the ewido report and HJT report......I hope its all better now!!!
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:53:35 13/09/2006
+ Scan result:
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Common Files\qwzz\qwzzd\qwzzc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
::Report end
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 12:05:19, on 13/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
THANKS AGAIN!
Hi,
I now have the following message on screen when i boot up the pc:
RUNDLL
error loading w00805a6.dll
The specified module could not be found
Any ideas?
thanks again
steamwiz
2006-09-13, 19:02
Hi
That's good .. it means this malware has been deleted :-
O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
WE can easily get rid of that error message...
Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
Please post a new hijackthis log & let me know if you are still having any problems ?
steam
Hi,
Thanks for your advice...the message has now disappeared. I have now installed Norton System works so hopefully this won't happen again. I hope that everything is now in order! Thanks for everything. Dan
Logfile of HijackThis v1.99.1
Scan saved at 11:52:17, on 14/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
steamwiz
2006-09-14, 20:31
Hi
Your hijackthis log's clean :)
If you have no further problems or questions....
Happy surfing
steam
TonyKlein
2006-09-16, 12:04
My apologies for gatecrashing this thread, but I have a question about one of your log entries:
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
Is this pvmodule.exe part of an application you installed on purpose?
If you aren't familiar with it, could I ask you to please send a copy of that C:\Program Files\PrintView (or Print View)\pvmodule.exe file to submit_stuffATxs4all.nl for analysis? (replace 'AT' by @)
We'd like to make sure it indeed belongs on your computer!
I'm asking this question, because at first glance, and despite what it appears to be, the file doesn't look to be part of the (legitimate) PrintView (http://www.cbr.com.tr/print_man.htm) appplication
Thanks a lot for your cooperation! :)
danxav
If you are still around, did you see TonyKlein's request? :)
TonyKlein
2006-09-22, 22:37
Hi Tashi, thanks! :) In fact I already received a copy of the file from another source., and it is now confirmed to be an impostor, as indeed I expected it to be:
http://www.castlecops.com/modules.php?name=CLSID&query=printview
Thank you Tony! :beerbeerb:
This topic has been archived.