Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Command Service cmdService removal

  1. #1
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default Command Service cmdService removal

    Hi,
    Having problems (like many other looks like) removing command serivce cmdservice from my pc. Below is the HJT log.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:42:54, on 01/09/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\{DCF157DC-0710-2057-1017-05041505002c}\Update.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\FRANKF~1\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
    O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
    O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
    O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: svchost.exe
    O4 - Global Startup: taskmgr.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157101562514
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\c6002gdmg60a2.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



    Thank you in advance for your help
    Dan

  2. #2
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    HI

    Where are you seeing command service, I don't see it ?

    you have many different infections...

    First put hijackthis into a permanent folder (for your own safety)... then I'll tell you what to delete ... here's how :-

    PLease do this first - go to C: and create a new permanent folder (call it hijackthis) ...Then put (or download - choose "save" not "run") the hijackthis.exe file in it (You must unzip it if it's zipped)...... so you have C:\hijackthis\hijackthis.exe.....then run hijackthis by clicking this .exe file -that way you will have backups if you accidentally remove the wrong item ( running from a temporary folder it will not be able to create backups ) click Do a system scan and save a logfile

    Or if you find that difficult to follow....

    Download a self-extracting copy of HijackThis from :-
    http://downloads.malwareremoval.com/hijackthis_sfx.exe
    1. save it to your Desktop.
    2. Double-click on the file hijackthis_sfx.exe and it will self-extract into its own folder,
    C:\Program Files\HijackThis
    3. Go to this folder and run the hijackthis.exe file
    4. click Do a system scan and save a logfile
    5. Copy & paste the logfile into your next post here...

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  3. #3
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default HJT Log

    Hi,
    Sorry I have taken so long to reply. I had a few days off work!!! Lucky me.
    Anyway since i have been away I think there are more infections on the pc. I have run spybot and some have been deleted but there are still a few left!
    I have done what you have said and the HJT log is below. I await your next instructions. THANK YOU.

    Logfile of HijackThis v1.99.1
    Scan saved at 13:09:03, on 07/09/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\U2Fsdmlh\command.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\nwnmff_16.exe
    C:\kybrdff_16.exe
    C:\PROGRA~1\PRINTV~1\pvmodule.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
    c:\kybrdff_15.exe
    C:\Program Files\Common Files\{DCF157DC-0710-2057-1017-05041505002c}\Update.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
    C:\WINDOWS\System32\zstatus.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
    C:\DOCUME~1\FRANKF~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\DOCUME~1\FRANKF~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
    O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
    O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
    O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_15.exe
    O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: svchost.exe
    O4 - Global Startup: taskmgr.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157101562514
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: repairs303169590.dll
    O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\p84ulih9184.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2Fsdmlh\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

  4. #4
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    HI

    Yes, you have a fair bit of malware on that computer...

    2 things I need to ask you...

    1.

    I had a few days off work... since i have been away I think there are more infections on the pc.
    This sounds like a work computer ?

    2. Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    why do you have NO service packs ?

    without the service packs you have no hope of keeping clean, as they they plug countless security vulnerabilities in both XP & IE.

    First you need to install Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME

    Go here to download SP1a

    http://www.download.com/Windows-XP-S...l?tag=lst-0-19

    cheers

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  5. #5
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default SP1a installed

    Thanks. I have installed SP1a like you said and below is the new HJT log. What's next? Really apprieciate your help, new at this stuff so hopefully will get this pc running properly. Thanks again

    Logfile of HijackThis v1.99.1
    Scan saved at 09:46:58, on 08/09/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\U2Fsdmlh\command.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\dfndrff_16.exe
    C:\kybrdff_15.exe
    C:\PROGRA~1\PRINTV~1\pvmodule.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
    c:\kybrdff_17.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\{DCF157DC-0710-2057-1017-05041505002c}\Update.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\nwnmff_17.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
    O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
    O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
    O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_17.exe
    O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [newname] c:\\nwnmff_17.exe
    O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: svchost.exe
    O4 - Global Startup: taskmgr.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: repairs303169590.dll
    O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\p84ulih9184.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2Fsdmlh\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

  6. #6
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    HI

    SO... IS this works computer ? and if it is, don't you have an IT department to attend to problems ?

    Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Do not proceed with the rest of the fix if you fail to run combofix
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  7. #7
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default Combofix not working

    thanks but combofix didnt work. this is a small company only 3 pcs so no IT department i'm afraid!

  8. #8
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default combofix part 1

    I managed to get combofix to work, the first part of the log is below. I couldnt paste all as it said there are too many characters. I will post the second part on the next reply along with HJT report. I have scanned the pc with ewido anti-spyware and it seems to be a little better but still not right. Thanks again


    06-09-11 12:22:15.75
    ComboFix 06.09.11 - Running from: C:\Documents and Settings\Frankfurt01\Desktop

    Microsoft Windows XP [Version 5.1.2600]

    ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\surfsidekick 3\Ssk.exe


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    C:\Program Files\surfsidekick 3\Ssk.exe
    ((((((((((((((((((((((((((((((( Files Created from 2006-08-11 to 2006-09-11 ))))))))))))))))))))))))))))))))))


    2006-09-11 10:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-09-08 09:29 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-09-08 09:29 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
    2006-09-08 09:29 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
    2006-09-08 09:29 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
    2006-09-08 09:29 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
    2006-09-08 09:29 60,416 --a------ C:\WINDOWS\system32\wextract.exe
    2006-09-08 09:29 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
    2006-09-08 09:29 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
    2006-09-08 09:29 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
    2006-09-08 09:29 48,128 --a------ C:\WINDOWS\system32\winsta.dll
    2006-09-08 09:29 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-09-08 09:29 47,616 --a------ C:\WINDOWS\system32\utilman.exe
    2006-09-08 09:29 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
    2006-09-08 09:29 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
    2006-09-08 09:29 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
    2006-09-08 09:29 339,456 --a------ C:\WINDOWS\system32\usp10.dll
    2006-09-08 09:29 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
    2006-09-08 09:29 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
    2006-09-08 09:29 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
    2006-09-08 09:29 266,752 --a------ C:\WINDOWS\winhlp32.exe
    2006-09-08 09:29 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
    2006-09-08 09:29 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-09-08 09:29 247,808 --a------ C:\WINDOWS\system32\wow32.dll
    2006-09-08 09:29 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
    2006-09-08 09:29 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
    2006-09-08 09:29 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
    2006-09-08 09:29 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
    2006-09-08 09:29 171,520 --a------ C:\WINDOWS\system32\winmm.dll
    2006-09-08 09:29 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
    2006-09-08 09:29 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
    2006-09-08 09:29 165,376 --a------ C:\WINDOWS\system32\w32time.dll
    2006-09-08 09:29 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
    2006-09-08 09:29 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
    2006-09-08 09:29 16,384 --a------ C:\WINDOWS\system32\ups.exe
    2006-09-08 09:29 13,312 --a------ C:\WINDOWS\system32\wship6.dll
    2006-09-08 09:29 124,928 --a------ C:\WINDOWS\system32\webvw.dll
    2006-09-08 09:29 120,320 --a------ C:\WINDOWS\system32\upnp.dll
    2006-09-08 09:29 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
    2006-09-08 09:29 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
    2006-09-08 09:29 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
    2006-09-08 09:29 106,496 --a------ C:\WINDOWS\system32\url.dll
    2006-09-08 09:28 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
    2006-09-08 09:28 91,136 --a------ C:\WINDOWS\system32\rastls.dll
    2006-09-08 09:28 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-09-08 09:28 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
    2006-09-08 09:28 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
    2006-09-08 09:28 82,944 --a------ C:\WINDOWS\system32\psbase.dll
    2006-09-08 09:28 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
    2006-09-08 09:28 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
    2006-09-08 09:28 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-09-08 09:28 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
    2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\telnet.exe
    2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\storprop.dll
    2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
    2006-09-08 09:28 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
    2006-09-08 09:28 674,816 --a------ C:\WINDOWS\system32\sxs.dll
    2006-09-08 09:28 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
    2006-09-08 09:28 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
    2006-09-08 09:28 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
    2006-09-08 09:28 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
    2006-09-08 09:28 63,488 --a------ C:\WINDOWS\system32\srclient.dll
    2006-09-08 09:28 62,976 --a------ C:\WINDOWS\system32\shgina.dll
    2006-09-08 09:28 61,952 --a------ C:\WINDOWS\system32\sti.dll
    2006-09-08 09:28 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
    2006-09-08 09:28 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
    2006-09-08 09:28 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
    2006-09-08 09:28 57,856 --a------ C:\WINDOWS\system32\raschap.dll
    2006-09-08 09:28 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
    2006-09-08 09:28 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-09-08 09:28 534,016 --a------ C:\WINDOWS\system32\spider.exe
    2006-09-08 09:28 53,248 --a------ C:\WINDOWS\system32\packager.exe
    2006-09-08 09:28 52,224 --a------ C:\WINDOWS\system32\secur32.dll
    2006-09-08 09:28 511,488 --a------ C:\WINDOWS\system32\qedit.dll
    2006-09-08 09:28 48,128 --a------ C:\WINDOWS\system32\reg.exe
    2006-09-08 09:28 44,032 --a------ C:\WINDOWS\system32\regapi.dll
    2006-09-08 09:28 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-09-08 09:28 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
    2006-09-08 09:28 423,424 --a------ C:\WINDOWS\system32\riched20.dll
    2006-09-08 09:28 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
    2006-09-08 09:28 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-09-08 09:28 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
    2006-09-08 09:28 384,000 --a------ C:\WINDOWS\system32\themeui.dll
    2006-09-08 09:28 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
    2006-09-08 09:28 36,352 --a------ C:\WINDOWS\system32\sens.dll
    2006-09-08 09:28 357,376 --a------ C:\WINDOWS\system32\qdvd.dll
    2006-09-08 09:28 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
    2006-09-08 09:28 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
    2006-09-08 09:28 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
    2006-09-08 09:28 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
    2006-09-08 09:28 31,744 --a------ C:\WINDOWS\system32\pid.dll
    2006-09-08 09:28 3,338 --a------ C:\WINDOWS\system32\redir.exe
    2006-09-08 09:28 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
    2006-09-08 09:28 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
    2006-09-08 09:28 254,976 --a------ C:\WINDOWS\system32\pdh.dll
    2006-09-08 09:28 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
    2006-09-08 09:28 24,064 --a------ C:\WINDOWS\system32\skeys.exe
    2006-09-08 09:28 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
    2006-09-08 09:28 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
    2006-09-08 09:28 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
    2006-09-08 09:28 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
    2006-09-08 09:28 212,480 --a------ C:\WINDOWS\system32\osk.exe
    2006-09-08 09:28 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-09-08 09:28 20,992 --a------ C:\WINDOWS\system32\setup.exe
    2006-09-08 09:28 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
    2006-09-08 09:28 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
    2006-09-08 09:28 184,832 --a------ C:\WINDOWS\system32\qcap.dll
    2006-09-08 09:28 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
    2006-09-08 09:28 174,592 --a------ C:\WINDOWS\system32\scecli.dll
    2006-09-08 09:28 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
    2006-09-08 09:28 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
    2006-09-08 09:28 17,408 --a------ C:\WINDOWS\system32\psapi.dll
    2006-09-08 09:28 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
    2006-09-08 09:28 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
    2006-09-08 09:28 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
    2006-09-08 09:28 16,384 --a------ C:\WINDOWS\system32\ping.exe
    2006-09-08 09:28 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-09-08 09:28 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-09-08 09:28 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-09-08 09:28 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-09-08 09:28 134,144 --a------ C:\WINDOWS\regedit.exe
    2006-09-08 09:28 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
    2006-09-08 09:28 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
    2006-09-08 09:28 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
    2006-09-08 09:28 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
    2006-09-08 09:28 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
    2006-09-08 09:28 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
    2006-09-08 09:28 12,800 --a------ C:\WINDOWS\system32\runonce.exe
    2006-09-08 09:28 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-09-08 09:28 117,760 --a------ C:\WINDOWS\system32\stobject.dll
    2006-09-08 09:28 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
    2006-09-08 09:28 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
    2006-09-08 09:28 10,752 --a------ C:\WINDOWS\system32\tracert.exe
    2006-09-08 09:28 1,349,120 --a------ C:\WINDOWS\system32\query.dll
    2006-09-08 09:28 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
    2006-09-08 09:28 1,142,784 --a------ C:\WINDOWS\system32\quartz.dll
    2006-09-08 09:27 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
    2006-09-08 09:27 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
    2006-09-08 09:27 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
    2006-09-08 09:27 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
    2006-09-08 09:27 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
    2006-09-08 09:27 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
    2006-09-08 09:27 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
    2006-09-08 09:27 504,832 --------- C:\WINDOWS\system32\msftedit.dll
    2006-09-08 09:27 5,120 --------- C:\WINDOWS\system32\hccoin.dll
    2006-09-08 09:27 49,152 --a------ C:\WINDOWS\system32\npptools.dll
    2006-09-08 09:27 403,456 --------- C:\WINDOWS\system32\winbrand.dll
    2006-09-08 09:27 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
    2006-09-08 09:27 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
    2006-09-08 09:27 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
    2006-09-08 09:27 33,808 --a------ C:\WINDOWS\system32\ntio.sys
    2006-09-08 09:27 328,704 --a------ C:\WINDOWS\system32\oakley.dll
    2006-09-08 09:27 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
    2006-09-08 09:27 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
    2006-09-08 09:27 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
    2006-09-08 09:27 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
    2006-09-08 09:27 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-09-08 09:27 238,080 --a------ C:\WINDOWS\system32\newdev.dll
    2006-09-08 09:27 218,112 --------- C:\WINDOWS\system32\sbe.dll
    2006-09-08 09:27 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
    2006-09-08 09:27 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
    2006-09-08 09:27 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
    2006-09-08 09:27 172,032 --------- C:\WINDOWS\system32\mssap.dll
    2006-09-08 09:27 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
    2006-09-08 09:27 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
    2006-09-08 09:27 155,648 --------- C:\WINDOWS\system32\encdec.dll
    2006-09-08 09:27 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
    2006-09-08 09:27 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
    2006-09-08 09:27 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
    2006-09-08 09:27 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
    2006-09-08 09:27 12,288 --------- C:\WINDOWS\system32\encapi.dll
    2006-09-08 09:27 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
    2006-09-08 09:27 110,080 --------- C:\WINDOWS\system32\sbeio.dll
    2006-09-08 09:27 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
    2006-09-08 09:27 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
    2006-09-08 09:26 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-09-08 09:26 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
    2006-09-08 09:26 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-09-08 09:26 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
    2006-09-08 09:26 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
    2006-09-08 09:26 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-09-08 09:26 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
    2006-09-08 09:26 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-09-08 09:26 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
    2006-09-08 09:26 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
    2006-09-08 09:26 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
    2006-09-08 09:26 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
    2006-09-08 09:26 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
    2006-09-08 09:26 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
    2006-09-08 09:26 39,424 --a------ C:\WINDOWS\system32\net.exe
    2006-09-08 09:26 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-09-08 09:26 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
    2006-09-08 09:26 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
    2006-09-08 09:26 348,195 --a------ C:\WINDOWS\system32\msjetoledb40.dll
    2006-09-08 09:26 348,191 --a------ C:\WINDOWS\system32\mspbde40.dll
    2006-09-08 09:26 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
    2006-09-08 09:26 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-09-08 09:26 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
    2006-09-08 09:26 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
    2006-09-08 09:26 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
    2006-09-08 09:26 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
    2006-09-08 09:26 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
    2006-09-08 09:26 250,368 --a------ C:\WINDOWS\system32\mstask.dll
    2006-09-08 09:26 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
    2006-09-08 09:26 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
    2006-09-08 09:26 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
    2006-09-08 09:26 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-09-08 09:26 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
    2006-09-08 09:26 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
    2006-09-08 09:26 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
    2006-09-08 09:26 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
    2006-09-08 09:26 192,512 --a------ C:\WINDOWS\system32\mswebdvd.dll
    2006-09-08 09:26 182,784 --a------ C:\WINDOWS\system32\msutb.dll
    2006-09-08 09:26 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
    2006-09-08 09:26 154,112 --a------ C:\WINDOWS\system32\netman.dll
    2006-09-08 09:26 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
    2006-09-08 09:26 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
    2006-09-08 09:26 115,200 --a------ C:\WINDOWS\system32\net1.exe
    2006-09-08 09:26 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
    2006-09-08 09:26 105,984 --a------ C:\WINDOWS\system32\netdde.exe
    2006-09-08 09:26 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
    2006-09-08 09:26 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
    2006-09-08 09:26 1,503,262 --a------ C:\WINDOWS\system32\msjet40.dll
    2006-09-08 09:26 1,220,608 --a------ C:\WINDOWS\system32\msvidctl.dll
    2006-09-08 09:26 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-08 09:25 68,096 --a------ C:\WINDOWS\system32\mscms.dll
    2006-09-08 09:25 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
    2006-09-08 09:25 65,536 --a------ C:\WINDOWS\system32\msconf.dll
    2006-09-08 09:25 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-09-08 09:25 512,031 --a------ C:\WINDOWS\system32\msexch40.dll
    2006-09-08 09:25 504,320 --a------ C:\WINDOWS\system32\logonui.exe
    2006-09-08 09:25 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
    2006-09-08 09:25 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
    2006-09-08 09:25 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-09-08 09:25 319,519 --a------ C:\WINDOWS\system32\msexcl40.dll
    2006-09-08 09:25 266,752 --a------ C:\WINDOWS\system32\msctf.dll
    2006-09-08 09:25 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
    2006-09-08 09:25 219,648 --a------ C:\WINDOWS\system32\logon.scr
    2006-09-08 09:25 210,944 --a------ C:\WINDOWS\system32\moricons.dll
    2006-09-08 09:25 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
    2006-09-08 09:25 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-09-08 09:25 163,840 --a------ C:\WINDOWS\system32\mindex.dll
    2006-09-08 09:25 126,976 --a------ C:\WINDOWS\system32\msdart.dll
    2006-09-08 09:25 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
    2006-09-08 09:25 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-09-08 09:25 10,240 --a------ C:\WINDOWS\system32\localui.dll
    2006-09-08 09:25 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
    2006-09-08 09:23 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
    2006-09-08 09:23 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-09-08 09:23 89,088 --a------ C:\WINDOWS\system32\mqsec.dll
    2006-09-08 09:23 73,728 --a------ C:\WINDOWS\system32\tlntsess.exe
    2006-09-08 09:23 73,728 --a------ C:\WINDOWS\system32\ils.dll
    2006-09-08 09:23 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
    2006-09-08 09:23 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
    2006-09-08 09:23 67,584 --a------ C:\WINDOWS\system32\tlntsvr.exe
    2006-09-08 09:23 67,584 --a------ C:\WINDOWS\system32\fdeploy.dll
    2006-09-08 09:23 613,888 --a------ C:\WINDOWS\system32\mqqm.dll
    2006-09-08 09:23 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
    2006-09-08 09:23 59,392 --a------ C:\WINDOWS\system32\iesetup.dll

  9. #9
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default combofix part2

    part 2 of combofix:

    2006-09-08 09:23 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-09-08 09:23 57,856 --a------ C:\WINDOWS\system32\tlntadmn.exe
    2006-09-08 09:23 57,344 --a------ C:\WINDOWS\system32\nwwks.dll
    2006-09-08 09:23 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
    2006-09-08 09:23 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
    2006-09-08 09:23 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
    2006-09-08 09:23 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
    2006-09-08 09:23 469,504 --a------ C:\WINDOWS\system32\mqutil.dll
    2006-09-08 09:23 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
    2006-09-08 09:23 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
    2006-09-08 09:23 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
    2006-09-08 09:23 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-09-08 09:23 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-09-08 09:23 29,696 --------- C:\WINDOWS\system32\asr_pfu.exe
    2006-09-08 09:23 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-09-08 09:23 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
    2006-09-08 09:23 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
    2006-09-08 09:23 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
    2006-09-08 09:23 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
    2006-09-08 09:23 236,032 --a------ C:\WINDOWS\system32\icm32.dll
    2006-09-08 09:23 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
    2006-09-08 09:23 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-09-08 09:23 183,296 --a------ C:\WINDOWS\system32\gptext.dll
    2006-09-08 09:23 164,864 --a------ C:\WINDOWS\system32\mqrt.dll
    2006-09-08 09:23 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
    2006-09-08 09:23 156,672 --a------ C:\WINDOWS\system32\appmgmts.dll
    2006-09-08 09:23 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
    2006-09-08 09:23 14,848 --a------ C:\WINDOWS\system32\mqise.dll
    2006-09-08 09:23 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
    2006-09-08 09:23 130,048 --a------ C:\WINDOWS\system32\mqad.dll
    2006-09-08 09:23 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-09-08 09:23 123,904 --a------ C:\WINDOWS\system32\imapi.exe
    2006-09-08 09:23 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
    2006-09-08 09:23 114,176 --a------ C:\WINDOWS\system32\input.dll
    2006-09-08 09:23 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
    2006-09-08 09:23 113,152 --a------ C:\WINDOWS\system32\idq.dll
    2006-09-08 09:23 113,152 --a------ C:\WINDOWS\system32\gpresult.exe
    2006-09-08 09:23 103,936 --a------ C:\WINDOWS\system32\rsnotify.exe

    2006-09-08 09:23 103,936 --a------ C:\WINDOWS\system32\imm32.dll
    2006-09-08 09:23 10,752 --------- C:\WINDOWS\system32\spiisupd.exe
    2006-09-08 09:22 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-09-08 09:22 94,720 --a------ C:\WINDOWS\system32\dmusic.dll
    2006-09-08 09:22 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
    2006-09-08 09:22 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
    2006-09-08 09:22 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
    2006-09-08 09:22 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
    2006-09-08 09:22 786,432 --a------ C:\WINDOWS\system32\dxdiag.exe
    2006-09-08 09:22 77,312 --a------ C:\WINDOWS\system32\dmscript.dll
    2006-09-08 09:22 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
    2006-09-08 09:22 70,656 --a------ C:\WINDOWS\system32\defrag.exe
    2006-09-08 09:22 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
    2006-09-08 09:22 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
    2006-09-08 09:22 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
    2006-09-08 09:22 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
    2006-09-08 09:22 58,368 --a------ C:\WINDOWS\system32\dpvsetup.exe
    2006-09-08 09:22 57,344 --a------ C:\WINDOWS\system32\dmcompos.dll
    2006-09-08 09:22 56,320 --a------ C:\WINDOWS\system32\dpnhupnp.dll
    2006-09-08 09:22 55,296 --a------ C:\WINDOWS\system32\digest.dll
    2006-09-08 09:22 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
    2006-09-08 09:22 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
    2006-09-08 09:22 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
    2006-09-08 09:22 49,664 --a------ C:\WINDOWS\system32\dpwsockx.dll
    2006-09-08 09:22 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
    2006-09-08 09:22 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
    2006-09-08 09:22 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
    2006-09-08 09:22 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
    2006-09-08 09:22 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
    2006-09-08 09:22 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
    2006-09-08 09:22 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
    2006-09-08 09:22 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
    2006-09-08 09:22 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-09-08 09:22 31,744 --a------ C:\WINDOWS\system32\dmloader.dll
    2006-09-08 09:22 307,712 --a------ C:\WINDOWS\system32\cscui.dll
    2006-09-08 09:22 29,696 --a------ C:\WINDOWS\system32\dpnhpast.dll
    2006-09-08 09:22 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
    2006-09-08 09:22 263,680 --a------ C:\WINDOWS\system32\duser.dll
    2006-09-08 09:22 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
    2006-09-08 09:22 26,112 --a------ C:\WINDOWS\system32\dmband.dll
    2006-09-08 09:22 253,440 --a------ C:\WINDOWS\system32\ddraw.dll
    2006-09-08 09:22 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
    2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
    2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
    2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\conime.exe
    2006-09-08 09:22 238,592 --a------ C:\WINDOWS\system32\compatui.dll
    2006-09-08 09:22 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
    2006-09-08 09:22 206,336 --a------ C:\WINDOWS\system32\dpvoice.dll
    2006-09-08 09:22 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
    2006-09-08 09:22 19,456 --a------ C:\WINDOWS\system32\fontview.exe
    2006-09-08 09:22 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
    2006-09-08 09:22 186,880 --a------ C:\WINDOWS\system32\certcli.dll
    2006-09-08 09:22 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
    2006-09-08 09:22 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
    2006-09-08 09:22 172,544 --a------ C:\WINDOWS\system32\dmime.dll
    2006-09-08 09:22 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
    2006-09-08 09:22 165,376 --a------ C:\WINDOWS\system32\els.dll
    2006-09-08 09:22 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
    2006-09-08 09:22 158,720 --a------ C:\WINDOWS\system32\credui.dll
    2006-09-08 09:22 156,672 --a------ C:\WINDOWS\system32\dpnet.dll
    2006-09-08 09:22 151,552 --a------ C:\WINDOWS\system32\dinput.dll
    2006-09-08 09:22 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
    2006-09-08 09:22 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
    2006-09-08 09:22 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
    2006-09-08 09:22 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
    2006-09-08 09:22 110,080 --a------ C:\WINDOWS\system32\dmstyle.dll
    2006-09-08 09:22 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
    2006-09-08 09:22 1,180,672 --a------ C:\WINDOWS\system32\d3d8.dll
    2006-09-08 09:22 1,004,032 --a------ C:\WINDOWS\explorer.exe
    2006-09-08 09:21 91,648 --a------ C:\WINDOWS\system32\ahui.exe
    2006-09-08 09:21 91,136 --a------ C:\WINDOWS\system32\advpack.dll
    2006-09-08 09:21 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
    2006-09-08 09:21 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
    2006-09-08 09:21 74,810 --a------ C:\WINDOWS\system32\atl.dll
    2006-09-08 09:21 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
    2006-09-08 09:21 62,976 --a------ C:\WINDOWS\system32\browselc.dll
    2006-09-08 09:21 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
    2006-09-08 09:21 6,656 --a------ C:\WINDOWS\system32\batt.dll
    2006-09-08 09:21 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
    2006-09-08 09:21 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
    2006-09-08 09:21 49,152 --a------ C:\WINDOWS\system32\browser.dll
    2006-09-08 09:21 41,984 --a------ C:\WINDOWS\system32\alg.exe
    2006-09-08 09:21 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
    2006-09-08 09:21 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
    2006-09-08 09:21 22,528 --a------ C:\WINDOWS\system32\at.exe
    2006-09-08 09:21 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
    2006-09-08 09:21 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
    2006-09-08 09:21 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
    2006-09-08 09:21 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
    2006-09-07 08:38 96,768 --------- C:\WINDOWS\system32\repairs303169590.dll
    2006-09-06 11:51 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
    2006-09-01 11:30 32,768 --a------ C:\setup9x.exe
    2006-09-01 09:16 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2006-09-01 08:37 1,233 --a------ C:\WINDOWS\system32\rkydbacc.sys
    2006-09-01 08:36 192 --a------ C:\ggg.bat
    2006-09-01 08:35 138,862 --a------ C:\install.exe
    2006-08-31 13:21 192 --a------ C:\WINDOWS\system32\ggg.bat
    2006-08-31 13:21 128 --a------ C:\WINDOWS\system32\dr.exe
    2006-08-31 13:20 138,862 --a------ C:\WINDOWS\system32\install.exe
    2006-08-31 11:46 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
    2006-08-31 11:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2006-08-31 11:37 0 --a------ C:\WINDOWS\b.exe
    2006-08-28 07:44 98,304 --------- C:\WINDOWS\apptune5.exe
    2006-08-28 07:44 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL
    2006-08-28 07:44 69,632 --a------ C:\WINDOWS\system32\zlmhp1.dll
    2006-08-28 07:44 54,784 --a------ C:\WINDOWS\system32\zPJL.dll
    2006-08-28 07:44 45,056 --------- C:\WINDOWS\system32\zpp.dll
    2006-08-28 07:44 40,960 --------- C:\WINDOWS\system32\isutil.dll
    2006-08-28 07:44 36,864 --------- C:\WINDOWS\system32\zpppcl.dll
    2006-08-28 07:44 28,672 --a------ C:\WINDOWS\system32\zlm.dll
    2006-08-28 07:44 19,456 --a------ C:\WINDOWS\system32\ZTAG32.DLL
    2006-08-28 07:44 151,552 --------- C:\WINDOWS\system32\SDhp1000.DLL
    2006-08-28 07:44 12,288 --a------ C:\WINDOWS\system32\IMF32.DLL
    2006-08-28 07:44 1,953,792 --------- C:\WINDOWS\system32\pcldll6l.dll
    2006-08-28 07:43 900,388 --------- C:\WINDOWS\system32\hpflash1.exe
    2006-08-28 07:43 90,112 --------- C:\WINDOWS\system32\ZShp1005.dll
    2006-08-28 07:43 90,112 --------- C:\WINDOWS\system32\vs1005.dll
    2006-08-28 07:43 9,216 --------- C:\WINDOWS\system32\Zlang.dll
    2006-08-28 07:43 70,656 --------- C:\WINDOWS\system32\Sd32.dll
    2006-08-28 07:43 40,960 --------- C:\WINDOWS\system32\zstatus.exe
    2006-08-28 07:43 32,768 --a------ C:\WINDOWS\closewnd.exe
    2006-08-28 07:43 23,552 --------- C:\WINDOWS\system32\ZGDI32.DLL
    2006-08-28 07:43 147,456 --------- C:\WINDOWS\system32\ZUNINST.EXE


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-09-11 12:21 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Skype
    2006-09-11 11:50 -------- d-------- C:\Program Files\SurfSideKick 3
    2006-09-11 11:44 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
    2006-09-11 10:44 -------- d-------- C:\Program Files\Common Files
    2006-09-11 10:17 -------- d-------- C:\Program Files\Common Files\qwzz
    2006-09-11 09:47 6020448 --a------ C:\Program Files\ewido-setup_4.0.0.172c.exe
    2006-09-11 09:36 275734 --a------ C:\Program Files\combofix.exe
    2006-09-08 09:46 -------- d-------- C:\Program Files\HijackThis
    2006-09-08 09:43 -------- d-------- C:\Program Files\Internet Explorer
    2006-09-08 09:39 -------- d-------- C:\Program Files\NetMeeting
    2006-09-08 09:34 -------- d-------- C:\Program Files\Messenger
    2006-09-08 09:33 -------- d-------- C:\Program Files\Windows Media Player
    2006-09-08 09:33 -------- d-------- C:\Program Files\Outlook Express
    2006-09-08 09:33 -------- d-------- C:\Program Files\Movie Maker
    2006-09-08 09:33 -------- d-------- C:\Program Files\Common Files\System
    2006-09-08 09:19 2028640 --a------ C:\Program Files\sp1aexpress_usa.exe
    2006-09-07 13:08 282601 --a------ C:\Program Files\hijackthis_sfx.exe
    2006-09-06 12:00 -------- d-------- C:\Program Files\PrintView
    2006-09-01 12:31 212843 --a------ C:\Program Files\hijackthis_199.zip
    2006-09-01 12:12 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2006-09-01 12:12 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Sun
    2006-09-01 11:52 1468464 --a------ C:\Program Files\ccsetup132.exe
    2006-09-01 11:52 -------- d-------- C:\Program Files\CCleaner
    2006-09-01 11:49 -------- d-------- C:\Program Files\RegistryEasy
    2006-09-01 11:45 1023089 --a------ C:\Program Files\RegistryEasy_Setup.exe
    2006-09-01 11:43 5037072 --a------ C:\Program Files\spybotsd14.exe
    2006-09-01 11:38 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Registry Booster
    2006-09-01 11:22 2855080 --a------ C:\Program Files\aawsepersonal.exe
    2006-09-01 11:22 -------- d-------- C:\Program Files\Lavasoft
    2006-09-01 11:22 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Lavasoft
    2006-09-01 11:11 3877544 --a------ C:\Program Files\spyhunterS.exe
    2006-09-01 10:38 278927592 --a------ C:\Program Files\WindowsXP-KB835935-SP2-ENU.exe
    2006-09-01 09:16 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2006-09-01 09:11 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-08-31 11:45 -------- d-------- C:\Program Files\WinRAR
    2006-08-29 09:09 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Apple Computer
    2006-08-28 07:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-08-28 07:44 -------- d-------- C:\Program Files\hp LaserJet 1005
    2006-08-10 10:24 -------- d-------- C:\Program Files\QuickTime
    2006-08-10 10:23 -------- d-------- C:\Program Files\iTunes
    2006-08-10 10:23 -------- d-------- C:\Program Files\iPod
    2006-08-10 10:10 -------- d-------- C:\Program Files\Java
    2006-08-10 10:09 -------- d-------- C:\Program Files\Common Files\Java
    2006-06-21 12:13 10641672 --a------ C:\Program Files\SkypeSetup.exe
    2006-06-21 12:08 1113368 --a------ C:\WINDOWS\Duncan_ferguson.scr


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "qwzz"="C:\\PROGRA~1\\COMMON~1\\qwzz\\qwzzm.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
    "ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
    "D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "rkydbacc"="RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6"
    "PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
    "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

    Completion time: 11/09/2006 12:23:51.12
    ComboFix.txt
    ComboFix2.txt
    ComboFix3.txt

  10. #10
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default HJT report

    Thanks for your help....i just hope this malware goes soon as its really quite annoying!!!!

    Logfile of HijackThis v1.99.1
    Scan saved at 12:40:22, on 11/09/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\PRINTV~1\pvmodule.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
    O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: repairs303169590.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •