Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: Command Service cmdService removal

  1. #11
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    HI
    Your hijackthis now shows no malware running, which is a big improvement from your first log... the log is not clean yet though...

    Allthough the combofix log was quite large, it had a lot of sectons missing which I expected to see, please check the logs you have against what you have posted and see if you missed posting some....

    Also now that you have run EWIDO ... I hope you saved the log ... I would like to see that as well please...

    If you can't find any extra parts of the combofix log to post, please run combofix again and post any new logs in full.

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  2. #12
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default combofix part 1

    thanks, combofix log in 2 parts:

    Frankfurt01 - 06-09-12 9:16:49.54
    ComboFix 06.09.11 - Running from: C:\Documents and Settings\Frankfurt01\Desktop

    Microsoft Windows XP [Version 5.1.2600]

    ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Frankfurt01\Application Data\Sskknwrd.dll
    C:\Documents and Settings\Frankfurt01\Application Data\Sskuknwrd.dll
    C:\WINDOWS\system32\bk.exe
    C:\Program Files\surfsidekick 3\Ssk.exe
    C:\Program Files\surfsidekick 3\SskBho.dll
    C:\Program Files\surfsidekick 3\SskCore.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    C:\Program Files\surfsidekick 3\Ssk.exe
    ((((((((((((((((((((((((((((((( Files Created from 2006-08-12 to 2006-09-12 ))))))))))))))))))))))))))))))))))


    2006-09-11 12:15 991,232 --a------ C:\WINDOWS\system32\esent.dll
    2006-09-11 10:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-09-08 09:29 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-09-08 09:29 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
    2006-09-08 09:29 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
    2006-09-08 09:29 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
    2006-09-08 09:29 60,416 --a------ C:\WINDOWS\system32\wextract.exe
    2006-09-08 09:29 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
    2006-09-08 09:29 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
    2006-09-08 09:29 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
    2006-09-08 09:29 48,128 --a------ C:\WINDOWS\system32\winsta.dll
    2006-09-08 09:29 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-09-08 09:29 47,616 --a------ C:\WINDOWS\system32\utilman.exe
    2006-09-08 09:29 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
    2006-09-08 09:29 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
    2006-09-08 09:29 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
    2006-09-08 09:29 339,456 --a------ C:\WINDOWS\system32\usp10.dll
    2006-09-08 09:29 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
    2006-09-08 09:29 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
    2006-09-08 09:29 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
    2006-09-08 09:29 266,752 --a------ C:\WINDOWS\winhlp32.exe
    2006-09-08 09:29 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
    2006-09-08 09:29 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-09-08 09:29 247,808 --a------ C:\WINDOWS\system32\wow32.dll
    2006-09-08 09:29 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
    2006-09-08 09:29 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
    2006-09-08 09:29 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
    2006-09-08 09:29 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
    2006-09-08 09:29 171,520 --a------ C:\WINDOWS\system32\winmm.dll
    2006-09-08 09:29 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
    2006-09-08 09:29 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
    2006-09-08 09:29 165,376 --a------ C:\WINDOWS\system32\w32time.dll
    2006-09-08 09:29 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
    2006-09-08 09:29 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
    2006-09-08 09:29 16,384 --a------ C:\WINDOWS\system32\ups.exe
    2006-09-08 09:29 124,928 --a------ C:\WINDOWS\system32\webvw.dll
    2006-09-08 09:29 120,320 --a------ C:\WINDOWS\system32\upnp.dll
    2006-09-08 09:29 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
    2006-09-08 09:29 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
    2006-09-08 09:29 106,496 --a------ C:\WINDOWS\system32\url.dll
    2006-09-08 09:28 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
    2006-09-08 09:28 91,136 --a------ C:\WINDOWS\system32\rastls.dll
    2006-09-08 09:28 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-09-08 09:28 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
    2006-09-08 09:28 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
    2006-09-08 09:28 82,944 --a------ C:\WINDOWS\system32\psbase.dll
    2006-09-08 09:28 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
    2006-09-08 09:28 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
    2006-09-08 09:28 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-09-08 09:28 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
    2006-09-08 09:28 72,192 --a------ C:\WINDOWS\system32\telnet.exe
    2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\storprop.dll
    2006-09-08 09:28 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
    2006-09-08 09:28 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
    2006-09-08 09:28 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
    2006-09-08 09:28 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
    2006-09-08 09:28 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
    2006-09-08 09:28 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
    2006-09-08 09:28 63,488 --a------ C:\WINDOWS\system32\srclient.dll
    2006-09-08 09:28 62,976 --a------ C:\WINDOWS\system32\shgina.dll
    2006-09-08 09:28 61,952 --a------ C:\WINDOWS\system32\sti.dll
    2006-09-08 09:28 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
    2006-09-08 09:28 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
    2006-09-08 09:28 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
    2006-09-08 09:28 57,856 --a------ C:\WINDOWS\system32\raschap.dll
    2006-09-08 09:28 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
    2006-09-08 09:28 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-09-08 09:28 534,016 --a------ C:\WINDOWS\system32\spider.exe
    2006-09-08 09:28 53,248 --a------ C:\WINDOWS\system32\packager.exe
    2006-09-08 09:28 52,224 --a------ C:\WINDOWS\system32\secur32.dll
    2006-09-08 09:28 511,488 --a------ C:\WINDOWS\system32\qedit.dll
    2006-09-08 09:28 48,128 --a------ C:\WINDOWS\system32\reg.exe
    2006-09-08 09:28 44,032 --a------ C:\WINDOWS\system32\regapi.dll
    2006-09-08 09:28 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-09-08 09:28 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
    2006-09-08 09:28 423,424 --a------ C:\WINDOWS\system32\riched20.dll
    2006-09-08 09:28 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
    2006-09-08 09:28 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-09-08 09:28 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
    2006-09-08 09:28 384,000 --a------ C:\WINDOWS\system32\themeui.dll
    2006-09-08 09:28 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
    2006-09-08 09:28 36,352 --a------ C:\WINDOWS\system32\sens.dll
    2006-09-08 09:28 357,376 --a------ C:\WINDOWS\system32\qdvd.dll
    2006-09-08 09:28 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
    2006-09-08 09:28 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
    2006-09-08 09:28 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
    2006-09-08 09:28 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
    2006-09-08 09:28 31,744 --a------ C:\WINDOWS\system32\pid.dll
    2006-09-08 09:28 3,338 --a------ C:\WINDOWS\system32\redir.exe
    2006-09-08 09:28 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
    2006-09-08 09:28 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
    2006-09-08 09:28 254,976 --a------ C:\WINDOWS\system32\pdh.dll
    2006-09-08 09:28 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
    2006-09-08 09:28 24,064 --a------ C:\WINDOWS\system32\skeys.exe
    2006-09-08 09:28 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
    2006-09-08 09:28 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
    2006-09-08 09:28 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
    2006-09-08 09:28 212,480 --a------ C:\WINDOWS\system32\osk.exe
    2006-09-08 09:28 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-09-08 09:28 20,992 --a------ C:\WINDOWS\system32\setup.exe
    2006-09-08 09:28 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
    2006-09-08 09:28 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
    2006-09-08 09:28 184,832 --a------ C:\WINDOWS\system32\qcap.dll
    2006-09-08 09:28 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
    2006-09-08 09:28 174,592 --a------ C:\WINDOWS\system32\scecli.dll
    2006-09-08 09:28 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
    2006-09-08 09:28 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
    2006-09-08 09:28 17,408 --a------ C:\WINDOWS\system32\psapi.dll
    2006-09-08 09:28 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
    2006-09-08 09:28 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
    2006-09-08 09:28 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
    2006-09-08 09:28 16,384 --a------ C:\WINDOWS\system32\ping.exe
    2006-09-08 09:28 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-09-08 09:28 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-09-08 09:28 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-09-08 09:28 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-09-08 09:28 134,144 --a------ C:\WINDOWS\regedit.exe
    2006-09-08 09:28 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
    2006-09-08 09:28 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
    2006-09-08 09:28 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
    2006-09-08 09:28 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
    2006-09-08 09:28 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
    2006-09-08 09:28 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
    2006-09-08 09:28 12,800 --a------ C:\WINDOWS\system32\runonce.exe
    2006-09-08 09:28 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-09-08 09:28 117,760 --a------ C:\WINDOWS\system32\stobject.dll
    2006-09-08 09:28 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
    2006-09-08 09:28 10,752 --a------ C:\WINDOWS\system32\tracert.exe
    2006-09-08 09:28 1,349,120 --a------ C:\WINDOWS\system32\query.dll
    2006-09-08 09:28 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
    2006-09-08 09:27 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
    2006-09-08 09:27 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
    2006-09-08 09:27 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
    2006-09-08 09:27 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
    2006-09-08 09:27 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
    2006-09-08 09:27 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
    2006-09-08 09:27 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
    2006-09-08 09:27 504,832 --------- C:\WINDOWS\system32\msftedit.dll
    2006-09-08 09:27 5,120 --------- C:\WINDOWS\system32\hccoin.dll
    2006-09-08 09:27 49,152 --a------ C:\WINDOWS\system32\npptools.dll
    2006-09-08 09:27 403,456 --------- C:\WINDOWS\system32\winbrand.dll
    2006-09-08 09:27 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
    2006-09-08 09:27 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
    2006-09-08 09:27 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
    2006-09-08 09:27 33,808 --a------ C:\WINDOWS\system32\ntio.sys
    2006-09-08 09:27 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
    2006-09-08 09:27 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
    2006-09-08 09:27 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
    2006-09-08 09:27 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
    2006-09-08 09:27 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-09-08 09:27 238,080 --a------ C:\WINDOWS\system32\newdev.dll
    2006-09-08 09:27 218,112 --------- C:\WINDOWS\system32\sbe.dll
    2006-09-08 09:27 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
    2006-09-08 09:27 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
    2006-09-08 09:27 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
    2006-09-08 09:27 172,032 --------- C:\WINDOWS\system32\mssap.dll
    2006-09-08 09:27 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
    2006-09-08 09:27 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
    2006-09-08 09:27 155,648 --------- C:\WINDOWS\system32\encdec.dll
    2006-09-08 09:27 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
    2006-09-08 09:27 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
    2006-09-08 09:27 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
    2006-09-08 09:27 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
    2006-09-08 09:27 12,288 --------- C:\WINDOWS\system32\encapi.dll
    2006-09-08 09:27 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
    2006-09-08 09:27 110,080 --------- C:\WINDOWS\system32\sbeio.dll
    2006-09-08 09:27 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
    2006-09-08 09:27 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
    2006-09-08 09:26 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
    2006-09-08 09:26 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-09-08 09:26 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
    2006-09-08 09:26 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
    2006-09-08 09:26 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
    2006-09-08 09:26 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-09-08 09:26 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
    2006-09-08 09:26 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-09-08 09:26 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
    2006-09-08 09:26 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
    2006-09-08 09:26 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
    2006-09-08 09:26 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
    2006-09-08 09:26 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
    2006-09-08 09:26 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
    2006-09-08 09:26 39,424 --a------ C:\WINDOWS\system32\net.exe
    2006-09-08 09:26 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-09-08 09:26 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
    2006-09-08 09:26 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
    2006-09-08 09:26 348,195 --a------ C:\WINDOWS\system32\msjetoledb40.dll
    2006-09-08 09:26 348,191 --a------ C:\WINDOWS\system32\mspbde40.dll
    2006-09-08 09:26 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
    2006-09-08 09:26 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-09-08 09:26 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
    2006-09-08 09:26 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
    2006-09-08 09:26 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
    2006-09-08 09:26 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
    2006-09-08 09:26 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
    2006-09-08 09:26 250,368 --a------ C:\WINDOWS\system32\mstask.dll
    2006-09-08 09:26 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
    2006-09-08 09:26 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
    2006-09-08 09:26 230,400 --a------ C:\WINDOWS\system32\msieftp.dll
    2006-09-08 09:26 229,376 --a------ C:\WINDOWS\system32\MSOEACCT.DLL
    2006-09-08 09:26 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
    2006-09-08 09:26 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
    2006-09-08 09:26 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
    2006-09-08 09:26 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
    2006-09-08 09:26 192,512 --a------ C:\WINDOWS\system32\mswebdvd.dll
    2006-09-08 09:26 182,784 --a------ C:\WINDOWS\system32\msutb.dll
    2006-09-08 09:26 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
    2006-09-08 09:26 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
    2006-09-08 09:26 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
    2006-09-08 09:26 115,200 --a------ C:\WINDOWS\system32\net1.exe
    2006-09-08 09:26 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
    2006-09-08 09:26 105,984 --a------ C:\WINDOWS\system32\netdde.exe
    2006-09-08 09:26 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
    2006-09-08 09:26 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
    2006-09-08 09:26 1,503,262 --a------ C:\WINDOWS\system32\msjet40.dll
    2006-09-08 09:26 1,220,608 --a------ C:\WINDOWS\system32\msvidctl.dll
    2006-09-08 09:26 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-08 09:25 68,608 --a------ C:\WINDOWS\system32\mscms.dll
    2006-09-08 09:25 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
    2006-09-08 09:25 65,536 --a------ C:\WINDOWS\system32\msconf.dll
    2006-09-08 09:25 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-09-08 09:25 512,031 --a------ C:\WINDOWS\system32\msexch40.dll
    2006-09-08 09:25 504,320 --a------ C:\WINDOWS\system32\logonui.exe
    2006-09-08 09:25 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
    2006-09-08 09:25 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
    2006-09-08 09:25 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-09-08 09:25 319,519 --a------ C:\WINDOWS\system32\msexcl40.dll
    2006-09-08 09:25 266,752 --a------ C:\WINDOWS\system32\msctf.dll
    2006-09-08 09:25 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
    2006-09-08 09:25 219,648 --a------ C:\WINDOWS\system32\logon.scr
    2006-09-08 09:25 210,944 --a------ C:\WINDOWS\system32\moricons.dll
    2006-09-08 09:25 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
    2006-09-08 09:25 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-09-08 09:25 163,840 --a------ C:\WINDOWS\system32\mindex.dll
    2006-09-08 09:25 126,976 --a------ C:\WINDOWS\system32\msdart.dll
    2006-09-08 09:25 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
    2006-09-08 09:25 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-09-08 09:25 10,240 --a------ C:\WINDOWS\system32\localui.dll
    2006-09-08 09:25 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
    2006-09-08 09:23 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
    2006-09-08 09:23 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-09-08 09:23 88,576 --a------ C:\WINDOWS\system32\mqsec.dll
    2006-09-08 09:23 73,728 --a------ C:\WINDOWS\system32\tlntsess.exe
    2006-09-08 09:23 73,728 --a------ C:\WINDOWS\system32\ils.dll
    2006-09-08 09:23 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
    2006-09-08 09:23 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
    2006-09-08 09:23 67,584 --a------ C:\WINDOWS\system32\tlntsvr.exe
    2006-09-08 09:23 67,584 --a------ C:\WINDOWS\system32\fdeploy.dll
    2006-09-08 09:23 608,768 --a------ C:\WINDOWS\system32\mqqm.dll
    2006-09-08 09:23 596,480 --a------ C:\WINDOWS\system32\INETCOMM.DLL
    2006-09-08 09:23 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-09-08 09:23 57,856 --a------ C:\WINDOWS\system32\tlntadmn.exe
    2006-09-08 09:23 57,856 --a------ C:\WINDOWS\system32\nwwks.dll
    2006-09-08 09:23 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
    2006-09-08 09:23 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
    2006-09-08 09:23 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
    2006-09-08 09:23 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
    2006-09-08 09:23 467,456 --a------ C:\WINDOWS\system32\mqutil.dll
    2006-09-08 09:23 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
    2006-09-08 09:23 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
    2006-09-08 09:23 318,464 --a------ C:\WINDOWS\system32\ippromon.dll

  3. #13
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default combofix part 2

    combofix part 2:

    2006-09-08 09:23 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-09-08 09:23 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-09-08 09:23 29,696 --------- C:\WINDOWS\system32\asr_pfu.exe
    2006-09-08 09:23 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-09-08 09:23 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
    2006-09-08 09:23 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
    2006-09-08 09:23 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
    2006-09-08 09:23 237,056 --a------ C:\WINDOWS\system32\icm32.dll
    2006-09-08 09:23 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
    2006-09-08 09:23 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-09-08 09:23 183,808 --a------ C:\WINDOWS\system32\gptext.dll
    2006-09-08 09:23 165,888 --a------ C:\WINDOWS\system32\mqrt.dll
    2006-09-08 09:23 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
    2006-09-08 09:23 156,672 --a------ C:\WINDOWS\system32\appmgmts.dll
    2006-09-08 09:23 14,848 --a------ C:\WINDOWS\system32\mqise.dll
    2006-09-08 09:23 130,048 --a------ C:\WINDOWS\system32\mqad.dll
    2006-09-08 09:23 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-09-08 09:23 123,904 --a------ C:\WINDOWS\system32\imapi.exe
    2006-09-08 09:23 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
    2006-09-08 09:23 114,176 --a------ C:\WINDOWS\system32\input.dll
    2006-09-08 09:23 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
    2006-09-08 09:23 113,152 --a------ C:\WINDOWS\system32\idq.dll
    2006-09-08 09:23 113,152 --a------ C:\WINDOWS\system32\gpresult.exe
    2006-09-08 09:23 103,936 --a------ C:\WINDOWS\system32\rsnotify.exe
    2006-09-08 09:23 103,936 --a------ C:\WINDOWS\system32\imm32.dll
    2006-09-08 09:23 10,752 --------- C:\WINDOWS\system32\spiisupd.exe
    2006-09-08 09:22 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-09-08 09:22 94,720 --a------ C:\WINDOWS\system32\dmusic.dll
    2006-09-08 09:22 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
    2006-09-08 09:22 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
    2006-09-08 09:22 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
    2006-09-08 09:22 786,432 --a------ C:\WINDOWS\system32\dxdiag.exe
    2006-09-08 09:22 77,312 --a------ C:\WINDOWS\system32\dmscript.dll
    2006-09-08 09:22 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
    2006-09-08 09:22 70,656 --a------ C:\WINDOWS\system32\defrag.exe
    2006-09-08 09:22 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
    2006-09-08 09:22 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
    2006-09-08 09:22 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
    2006-09-08 09:22 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
    2006-09-08 09:22 58,368 --a------ C:\WINDOWS\system32\dpvsetup.exe
    2006-09-08 09:22 57,344 --a------ C:\WINDOWS\system32\dmcompos.dll
    2006-09-08 09:22 56,320 --a------ C:\WINDOWS\system32\dpnhupnp.dll
    2006-09-08 09:22 55,296 --a------ C:\WINDOWS\system32\digest.dll
    2006-09-08 09:22 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
    2006-09-08 09:22 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
    2006-09-08 09:22 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
    2006-09-08 09:22 49,664 --a------ C:\WINDOWS\system32\dpwsockx.dll
    2006-09-08 09:22 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
    2006-09-08 09:22 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
    2006-09-08 09:22 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
    2006-09-08 09:22 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
    2006-09-08 09:22 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
    2006-09-08 09:22 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
    2006-09-08 09:22 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
    2006-09-08 09:22 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
    2006-09-08 09:22 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-09-08 09:22 31,744 --a------ C:\WINDOWS\system32\dmloader.dll
    2006-09-08 09:22 307,712 --a------ C:\WINDOWS\system32\cscui.dll
    2006-09-08 09:22 29,696 --a------ C:\WINDOWS\system32\dpnhpast.dll
    2006-09-08 09:22 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
    2006-09-08 09:22 263,680 --a------ C:\WINDOWS\system32\duser.dll
    2006-09-08 09:22 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
    2006-09-08 09:22 26,112 --a------ C:\WINDOWS\system32\dmband.dll
    2006-09-08 09:22 253,440 --a------ C:\WINDOWS\system32\ddraw.dll
    2006-09-08 09:22 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
    2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
    2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
    2006-09-08 09:22 24,576 --a------ C:\WINDOWS\system32\conime.exe
    2006-09-08 09:22 238,592 --a------ C:\WINDOWS\system32\compatui.dll
    2006-09-08 09:22 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
    2006-09-08 09:22 206,336 --a------ C:\WINDOWS\system32\dpvoice.dll
    2006-09-08 09:22 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
    2006-09-08 09:22 19,456 --a------ C:\WINDOWS\system32\fontview.exe
    2006-09-08 09:22 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
    2006-09-08 09:22 186,880 --a------ C:\WINDOWS\system32\certcli.dll
    2006-09-08 09:22 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
    2006-09-08 09:22 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
    2006-09-08 09:22 172,544 --a------ C:\WINDOWS\system32\dmime.dll
    2006-09-08 09:22 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
    2006-09-08 09:22 165,376 --a------ C:\WINDOWS\system32\els.dll
    2006-09-08 09:22 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
    2006-09-08 09:22 158,720 --a------ C:\WINDOWS\system32\credui.dll
    2006-09-08 09:22 156,672 --a------ C:\WINDOWS\system32\dpnet.dll
    2006-09-08 09:22 151,552 --a------ C:\WINDOWS\system32\dinput.dll
    2006-09-08 09:22 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
    2006-09-08 09:22 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
    2006-09-08 09:22 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
    2006-09-08 09:22 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
    2006-09-08 09:22 110,080 --a------ C:\WINDOWS\system32\dmstyle.dll
    2006-09-08 09:22 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
    2006-09-08 09:22 1,180,672 --a------ C:\WINDOWS\system32\d3d8.dll
    2006-09-08 09:22 1,004,032 --a------ C:\WINDOWS\explorer.exe
    2006-09-08 09:21 91,648 --a------ C:\WINDOWS\system32\ahui.exe
    2006-09-08 09:21 91,136 --a------ C:\WINDOWS\system32\advpack.dll
    2006-09-08 09:21 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
    2006-09-08 09:21 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
    2006-09-08 09:21 74,810 --a------ C:\WINDOWS\system32\atl.dll
    2006-09-08 09:21 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
    2006-09-08 09:21 62,976 --a------ C:\WINDOWS\system32\browselc.dll
    2006-09-08 09:21 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
    2006-09-08 09:21 6,656 --a------ C:\WINDOWS\system32\batt.dll
    2006-09-08 09:21 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
    2006-09-08 09:21 49,152 --a------ C:\WINDOWS\system32\browser.dll
    2006-09-08 09:21 41,984 --a------ C:\WINDOWS\system32\alg.exe
    2006-09-08 09:21 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
    2006-09-08 09:21 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
    2006-09-08 09:21 22,528 --a------ C:\WINDOWS\system32\at.exe
    2006-09-08 09:21 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
    2006-09-08 09:21 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
    2006-09-08 09:21 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
    2006-09-08 09:21 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
    2006-09-07 08:38 96,768 --------- C:\WINDOWS\system32\repairs303169590.dll
    2006-09-06 11:51 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
    2006-09-01 11:30 32,768 --a------ C:\setup9x.exe
    2006-09-01 09:16 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2006-09-01 08:36 192 --a------ C:\ggg.bat
    2006-09-01 08:35 138,862 --a------ C:\install.exe
    2006-08-31 13:21 192 --a------ C:\WINDOWS\system32\ggg.bat
    2006-08-31 13:21 128 --a------ C:\WINDOWS\system32\dr.exe
    2006-08-31 13:20 138,862 --a------ C:\WINDOWS\system32\install.exe
    2006-08-31 11:46 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
    2006-08-31 11:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2006-08-31 11:37 0 --a------ C:\WINDOWS\b.exe
    2006-08-28 07:44 98,304 --------- C:\WINDOWS\apptune5.exe
    2006-08-28 07:44 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL
    2006-08-28 07:44 69,632 --a------ C:\WINDOWS\system32\zlmhp1.dll
    2006-08-28 07:44 54,784 --a------ C:\WINDOWS\system32\zPJL.dll
    2006-08-28 07:44 45,056 --------- C:\WINDOWS\system32\zpp.dll
    2006-08-28 07:44 40,960 --------- C:\WINDOWS\system32\isutil.dll
    2006-08-28 07:44 36,864 --------- C:\WINDOWS\system32\zpppcl.dll
    2006-08-28 07:44 28,672 --a------ C:\WINDOWS\system32\zlm.dll
    2006-08-28 07:44 19,456 --a------ C:\WINDOWS\system32\ZTAG32.DLL
    2006-08-28 07:44 151,552 --------- C:\WINDOWS\system32\SDhp1000.DLL
    2006-08-28 07:44 12,288 --a------ C:\WINDOWS\system32\IMF32.DLL
    2006-08-28 07:44 1,953,792 --------- C:\WINDOWS\system32\pcldll6l.dll
    2006-08-28 07:43 900,388 --------- C:\WINDOWS\system32\hpflash1.exe
    2006-08-28 07:43 90,112 --------- C:\WINDOWS\system32\ZShp1005.dll
    2006-08-28 07:43 90,112 --------- C:\WINDOWS\system32\vs1005.dll
    2006-08-28 07:43 9,216 --------- C:\WINDOWS\system32\Zlang.dll
    2006-08-28 07:43 70,656 --------- C:\WINDOWS\system32\Sd32.dll
    2006-08-28 07:43 40,960 --------- C:\WINDOWS\system32\zstatus.exe
    2006-08-28 07:43 32,768 --a------ C:\WINDOWS\closewnd.exe
    2006-08-28 07:43 23,552 --------- C:\WINDOWS\system32\ZGDI32.DLL
    2006-08-28 07:43 147,456 --------- C:\WINDOWS\system32\ZUNINST.EXE


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-09-12 09:17 -------- d-------- C:\Program Files\SurfSideKick 3
    2006-09-12 08:01 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
    2006-09-11 13:33 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Skype
    2006-09-11 13:04 -------- d-------- C:\Program Files\Windows Media Player
    2006-09-11 13:01 -------- d-------- C:\Program Files\Outlook Express
    2006-09-11 13:01 -------- d-------- C:\Program Files\Common Files\System
    2006-09-11 12:40 -------- d-------- C:\Program Files\HijackThis
    2006-09-11 10:44 -------- d-------- C:\Program Files\Common Files
    2006-09-11 10:17 -------- d-------- C:\Program Files\Common Files\qwzz
    2006-09-11 09:47 6020448 --a------ C:\Program Files\ewido-setup_4.0.0.172c.exe
    2006-09-11 09:36 275734 --a------ C:\Program Files\combofix.exe
    2006-09-08 09:43 -------- d-------- C:\Program Files\Internet Explorer
    2006-09-08 09:39 -------- d-------- C:\Program Files\NetMeeting
    2006-09-08 09:34 -------- d-------- C:\Program Files\Messenger
    2006-09-08 09:33 -------- d-------- C:\Program Files\Movie Maker
    2006-09-08 09:19 2028640 --a------ C:\Program Files\sp1aexpress_usa.exe
    2006-09-07 13:08 282601 --a------ C:\Program Files\hijackthis_sfx.exe
    2006-09-06 12:00 -------- d-------- C:\Program Files\PrintView
    2006-09-01 12:31 212843 --a------ C:\Program Files\hijackthis_199.zip
    2006-09-01 12:12 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2006-09-01 12:12 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Sun
    2006-09-01 11:52 1468464 --a------ C:\Program Files\ccsetup132.exe
    2006-09-01 11:52 -------- d-------- C:\Program Files\CCleaner
    2006-09-01 11:49 -------- d-------- C:\Program Files\RegistryEasy
    2006-09-01 11:45 1023089 --a------ C:\Program Files\RegistryEasy_Setup.exe
    2006-09-01 11:43 5037072 --a------ C:\Program Files\spybotsd14.exe
    2006-09-01 11:38 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Registry Booster
    2006-09-01 11:22 2855080 --a------ C:\Program Files\aawsepersonal.exe
    2006-09-01 11:22 -------- d-------- C:\Program Files\Lavasoft
    2006-09-01 11:22 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Lavasoft
    2006-09-01 11:11 3877544 --a------ C:\Program Files\spyhunterS.exe
    2006-09-01 10:38 278927592 --a------ C:\Program Files\WindowsXP-KB835935-SP2-ENU.exe
    2006-09-01 09:16 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2006-09-01 09:11 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-08-31 11:45 -------- d-------- C:\Program Files\WinRAR
    2006-08-29 09:09 -------- d-------- C:\Documents and Settings\Frankfurt01\Application Data\Apple Computer
    2006-08-28 07:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-08-28 07:44 -------- d-------- C:\Program Files\hp LaserJet 1005
    2006-08-10 10:24 -------- d-------- C:\Program Files\QuickTime
    2006-08-10 10:23 -------- d-------- C:\Program Files\iTunes
    2006-08-10 10:23 -------- d-------- C:\Program Files\iPod
    2006-08-10 10:10 -------- d-------- C:\Program Files\Java
    2006-08-10 10:09 -------- d-------- C:\Program Files\Common Files\Java
    2006-07-21 10:30 72704 --a------ C:\WINDOWS\system32\hlink.dll
    2006-07-13 10:50 595968 --a------ C:\WINDOWS\system32\xpsp2res.dll
    2006-06-21 12:13 10641672 --a------ C:\Program Files\SkypeSetup.exe
    2006-06-21 12:08 1113368 --a------ C:\WINDOWS\Duncan_ferguson.scr


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "qwzz"="C:\\PROGRA~1\\COMMON~1\\qwzz\\qwzzm.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
    "ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
    "D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "rkydbacc"="RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6"
    "PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
    "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

    Completion time: 12/09/2006 9:17:54.20
    ComboFix.txt
    ComboFixpart1.txt
    ComboFixpart2.txt

  4. #14
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default ewido

    I have also re-scanned the pc with ewido and the log is below:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 09:50:12 12/09/2006

    + Scan result:



    C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : No action taken.
    C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : No action taken.
    HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    [1164] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [1324] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [1388] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [1944] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [1992] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [2036] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [204] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [252] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [2996] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [300] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [336] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [436] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [516] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [564] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [576] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [652] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [712] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [760] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [800] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [816] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [840] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [868] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [960] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [976] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [992] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    C:\Program Files\Common Files\qwzz\qwzzd\qwzzc.dll -> Adware.TargetServer : No action taken.
    C:\nwnmff_16.exe_tobedeleted -> Downloader.Adload.fg : No action taken.
    C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.


    ::Report end

    thanks for your help....i hope we are nearly there!!!

  5. #15
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default ewido

    I have also re-scanned the pc with ewido and the log is below:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 09:50:12 12/09/2006

    + Scan result:



    C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : No action taken.
    C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : No action taken.
    HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    [1164] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [1324] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [1388] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [1944] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [1992] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [2036] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [204] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [252] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [2996] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [300] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [336] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [436] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [516] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [564] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [576] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [652] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [712] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [760] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [800] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [816] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [840] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [868] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [960] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [976] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    [992] C:\WINDOWS\System32\repairs303169590.dll -> Adware.SurfSide : No action taken.
    C:\Program Files\Common Files\qwzz\qwzzd\qwzzc.dll -> Adware.TargetServer : No action taken.
    C:\nwnmff_16.exe_tobedeleted -> Downloader.Adload.fg : No action taken.
    C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.


    ::Report end

    thanks for your help....i hope we are nearly there!!!

  6. #16
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default ewido

    when ewido finishes scanning it gives the option to remove all malware and quarantine but when i click on remove it seems to freeze the pc. i think thats why the log says "no action taken".

  7. #17
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Hi

    First go to Add\Remove programs in the Control Panel and uninstall SurfSideKick

    Then try to run EWIDO again ... post the new log...

    Also post a new hijackthis log...

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  8. #18
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default holy moly i think its gone!

    Hi,
    Thanks I think its gone! but i know nothing so maybe not!!

    I uninstalled the sidesurf and below is the ewido report and HJT report......I hope its all better now!!!

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 11:53:35 13/09/2006

    + Scan result:



    HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1482476501-1035525444-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\qwzz\qwzzd\qwzzc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
    C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
    C:\Documents and Settings\Frankfurt01\Cookies\frankfurt01@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.


    ::Report end


    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:05:19, on 13/09/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\PRINTV~1\pvmodule.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6
    O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66CA1332-416B-462F-93BE-0EFFAA9FE505}: NameServer = 80.58.32.97,80.58.0.33
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    THANKS AGAIN!

  9. #19
    Junior Member
    Join Date
    Sep 2006
    Posts
    15

    Default RUNDLL error

    Hi,
    I now have the following message on screen when i boot up the pc:

    RUNDLL
    error loading w00805a6.dll
    The specified module could not be found

    Any ideas?

    thanks again

  10. #20
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Hi

    That's good .. it means this malware has been deleted :-

    O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6

    WE can easily get rid of that error message...

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-


    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [rkydbacc] RUNDLL32.EXE w00805a6.dll,n 003dbac90000000a00805a6

    O4 - HKCU\..\Run: [qwzz] C:\PROGRA~1\COMMON~1\qwzz\qwzzm.exe


    Please post a new hijackthis log & let me know if you are still having any problems ?

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •