Tech Support Forum - View Single Post - Problems: SurfSidekick.exe & repairs303169590.dll

SoCo RoJo · 06-08-2006, 06:06 PM

(The logs are too long for one reply. I split it just before the Online Scan.)

Thank you for your help. The computer is running somewhat better. I haven't seen an extreme difference yet. I will spend a few minutes after posting this to see how the computer is running. The logs are too long to There were a few problems I came across when I was going through the process.

1. In the Fixing Entries with HijackThis portion, I could not find:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe
O4 - HKCU\..\Run: [xiurx] C:\WINDOWS\system32\cujywa.exe reg_run
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

2. In Safe Mode I could not find AWS/weather bug in the Add/Remove programs list.

3. When deleting files in Safe Mode I located Logonui.exe in C:\windows\system32 and c:\windows\servicepackfiles\i386 but not in C:\windows or C:\progra~1\aws
Should I delete the two I found anyway?

Here are my new logs:

Logfile of HijackThis v1.99.1
Scan saved at 7:51:15 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Decryption Technology] MSXENOR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

ComboFix

Start Time= Thu 06/08/2006 15:37:18.79

(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))

15:37:50.12

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst

* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *

C:\WINDOWS\SYSTEM32\USERINIT.EXE

echo No infected Qoologic files found. Reg entries were fixed

((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\repairs303169587.dll
C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Admin\Application Data\Sskknwrd.dll
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Carina\Application Data\Sskdmns.dll
C:\Documents and Settings\Carina\Application Data\Sskknwrd.dll
C:\Documents and Settings\Carina\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Susan\Application Data\Sskknwrd.dll
C:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\Temp\SskUpdater3.exe
C:\WINDOWS\SYSTEM32\BK.EXE

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

15:41:37.79
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-06-07 17:42:28 ( .D... ) "C:\Program Files\Zone Labs"
2006-06-07 14:48:40 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-06-07 14:38:50 ( .D... ) "C:\Documents and Settings\Carina\Application Data\Lavasoft"
2006-06-07 14:02:50 20480 ( A.... ) "C:\stub_sca3.exe"
2006-06-07 14:02:36 418445 ( A.... ) "C:\Mendoza1.exe"
2006-06-07 14:02:36 ( .D... ) "C:\Program Files\Common Files\svchostsys"
2006-06-07 14:02:36 ( .D... ) "C:\Program Files\Common Files\simtest"
2006-06-07 14:02:36 ( .D... ) "C:\Program Files\Common Files\misc001"
2006-06-07 13:59:54 467968 ( A.... ) "C:\visfx500.exe"
2006-06-07 00:26:12 315 ( A.... ) "C:\WINDOWS\apqgo.dll"
2006-06-07 00:25:08 40960 ( A.... ) "C:\defender25.exe"
2006-06-06 22:43:36 35862 ( A.... ) "C:\WINDOWS\wallpap.exe"
2006-06-06 22:43:28 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-06-06 22:42:54 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe"
2006-06-06 22:33:40 ( .D... ) "C:\Program Files\Security Task Manager"
2006-06-05 20:39:42 ( .D... ) "C:\Program Files\Alwil Software"
2006-06-05 20:13:52 118411 ( A..H. ) "C:\Documents and Settings\Carina\Application Data\ptads.bin"
2006-06-03 14:31:44 ( .D... ) "C:\Documents and Settings\Carina\Application Data\Registry Booster"
2006-06-03 14:31:30 ( .D... ) "C:\Program Files\Uniblue"
2006-06-03 13:58:48 ( .D... ) "C:\Documents and Settings\Carina\Application Data\Help"
2006-06-03 11:21:58 ( .D... ) "C:\Program Files\Popup Free"
2006-06-02 23

18 ( .D... ) "C:\Program Files\Popup Manager"
2006-06-02 21:21:22 183296 ( A.S.. ) "C:\WINDOWS\NDNuninstall7_22.exe"
2006-06-02 21:17:34 266240 ( A.... ) "C:\NNSCAA638.EXE"
2006-06-02 17:26:10 ( .D... ) "C:\Program Files\Ashampoo"
2006-06-02 16:07:40 ( .D... ) "C:\Program Files\Spyware Doctor"
2006-06-02 16:07:40 ( .D... ) "C:\Documents and Settings\Carina\Application Data\PC Tools"
2006-06-02 08:54:50 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-06-02 08:54:50 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe"
2006-06-02 08:54:50 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe"
2006-06-02 08:54:46 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-06-02 08:54:44 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-06-02 08:54:26 45056 ( A.... ) "C:\wd7gi8n.exe"
2006-06-01 15:37:32 143360 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-06-01 10:30:12 362496 ( A.... ) "C:\526_620.exe"
2006-06-01 10:29:32 32768 ( A.... ) "C:\keyboard25.exe"
2006-05-31 17:52:58 395032 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-05-31 17:52:58 395032 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-05-31 17:51:58 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-05-31 17:51:56 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-05-31 17:51:54 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-05-31 17:51:54 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-05-31 17:51:52 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-05-31 17:51:46 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-05-31 17:51:46 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-05-31 17:51:44 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-05-31 17:51:42 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-05-31 17:51:38 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-05-31 17:51:20 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-05-31 05:02:04 624640 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2006-05-31 04:54:36 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr"
2006-05-30 00:40:58 685 ( A.... ) "C:\msnupdate.exe"
2006-05-29 22:26:02 12288 ( A.... ) "C:\lsass.exe"
2006-05-29 10:11:34 57344 ( A.... ) "C:\newname24.exe"
2006-05-29 10:11:32 36864 ( A.... ) "C:\defender24.exe"
2006-05-29 10:11:26 28672 ( A.... ) "C:\keyboard24.exe"
2006-05-28 22:20:34 126894 ( A.... ) "C:\WINDOWS\manager.exe"
2006-05-28 22:14:32 29251 ( A.... ) "C:\WINDOWS\mc-110-12-0000487.exe"
2006-05-28 21:35:18 12288 ( A.... ) "C:\svchost.exe"
2006-05-28 13:15:20 ( .D... ) "C:\Program Files\Windows"
2006-05-28 13:14:40 2 ( A.... ) "C:\WINDOWS\system32\wnscpsv.exe"
2006-05-28 13:14:18 ( .D... ) "C:\Program Files\Common Files\oqqf"
2006-05-28 13:12:24 ( .D... ) "C:\Program Files\A?pPatch"
2006-05-28 13:12:10 24576 ( A.... ) "C:\keyboard23.exe"
2006-05-17 11:23:38 579888 ( A.... ) "C:\WINDOWS\system32\LegitCheckControl.dll"
2006-05-17 02:20:56 17 ( A.... ) "C:\d.bat"
2006-05-04 00:26:22 5818784 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-04-22 00:20:26 ( .D... ) "C:\Program Files\BFG"
2006-03-30 05:16:04 1492480 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-03-29 21:00:14 16384 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-03-24 00:37:50 49152 ( A.... ) "C:\WINDOWS\system32\wdigest.dll"
2006-03-23 16:32:42 3053568 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-03-18 07:09:38 613376 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-03-17 05:07:18 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2006-03-17 00:03:54 8452096 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-03-16 20:38:02 28672 ( ..... ) "C:\WINDOWS\system32\verclsid.exe"

((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PRONoMgr.exe REG_SZ C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
IgfxTray REG_SZ C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\System32\hkcmd.exe
Gateway Ink Monitor REG_SZ "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
RealTray REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
AdaptecDirectCD REG_SZ "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
Microsoft Decryption Technology REG_SZ MSXENOR.EXE
Microsoft Works Update Detection REG_SZ C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PTRGMYGK REG_SZ rundll32.exe ptmg1v.dll,DllRunMain
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Zone Labs Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Weather REG_SZ C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
Spyware Doctor REG_SZ "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Uniblue Registry Booster REG_SZ C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
flags REG_DWORD 8 (0x8)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared]
OfficeSetLangInstallLocation REG_SZ C:\PROGRA~1\MICROS~4\Office10\SETLANG.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared]
OfficeSetLangInstallLocation REG_SZ C:\PROGRA~1\MICROS~4\Office10\SETLANG.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared]
OfficeSetLangInstallLocation REG_SZ C:\PROGRA~1\MICROS~4\Office10\SETLANG.EXE

Scheduled Tasks Folder Contents
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT

Completion time: Thu 06/08/2006 15:41:43.10
ComboFix ver 06.06.06 - This logfile is located at C:\ComboFix.txt

Dr. Web (I'm not sure this is how it is supposed to look. It saved as a .csv file. I changed it to a .txt file, and it came out like this. But either way, the actual results in the program had a lot more information and a lot more files. )

lsass.exe;C:\;Adware.DollarRevenue;Incurable.Deleted.;
526_620.exe\data001;C:\526_620.exe;Trojan.Popuper;;
526_620.exe\data002;C:\526_620.exe;Trojan.Popuper;;
526_620.exe;C:\;Archive contains infected objects;Moved.;
defender24.exe;C:\;Trojan.Click.1227;Deleted.;
defender25.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;
keyboard23.exe;C:\;Trojan.DownLoader.10205;Deleted.;
keyboard24.exe;C:\;Trojan.DownLoader.10262;Deleted.;
keyboard25.exe;C:\;Trojan.DownLoader.10308;Deleted.;
Mendoza1.exe;C:\;Adware.MediaTicket;Incurable.Moved.;
newname24.exe;C:\;Trojan.DownLoader.10206;Deleted.;

06-08-2006, 06:06 PM	#3 (permalink)
SoCo RoJo Registered User Join Date: Jun 2006 Posts: 14 OS: Windows XP	(The logs are too long for one reply. I split it just before the Online Scan.) Thank you for your help. The computer is running somewhat better. I haven't seen an extreme difference yet. I will spend a few minutes after posting this to see how the computer is running. The logs are too long to There were a few problems I came across when I was going through the process. 1. In the Fixing Entries with HijackThis portion, I could not find: F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe O4 - HKCU\..\Run: [xiurx] C:\WINDOWS\system32\cujywa.exe reg_run O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) 2. In Safe Mode I could not find AWS/weather bug in the Add/Remove programs list. 3. When deleting files in Safe Mode I located Logonui.exe in C:\windows\system32 and c:\windows\servicepackfiles\i386 but not in C:\windows or C:\progra~1\aws Should I delete the two I found anyway? Here are my new logs: Logfile of HijackThis v1.99.1 Scan saved at 7:51:15 PM, on 6/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Gateway Utilities\GWInkMonitor.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Spyware Doctor\swdoctor.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Microsoft Decryption Technology] MSXENOR.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe ComboFix Start Time= Thu 06/08/2006 15:37:18.79 (((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))) 15:37:50.12 Not all files found by this method are bad. There may be legitimate files found This log should be examined by a trained analyst * * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\SYSTEM32\USERINIT.EXE echo No infected Qoologic files found. Reg entries were fixed ((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\repairs303169587.dll C:\WINDOWS\system32\repairs303169590.dll C:\Documents and Settings\Admin\Application Data\Sskknwrd.dll C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Ssk.log C:\Documents and Settings\Carina\Application Data\Sskdmns.dll C:\Documents and Settings\Carina\Application Data\Sskknwrd.dll C:\Documents and Settings\Carina\Local Settings\Temporary Internet Files\Ssk.log C:\Documents and Settings\Susan\Application Data\Sskknwrd.dll C:\Documents and Settings\Susan\Local Settings\Temporary Internet Files\Ssk.log C:\Program Files\SurfSideKick 3\Ssk.exe C:\Program Files\SurfSideKick 3\SskBho.dll C:\Program Files\SurfSideKick 3\SskCore.dll C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf C:\WINDOWS\Temp\SskUpdater3.exe C:\WINDOWS\SYSTEM32\BK.EXE * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 15:41:37.79 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-06-07 17:42:28 ( .D... ) "C:\Program Files\Zone Labs" 2006-06-07 14:48:40 ( .D... ) "C:\Program Files\Spybot - Search & Destroy" 2006-06-07 14:38:50 ( .D... ) "C:\Documents and Settings\Carina\Application Data\Lavasoft" 2006-06-07 14:02:50 20480 ( A.... ) "C:\stub_sca3.exe" 2006-06-07 14:02:36 418445 ( A.... ) "C:\Mendoza1.exe" 2006-06-07 14:02:36 ( .D... ) "C:\Program Files\Common Files\svchostsys" 2006-06-07 14:02:36 ( .D... ) "C:\Program Files\Common Files\simtest" 2006-06-07 14:02:36 ( .D... ) "C:\Program Files\Common Files\misc001" 2006-06-07 13:59:54 467968 ( A.... ) "C:\visfx500.exe" 2006-06-07 00:26:12 315 ( A.... ) "C:\WINDOWS\apqgo.dll" 2006-06-07 00:25:08 40960 ( A.... ) "C:\defender25.exe" 2006-06-06 22:43:36 35862 ( A.... ) "C:\WINDOWS\wallpap.exe" 2006-06-06 22:43:28 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe" 2006-06-06 22:42:54 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe" 2006-06-06 22:33:40 ( .D... ) "C:\Program Files\Security Task Manager" 2006-06-05 20:39:42 ( .D... ) "C:\Program Files\Alwil Software" 2006-06-05 20:13:52 118411 ( A..H. ) "C:\Documents and Settings\Carina\Application Data\ptads.bin" 2006-06-03 14:31:44 ( .D... ) "C:\Documents and Settings\Carina\Application Data\Registry Booster" 2006-06-03 14:31:30 ( .D... ) "C:\Program Files\Uniblue" 2006-06-03 13:58:48 ( .D... ) "C:\Documents and Settings\Carina\Application Data\Help" 2006-06-03 11:21:58 ( .D... ) "C:\Program Files\Popup Free" 2006-06-02 2318 ( .D... ) "C:\Program Files\Popup Manager" 2006-06-02 21:21:22 183296 ( A.S.. ) "C:\WINDOWS\NDNuninstall7_22.exe" 2006-06-02 21:17:34 266240 ( A.... ) "C:\NNSCAA638.EXE" 2006-06-02 17:26:10 ( .D... ) "C:\Program Files\Ashampoo" 2006-06-02 16:07:40 ( .D... ) "C:\Program Files\Spyware Doctor" 2006-06-02 16:07:40 ( .D... ) "C:\Documents and Settings\Carina\Application Data\PC Tools" 2006-06-02 08:54:50 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe" 2006-06-02 08:54:50 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe" 2006-06-02 08:54:50 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe" 2006-06-02 08:54:46 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe" 2006-06-02 08:54:44 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe" 2006-06-02 08:54:26 45056 ( A.... ) "C:\wd7gi8n.exe" 2006-06-01 15:37:32 143360 ( A.... ) "C:\WINDOWS\system32\mptft.exe" 2006-06-01 10:30:12 362496 ( A.... ) "C:\526_620.exe" 2006-06-01 10:29:32 32768 ( A.... ) "C:\keyboard25.exe" 2006-05-31 17:52:58 395032 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys" 2006-05-31 17:52:58 395032 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys" 2006-05-31 17:51:58 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll" 2006-05-31 17:51:56 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll" 2006-05-31 17:51:54 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll" 2006-05-31 17:51:54 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll" 2006-05-31 17:51:52 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll" 2006-05-31 17:51:46 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll" 2006-05-31 17:51:46 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll" 2006-05-31 17:51:44 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll" 2006-05-31 17:51:42 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll" 2006-05-31 17:51:38 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll" 2006-05-31 17:51:20 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll" 2006-05-31 05:02:04 624640 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe" 2006-05-31 04:54:36 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr" 2006-05-30 00:40:58 685 ( A.... ) "C:\msnupdate.exe" 2006-05-29 22:26:02 12288 ( A.... ) "C:\lsass.exe" 2006-05-29 10:11:34 57344 ( A.... ) "C:\newname24.exe" 2006-05-29 10:11:32 36864 ( A.... ) "C:\defender24.exe" 2006-05-29 10:11:26 28672 ( A.... ) "C:\keyboard24.exe" 2006-05-28 22:20:34 126894 ( A.... ) "C:\WINDOWS\manager.exe" 2006-05-28 22:14:32 29251 ( A.... ) "C:\WINDOWS\mc-110-12-0000487.exe" 2006-05-28 21:35:18 12288 ( A.... ) "C:\svchost.exe" 2006-05-28 13:15:20 ( .D... ) "C:\Program Files\Windows" 2006-05-28 13:14:40 2 ( A.... ) "C:\WINDOWS\system32\wnscpsv.exe" 2006-05-28 13:14:18 ( .D... ) "C:\Program Files\Common Files\oqqf" 2006-05-28 13:12:24 ( .D... ) "C:\Program Files\A?pPatch" 2006-05-28 13:12:10 24576 ( A.... ) "C:\keyboard23.exe" 2006-05-17 11:23:38 579888 ( A.... ) "C:\WINDOWS\system32\LegitCheckControl.dll" 2006-05-17 02:20:56 17 ( A.... ) "C:\d.bat" 2006-05-04 00:26:22 5818784 ( A.... ) "C:\WINDOWS\system32\MRT.exe" 2006-04-22 00:20:26 ( .D... ) "C:\Program Files\BFG" 2006-03-30 05:16:04 1492480 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll" 2006-03-29 21:00:14 16384 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll" 2006-03-24 00:37:50 49152 ( A.... ) "C:\WINDOWS\system32\wdigest.dll" 2006-03-23 16:32:42 3053568 ( A.... ) "C:\WINDOWS\system32\mshtml.dll" 2006-03-18 07:09:38 613376 ( A.... ) "C:\WINDOWS\system32\urlmon.dll" 2006-03-17 05:07:18 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll" 2006-03-17 00:03:54 8452096 ( A.... ) "C:\WINDOWS\system32\shell32.dll" 2006-03-16 20:38:02 28672 ( ..... ) "C:\WINDOWS\system32\verclsid.exe" ((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] PRONoMgr.exe REG_SZ C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe IgfxTray REG_SZ C:\WINDOWS\System32\igfxtray.exe HotKeysCmds REG_SZ C:\WINDOWS\System32\hkcmd.exe Gateway Ink Monitor REG_SZ "C:\Program Files\Gateway Utilities\GWInkMonitor.exe" RealTray REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER AdaptecDirectCD REG_SZ "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" Microsoft Decryption Technology REG_SZ MSXENOR.EXE Microsoft Works Update Detection REG_SZ C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe PTRGMYGK REG_SZ rundll32.exe ptmg1v.dll,DllRunMain iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe Zone Labs Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] msnmsgr REG_SZ "C:\Program Files\MSN Messenger\msnmsgr.exe" /background Weather REG_SZ C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1 Spyware Doctor REG_SZ "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q Uniblue Registry Booster REG_SZ C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] flags REG_DWORD 8 (0x8) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared] OfficeSetLangInstallLocation REG_SZ C:\PROGRA~1\MICROS~4\Office10\SETLANG.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared] OfficeSetLangInstallLocation REG_SZ C:\PROGRA~1\MICROS~4\Office10\SETLANG.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared] OfficeSetLangInstallLocation REG_SZ C:\PROGRA~1\MICROS~4\Office10\SETLANG.EXE Scheduled Tasks Folder Contents C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\SA.DAT Completion time: Thu 06/08/2006 15:41:43.10 ComboFix ver 06.06.06 - This logfile is located at C:\ComboFix.txt Dr. Web (I'm not sure this is how it is supposed to look. It saved as a .csv file. I changed it to a .txt file, and it came out like this. But either way, the actual results in the program had a lot more information and a lot more files. ) lsass.exe;C:\;Adware.DollarRevenue;Incurable.Deleted.; 526_620.exe\data001;C:\526_620.exe;Trojan.Popuper;; 526_620.exe\data002;C:\526_620.exe;Trojan.Popuper;; 526_620.exe;C:\;Archive contains infected objects;Moved.; defender24.exe;C:\;Trojan.Click.1227;Deleted.; defender25.exe;C:\;Adware.DollarRevenue;Incurable.Moved.; keyboard23.exe;C:\;Trojan.DownLoader.10205;Deleted.; keyboard24.exe;C:\;Trojan.DownLoader.10262;Deleted.; keyboard25.exe;C:\;Trojan.DownLoader.10308;Deleted.; Mendoza1.exe;C:\;Adware.MediaTicket;Incurable.Moved.; newname24.exe;C:\;Trojan.DownLoader.10206;Deleted.;