Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Please help computer so slow!!!

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Please help computer so slow!!!

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 24-09-2006, 02:24 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2006
Posts: 2
samuraisword Is a beginner here at D-A-L
Exclamation Please help computer so slow!!!
Hey guys I have never had a problem with pop-ups and spyware but all of a sudden my computer is extremely slow and i randomly get kick of internet explorer even though I have cable and not dial-up. Any help would be great.

Here is my logfile:


Logfile of HijackThis v1.99.1
Scan saved at 9:18:33 AM, on 9/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\ishost.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ismini.exe
C:\WINDOWS\System32\d8a50b09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\EndTask\EndTask Free\EndTaskFree.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
C:\WINDOWS\SMANTE~1\winspool.exe
C:\Documents and Settings\Owner\Application Data\?dobe\nopdb.exe
C:\WINDOWS\System32\services.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\AIMWxBugSetup60b6. 04.0.9.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\112664~1\EE\aolsoftware.e xe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 3.1\aoltbhelper.exe
C:\WINDOWS\TEMP\win9E0C.tmp.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\hwmje.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,srsmpvf. exe
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [filit] C:\Program Files\America Online 9.0c\download\foobar.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126646275\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\RunOnce: [AOLDeskbarInstall] "C:\Program Files\AOL Deskbar\AOLDeskbarSetup.exe" /s /u
O4 - HKLM\..\RunOnce: [AOLIEToolbarInstall] C:\Program Files\AOL Toolbar\AOLToolbarSetup.exe /s /u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [d8a50b09.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\d8a50b09.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [Spam Shredder] "C:\Program Files\Webroot\Shredder\spshredder.exe" -tray
O4 - HKCU\..\Run: [de0e05c4.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\de0e05c4.exe
O4 - HKCU\..\Run: [Aoer] "C:\WINDOWS\SMANTE~1\winspool.exe" -vt yazb
O4 - HKCU\..\Run: [Noqpqeqe] C:\Documents and Settings\Owner\Application Data\?dobe\nopdb.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Owner\LOCALS~1\Temp\stdrun52560.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\1AiU_kvIgmBZTSS6cW0tK6sTVvz6M5 D_.!!!
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://www.verizonwireless.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.wpmls.xmlsweb.com/XM...h/XMLCache.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/11b7aa6b...p/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134176739790
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SQLAgent$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 24-09-2006, 03:00 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please help computer so slow!!!
You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
  • Create a new folder in your C: Drive.
  • Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and move the HijackThis.exe file into it.
  • Run HJT from there (and revise your shortcut accordingly).




Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm






1. Download combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply (logfile is located at C:\ComboFix.txt).


Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall.


Please provide:

- a fresh HijackThis log
- combofix log
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 27-09-2006, 02:19 AM
Newbie
D-A-L Newbie
  
Join Date: Sep 2006
Posts: 2
samuraisword Is a beginner here at D-A-L
Re: Please help computer so slow!!!
Here is the new HiJackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 9:13:58 PM, on 9/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\1126646275\ee\AOLSoftware.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\d8a50b09.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\EndTask\EndTask Free\EndTaskFree.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
C:\Program Files\AIM\aim.exe
c:\program files\common files\aol\1126646275\ee\aim6.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\win9F6D.tmp.exe
C:\Program Files\hijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\hwmje.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,srsmpvf. exe
O2 - BHO: (no name) - {34621D3E-DA1A-4DC3-9383-FEF3B03BB151} - C:\WINDOWS\System32\mllmj.dll
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\POPUPW~1.DLL
O2 - BHO: (no name) - {4C657434-D1A6-53DA-0153-060B4C4CD2B9} - C:\WINDOWS\System32\klfodr.dll
O2 - BHO: (no name) - {4DD21413-2CD6-A1C3-4876-062C9AFFADDC} - C:\WINDOWS\System32\jabvrji.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll (file missing)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\askoyrvb.dll
O2 - BHO: (no name) - {D3A3CDD8-516B-0EC9-1C05-28F07AB8689F} - C:\WINDOWS\System32\tnccurzk.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\System32\xxyxxyy.dll
O4 - HKLM\..\Run: [filit] C:\Program Files\America Online 9.0c\download\foobar.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126646275\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [d8a50b09.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\d8a50b09.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [Spam Shredder] "C:\Program Files\Webroot\Shredder\spshredder.exe" -tray
O4 - HKCU\..\Run: [de0e05c4.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\de0e05c4.exe
O4 - HKCU\..\Run: [Aoer] "C:\WINDOWS\SMANTE~1\winspool.exe" -vt tzt
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Sadtkkh] C:\Documents and Settings\Owner\My Documents\??mbols\mmc.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\1AiU_kvIgmBZTSS6cW0tK6sTVvz6M5 D_.!!!
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://www.verizonwireless.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.wpmls.xmlsweb.com/XM...h/XMLCache.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/11b7aa6b...p/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134176739790
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\System32\mllmj.dll
O20 - Winlogon Notify: winmkh32 - C:\WINDOWS\SYSTEM32\winmkh32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: xxyxxyy - C:\WINDOWS\SYSTEM32\xxyxxyy.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SQLAgent$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)

Here is the combofix log:

Owner - 06-09-26 20:58:43.10 Service Pack 1
ComboFix 06.09.27 - Running from: "C:\"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\Owner\Application Data\Dxccwrd.dll
C:\Documents and Settings\Owner\Application Data\Dxcdmns.dll
C:\Documents and Settings\Owner\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Owner\Application Data\Dxcuknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Common Files\misc002
C:\Program Files\Inetget2
C:\WINDOWS\system32\components
C:\WINDOWS\system32\ixt0.dll
C:\Program Files\Safety Bar
C:\Program Files\Common Files\{448544BE-0891-1033-0731-030512200001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\Application Data\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\YMBOLS~1\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MBOLS~1\mmc.exe
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\WINDOWS\ECURIT~1
C:\QooBox\Purity\WINDOWS\PPPATC~1
C:\QooBox\Purity\WINDOWS\SMANTE~1
C:\QooBox\Purity\WINDOWS\SMANTE~1\S?mantec
C:\QooBox\Purity\WINDOWS\SMANTE~1\winspool.exe
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1.NET


((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))


2006-09-26 20:58 276,518 --a------ C:\combofix.exe
2006-09-26 20:50 218,112 --a------ C:\hijackthis.exe
2006-09-26 17:03 763,258 ---hs---- C:\WINDOWS\system32\jmllm.ini2
2006-09-26 15:25 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-09-26 14:54 2 --a------ C:\WINDOWS\system32\wnsapicc.exe
2006-09-26 14:54 126,976 --a------ C:\WINDOWS\system32\tnccurzk.dll
2006-09-25 15:33 143,380 --a------ C:\WINDOWS\system32\knhynmdt.exe
2006-09-24 19:15 40,973 ---hs---- C:\WINDOWS\system32\rqromno.dll
2006-09-24 14:10 408,024 --a------ C:\AOLDNLD.exe
2006-09-24 13:57 107,520 --a------ C:\loaded.exe
2006-09-24 10:10 101,064 --a------ C:\OiUninstaller.exe
2006-09-24 06:32 45,525 --a------ C:\WINDOWS\system32\gvxfmgpg.dll
2006-09-23 21:16 45,525 --a------ C:\WINDOWS\system32\nifhdwra.dll
2006-09-23 11:47 45,525 --a------ C:\WINDOWS\system32\nimyoduo.dll
2006-09-22 18:09 106,516 --a------ C:\WINDOWS\system32\vgjtfjfc.dll
2006-09-21 18:16 106,516 --a------ C:\WINDOWS\system32\tibtgqmh.dll
2006-09-20 06:27 40,973 ---hs---- C:\WINDOWS\system32\efccyyx.dll
2006-09-19 15:28 40,973 ---hs---- C:\WINDOWS\system32\wvurqqn.dll
2006-09-18 15:51 86,068 --a------ C:\WINDOWS\system32\askoyrvb.dll
2006-09-17 19:36 106,516 --a------ C:\WINDOWS\system32\vmrdmsnr.dll
2006-09-17 16:17 40,973 ---hs---- C:\WINDOWS\system32\gebbcby.dll
2006-09-17 06:32 106,516 --a------ C:\WINDOWS\system32\ybtehhpl.dll
2006-09-16 19:49 106,516 --a------ C:\WINDOWS\system32\mycufsxx.dll
2006-09-15 07:22 106,516 --a------ C:\WINDOWS\system32\udqnvgvj.dll
2006-09-14 17:23 106,516 --a------ C:\WINDOWS\system32\alroooxq.dll
2006-09-14 16:14 40,973 ---hs---- C:\WINDOWS\system32\wvuvtro.dll
2006-09-13 16:22 106,516 --a------ C:\WINDOWS\system32\faitkeki.dll
2006-09-13 14:42 40,973 ---hs---- C:\WINDOWS\system32\iifdbcy.dll
2006-09-13 14:42 106,516 --a------ C:\WINDOWS\system32\wrvinfri.dll
2006-09-13 06:20 106,516 --a------ C:\WINDOWS\system32\jtdlwisa.dll
2006-09-12 20:04 106,516 --a------ C:\WINDOWS\system32\fmodmjtv.dll
2006-09-12 10:49 106,516 --a------ C:\WINDOWS\system32\ccukaviv.dll
2006-09-12 06:35 106,516 --a------ C:\WINDOWS\system32\sytgiupt.dll
2006-09-11 09:08 106,516 --a------ C:\WINDOWS\system32\ptfmtvmb.dll
2006-09-11 09:07 40,973 ---hs---- C:\WINDOWS\system32\ddccbxu.dll
2006-09-10 20:20 106,516 --a------ C:\WINDOWS\system32\jeroxnxj.dll
2006-09-10 19:32 106,516 --a------ C:\WINDOWS\system32\msiqkmey.dll
2006-09-10 12:16 40,973 ---hs---- C:\WINDOWS\system32\qomjhhf.dll
2006-09-10 12:15 106,516 --a------ C:\WINDOWS\system32\ktgeimjv.dll
2006-09-10 11:04 40,973 ---hs---- C:\WINDOWS\system32\tuvvvts.dll
2006-09-10 07:24 106,516 --a------ C:\WINDOWS\system32\gmttvwop.dll
2006-09-10 07:18 106,516 --a------ C:\WINDOWS\system32\ycawrrll.dll
2006-09-09 11:06 106,516 --a------ C:\WINDOWS\system32\kndhubfu.dll
2006-09-08 19:02 106,516 --a------ C:\WINDOWS\system32\ryropbou.dll
2006-09-08 18:40 928 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-09-08 17:37 40,973 ---hs---- C:\WINDOWS\system32\gebcywt.dll
2006-09-08 16:53 106,516 --a------ C:\WINDOWS\system32\cmcwnahu.dll
2006-09-08 16:02 106,516 --a------ C:\WINDOWS\system32\fwunwuei.dll
2006-09-08 15:37 40,973 ---hs---- C:\WINDOWS\system32\jkkiffc.dll
2006-09-08 06:29 106,516 --a------ C:\WINDOWS\system32\xkajpovk.dll
2006-09-08 06:27 40,973 ---hs---- C:\WINDOWS\system32\tuvsrqo.dll
2006-09-07 18:17 40,973 ---hs---- C:\WINDOWS\system32\jkkkjkj.dll
2006-09-07 18:12 106,516 --a------ C:\WINDOWS\system32\dryohbjd.dll
2006-09-07 09:51 40,973 ---hs---- C:\WINDOWS\system32\opnlkhg.dll
2006-09-07 09:47 106,516 --a------ C:\WINDOWS\system32\mkicjaiw.dll
2006-09-06 18:00 287,232 --a------ C:\WINDOWS\unshred1.exe
2006-09-06 17:47 40,973 ---hs---- C:\WINDOWS\system32\xxyxxyy.dll
2006-09-06 17:47 170,496 --a------ C:\WINDOWS\UnPopUpWasher.exe
2006-09-06 17:47 126,976 --a------ C:\WINDOWS\PopUpWasher21.dll
2006-09-06 17:40 106,516 --a------ C:\WINDOWS\system32\nxydalxp.dll
2006-09-06 13:14 106,516 --a------ C:\WINDOWS\system32\yyiolbhk.dll
2006-09-06 09:26 106,516 --a------ C:\WINDOWS\system32\apblpeho.dll
2006-09-06 08:22 106,516 --a------ C:\WINDOWS\system32\lxbwvydh.dll
2006-09-06 06:47 106,516 --a------ C:\WINDOWS\system32\urgvdjrn.dll
2006-09-05 11:52 78,848 --a------ C:\WINDOWS\system32\nsw4C90.dll
2006-09-05 11:52 78,848 --a------ C:\WINDOWS\system32\nsb7781.dll
2006-09-05 08:38 106,516 --a------ C:\WINDOWS\system32\sweeiuov.dll
2006-09-05 07:26 106,516 --a------ C:\WINDOWS\system32\ywjbdfsm.dll
2006-09-04 20:13 106,516 --a------ C:\WINDOWS\system32\lichvjpo.dll
2006-09-04 11:05 106,516 --a------ C:\WINDOWS\system32\lreeehut.dll
2006-09-04 08:12 102,420 --a------ C:\WINDOWS\system32\darelkis.dll
2006-09-04 08:01 102,420 --a------ C:\WINDOWS\system32\faijtgeb.dll
2006-09-03 18:01 102,420 --a------ C:\WINDOWS\system32\vbxgnkkt.dll
2006-09-03 12:48 102,420 --a------ C:\WINDOWS\system32\uswvcqek.dll
2006-09-03 12:41 102,420 --a------ C:\WINDOWS\system32\rjtxwgtm.dll
2006-09-03 08:33 10 --a------ C:\WINDOWS\smdat32m.sys
2006-09-03 08:33 0 --a------ C:\WINDOWS\smdat32a.sys
2006-09-03 07:59 102,420 --a------ C:\WINDOWS\system32\spkxkurt.dll
2006-09-03 07:13 102,420 --a------ C:\WINDOWS\system32\xbexalyn.dll
2006-09-02 17:34 102,420 --a------ C:\WINDOWS\system32\tqfysmrj.dll
2006-09-02 08:34 102,420 --a------ C:\WINDOWS\system32\vpxqkakb.dll
2006-09-01 19:29 102,420 --a------ C:\WINDOWS\system32\iraaoyoo.dll
2006-09-01 18:55 102,420 --a------ C:\WINDOWS\system32\nqhldvnr.dll
2006-09-01 10:58 102,420 --a------ C:\WINDOWS\system32\nrbmxswy.dll
2006-09-01 08:57 102,420 --a------ C:\WINDOWS\system32\oigthqjl.dll
2006-09-01 07:50 102,420 --a------ C:\WINDOWS\system32\hlfqtpna.dll
2006-08-27 08:51 94,720 --a------ C:\WINDOWS\system32\klfodr.dll
2006-08-27 08:51 73,216 --a------ C:\WINDOWS\system32\jabvrji.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-09-26 21:03 -------- d-a------ C:\Program Files\Common Files
2006-09-26 20:47 -------- d-------- C:\Program Files\hjt
2006-09-26 19:53 1293610 ---hs---- C:\WINDOWS\system32\jmllm.bak2
2006-09-25 16:01 -------- d-------- C:\Program Files\Common Files\çasks
2006-09-25 15:33 -------- d-------- C:\Documents and Settings\Owner\Application Data\SearchToolbarCorp
2006-09-24 14:08 -------- d-------- C:\Program Files\AIM
2006-09-24 14:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\Aim
2006-09-24 13:58 -------- d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug
2006-09-24 13:48 -------- d-------- C:\Program Files\AOL Deskbar
2006-09-24 13:41 -------- d-------- C:\Documents and Settings\Owner\Application Data\àdobe
2006-09-24 07:23 -------- d-------- C:\Program Files\America Online 9.0d
2006-09-24 07:22 -------- d-------- C:\Documents and Settings\Owner\Application Data\AOL
2006-09-24 07:17 -------- d-------- C:\Program Files\AOL Toolbar
2006-09-24 07:14 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-24 07:01 -------- d-------- C:\Program Files\WildTangent
2006-09-23 21:45 -------- d-------- C:\Program Files\AIM Toolbar
2006-09-23 21:37 -------- d-------- C:\Program Files\AOD
2006-09-23 21:20 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-23 21:19 -------- d-------- C:\Program Files\AOL
2006-09-23 21:14 -------- d-------- C:\Program Files\America Online 9.0c
2006-09-23 15:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2006-09-19 15:39 -------- d--h----- C:\Program Files\Common Files\cloader
2006-09-10 14:19 -------- d-------- C:\Program Files\PrintView
2006-09-10 07:37 -------- d-------- C:\Program Files\EndTask
2006-09-06 22:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-09-06 18:12 -------- d-------- C:\Program Files\Common Files\Webroot Shared
2006-09-06 18:03 -------- d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2006-09-06 17:59 -------- d-------- C:\Program Files\Webroot
2006-09-03 08:48 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-03 08:47 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-03 07:10 -------- d-------- C:\Program Files\ewido anti-malware
2006-09-01 09:59 -------- d-------- C:\Program Files\America Online 9.0b
2006-08-25 17:01 272 --a------ C:\WINDOWS\recife.exe
2006-08-22 11:15 -------- d-------- C:\Program Files\OfficeUpdate11
2006-08-22 11:15 -------- d-------- C:\Program Files\Common Files\System
2006-08-22 11:14 -------- d-------- C:\Program Files\NetMeeting
2006-08-21 11:36 78848 --a------ C:\WINDOWS\system32\nsa8592.dll
2006-08-19 22:38 1167 --a------ C:\WINDOWS\system32\iry0b86d.sys
2006-08-18 08:49 2580 --a------ C:\WINDOWS\system32\oynjchop.exe
2006-08-18 07:00 2580 --a------ C:\WINDOWS\system32\uulxhywu.exe
2006-08-17 20:19 2580 --a------ C:\WINDOWS\system32\qmtfktmx.exe
2006-08-17 06:34 2580 --a------ C:\WINDOWS\system32\bafbpfce.exe
2006-08-16 19:47 2580 --a------ C:\WINDOWS\system32\emmbptfm.exe
2006-08-16 18:55 2580 --a------ C:\WINDOWS\system32\ninjnyhj.exe
2006-08-16 08:16 2580 --a------ C:\WINDOWS\system32\jvbsqtwg.exe
2006-08-16 06:33 2580 --a------ C:\WINDOWS\system32\mpcimiqu.exe
2006-08-15 18:31 2580 --a------ C:\WINDOWS\system32\utkbkupa.exe
2006-08-15 17:09 2580 --a------ C:\WINDOWS\system32\gqktgags.exe
2006-08-15 11:04 2580 --a------ C:\WINDOWS\system32\ogvppleg.exe
2006-08-15 07:08 2580 --a------ C:\WINDOWS\system32\maltvieg.exe
2006-08-14 19:32 2580 --a------ C:\WINDOWS\system32\lelqnixx.exe
2006-08-14 07:23 2580 --a------ C:\WINDOWS\system32\bnryascq.exe
2006-08-13 11:17 2580 --a------ C:\WINDOWS\system32\excdbmsp.exe
2006-08-13 11:10 -------- d-------- C:\Program Files\QuickTime
2006-08-13 11:08 -------- d-------- C:\Program Files\iTunes
2006-08-13 11:06 -------- d-------- C:\Program Files\iPod
2006-08-13 08:31 2580 --a------ C:\WINDOWS\system32\mtqvuwye.exe
2006-08-12 11:23 2580 --a------ C:\WINDOWS\system32\rmcjafiq.exe
2006-08-12 09:56 2580 --a------ C:\WINDOWS\system32\dlkqegpw.exe
2006-08-11 20:35 2580 --a------ C:\WINDOWS\system32\hmcthoma.exe
2006-08-11 14:28 2580 --a------ C:\WINDOWS\system32\ukdgxiny.exe
2006-08-11 09:57 2580 --a------ C:\WINDOWS\system32\opkrbjfh.exe
2006-08-11 08:37 2580 --a------ C:\WINDOWS\system32\wqkdlidy.exe
2006-08-11 07:29 2580 --a------ C:\WINDOWS\system32\siiuedjh.exe
2006-08-10 21:07 2580 --a------ C:\WINDOWS\system32\mqtkeoyp.exe
2006-08-10 20:00 2580 --a------ C:\WINDOWS\system32\tcmfknlx.exe
2006-08-05 09:41 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-08-04 12:18 613208 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.ex e"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"d8a50b09.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\d8a50b09.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /1"
"PopUpWasher"="C:\\Program Files\\Webroot\\PopUpWasher\\PopUpWasher.exe"
"Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe /startup"
"Spam Shredder"="\"C:\\Program Files\\Webroot\\Shredder\\spshredder.exe\" -tray"
"de0e05c4.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\de0e05c4.exe"
"Aoer"="\"C:\\WINDOWS\\SMANTE~1\\winspool.exe\ " -vt tzt"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0d\\AOL.EXE\" -b"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"Sadtkkh"="C:\\Documents and Settings\\Owner\\My Documents\\??mbols\\mmc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"filit"="C:\\Program Files\\America Online 9.0c\\download\\foobar.exe"
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1126646275\\ee\\AOLSoftware.exe"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAO L.exe\" -Run"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.ex e"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.ex e"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.ex e"
"d8a50b09.exe"="C:\\WINDOWS\\System32\\d8a50b09.ex e"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72, 6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b ,00
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iry0b86d"="RUNDLL32.EXE w0275d83.dll,n 0030b86a0000000e0275d83"
"adstart"="\"iexplore.exe\" \"http://iesettingsupdate\""
"klfodr.dll"="C:\\WINDOWS\\System32\\rundll32. exe C:\\WINDOWS\\System32\\klfodr.dll,xvrbpqf"
"EndTask Free"="C:\\Program Files\\EndTask\\EndTask Free\\EndTaskFree.exe"
"de0e05c4.exe"="C:\\WINDOWS\\System32\\de0e05c4.ex e"
"loaddr"="C:\\tskmgr.exe"
"{54-44-4B-BE-ZN}"="C:\\windows\\system32\\oqdsrego.exe ELT001"
"septpop06apsept"="C:\\program files\\popupwithcast\\septpop06apsept.exe"
"sys024958457411"="C:\\WINDOWS\\sys024958457411.ex e"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"Aoer"="\"C:\\DOCUME~1\\Owner\\APPLIC~1\\YMBOLS~1\ \wowexec.exe\" -vt ndrv"
@="C:\\PROGRA~1\\COMMON~1\\PPPATC~1\\csrss.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aoer"="\"C:\\DOCUME~1\\Owner\\APPLIC~1\\YMBOLS~1\ \wowexec.exe\" -vt ndrv"
@="C:\\PROGRA~1\\COMMON~1\\PPPATC~1\\csrss.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdwareAlert]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AdwareAlert"
"hkey"="HKLM"
"command"="C:\\Program Files\\AdwareAlert\\AdwareAlert.Exe -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\America Online 9.0d\\AOL.EXE\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1 \\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\apcups security adware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="apcups"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\apcups.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Filetopia]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="FILETO~1"
"hkey"="HKLM"
"command"="C:\\FILETO~1\\FILETO~1.EXE /TRAY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\filit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="foobar"
"hkey"="HKLM"
"command"="C:\\Program Files\\America Online 9.0c\\download\\foobar.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1126646275\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\igfxtray.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EX E\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Update 64 BIT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="wininit32"
"hkey"="HKLM"
"command"="wininit32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\I mScInst.exe /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\T INTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\T INTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmkh32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxxyy

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Tue 09/26/2006 21:03:52.51
ComboFix.txt

Here is the smitfraudfix log:

SmitFraudFix v2.100

Scan done at 21:16:45.29, Tue 09/26/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 27-09-2006, 05:13 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please help computer so slow!!!
Please delete the following file so as to ensure you do not run HijackThis from that location:

C:\Program Files\hijackThis.exe



STEP # 2 - Cleaning

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.



Download and install Ewido anti-spyware 4.0 (uninstall any previous version first).
  • Click the Download BUTTON. On the next page click the Download now BUTTON.
  • Save and then install (Run) from the save location.
  • Open/Run ewido anti-spyware
  • Wait a few moments and Ewido should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    Quote:
  • Click on the Update now LINK at the top of the window
    • Click on the Start update button
    • Wait for the update to download and install
    		•
  • This is very important to get the LATEST updates
  • Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  • Click on the Scanner ICON at the top of the window
  • Click on the Settings tab then select Recommended Actions and choose Quarantine
  • When updating has finished. Close Ewido.



We will be using this tool in a later step.




Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan:
  • Click on the default Status ICON and select the Scan now LINK.

    OR

  • Click on the Scanner ICON . Select the Scan TAB.

    • Select Complete System Scan. Ewido will now begin to scan your system.

  • If Ewido finds anything it will list them in the Preview WINDOW:
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

  • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
  • Copy and paste the EWIDO scan results into your next post.
  • Close Ewido.


______________________________
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll (file missing)
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\System32\xxyxxyy.dll
O4 - HKCU\..\Run: [d8a50b09.exe] C:\Documents and Settings\Owner\Local Settings\APPLICation Data\d8a50b09.exe
O4 - HKCU\..\Run: [de0e05c4.exe] C:\Documents and Settings\Owner\Local Settings\APPLICation Data\de0e05c4.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\1AiU_kvIgmBZTSS6cW0tK6sTVvz6M5 D_.!!!
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL


O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/11b7aa6...ip/RdxIE601.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/s...nnerInstall.cab

O20 - Winlogon Notify: xxyxxyy - C:\WINDOWS\SYSTEM32\xxyxxyy.dll

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



Delete FILES:

C:\WINDOWS\System32\xxyxxyy.dll
C:\Documents and Settings\Owner\Local Settings\APPLICation Data\d8a50b09.exe
C:\Documents and Settings\Owner\Local Settings\APPLICation Data\de0e05c4.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\1AiU_kvIgmBZTSS6cW0tK6sTVvz6M5 D_.!!!


______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.


______________________________
Reboot in Normal Mode.

Please post (preferably not file attachments, please):
  1. c:\rapport.txt
  2. Ewido log
  3. A new HijackThis log
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Last edited by VopThis; 27-09-2006 at 05:19 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
My computer is so slow tbouten Spyware, Adware, Viruses and HijackThis Logs 5 30-11-2007 06:48 AM
Very Slow Computer Ken Weidenaar Spyware, Adware, Viruses and HijackThis Logs 12 14-06-2007 08:50 PM
Slow computer slow browsing imrke Spyware, Adware, Viruses and HijackThis Logs 11 04-03-2006 04:07 AM
very very slow computer hooglebug Windows XP Help 2 22-01-2006 12:34 AM
Slow Computer Ben702 Spyware, Adware, Viruses and HijackThis Logs 5 15-10-2004 05:17 PM


All times are GMT +1. The time now is 04:56 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav