I have gotten trojans and spywares that refuse to be deleted. I have attempted to use Killbox, Ewido and Adaware but they have not sucessfully cleaned the infections. (I also have Symnatec Antivirus and Mcaffee. I do not use McAffee anymore since the subscription ran out. The Symnatec came free from my college but does not seem to do much.)

The computer started crashing about 1 week ago. I restored the system to a later date. It is no longer crashing but the same spyware is present. A file named mkrog.exe was present for a while and refused to be deleted. It is now gone, but I doubt it was due to any effort of mine. It has been about 8 or 9 days since my computer has been taken over by spyware.

I had a Hijackthis log but the computer I am currently using to send the message does not allow this type of documnet to be opened. (I have cut off my own computer from the net.) However I did manage successfully post the Adaware quarintine log. If this is not enough, I will try using the sick computer to post the Hijackthislog directly.

ArchiveData(auto-quarantine- 2006-05-07 02-30-33.bckp)
Referencefile : SE1R106 02.05.2006
======================================================

MRU LIST
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[0]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[1]=MRU RegReference : S-1-5-21-839522115-1060284298-1343024091-1003\software\microsoft\internet explorer download directory
obj[2]=MRU RegReference : S-1-5-21-839522115-1060284298-1343024091-1003\software\microsoft\internet explorer\typedurls
obj[3]=MRU RegReference : S-1-5-21-839522115-1060284298-1343024091-1003\software\microsoft\search assistant\acmru\5603
obj[4]=MRU RegReference : S-1-5-21-839522115-1060284298-1343024091-1003\software\microsoft\search assistant\acmru\5604
obj[6]=MRU RegReference : S-1-5-21-839522115-1060284298-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\exe
obj[5]=MRU RegReference : S-1-5-21-839522115-1060284298-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[7]=MRU RegReference : S-1-5-21-839522115-1060284298-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\log
obj[9]=MRU RegReference : S-1-5-21-839522115-1060284298-1343024091-1003\software\microsoft\windows media\wmsdk\general computername

ADWARE.LOOK2ME
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[7]=Process : C:\WINDOWS\system32\wdp.dll
obj[9]=Process : C:\WINDOWS\system32\MISTDFMT.DLL
obj[11]=Process : C:\WINDOWS\system32\MISTDFMT.DLL

WEBHANCER
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[8]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[10]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[13]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[16]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[18]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[21]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[24]=Process : C:\Program Files\webHancer\programs\whiehlpr.dll
obj[25]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[26]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[28]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[29]=Process : C:\Program Files\webHancer\programs\whiehlpr.dll
obj[30]=Process : C:\Program Files\webHancer\Programs\whagent.exe
obj[31]=Process : C:\Program Files\webHancer\programs\whiehlpr.dll
obj[32]=Process : C:\Program Files\webHancer\Programs\webhdll.dll
obj[33]=Process : C:\Program Files\webHancer\Programs\whsurvey.exe
obj[40]=Regkey : whiehelperobj.whiehelperobj
obj[41]=Regkey : whiehelperobj.whiehelperobj.1
obj[44]=Regkey : software\microsoft\windows\currentversion\uninstall\webhancer agent
obj[45]=RegValue : software\microsoft\windows\currentversion\uninstall\webhancer agent "DisplayName"
obj[46]=Regkey : software\webhancer
obj[48]=RegValue : software\microsoft\windows\currentversion\run "webHancer Agent"
obj[58]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "webHancer Survey Companion"
obj[59]=LSP : webHancer New.net UDP Chain (C:\Program Files\webHancer\Programs\webhdll.dll)
obj[60]=LSP : webHancer New.net TCP Chain (C:\Program Files\webHancer\Programs\webhdll.dll)
obj[61]=LSP : webHancer MSAFD Tcpip [TCP/IP] (C:\Program Files\webHancer\Programs\webhdll.dll)
obj[62]=LSP : webHancer MSAFD Tcpip [UDP/IP] (C:\Program Files\webHancer\Programs\webhdll.dll)
obj[63]=LSP : webHancer (C:\Program Files\webHancer\Programs\webhdll.dll)
obj[148]=Folder : C:\Program Files\webHancer
obj[149]=Folder : C:\Program Files\whInstall
obj[196]=File : c:\program files\webhancer\programs\whsurvey.exe
obj[197]=File : C:\Program Files\webHancer\Programs\webhdll.dll
obj[206]=File : C:\Documents and Settings\Alex\Local Settings\Temp\Temporary Internet Files\Content.IE5\807LVHJ6\WHCC2[1].exe
obj[216]=File : C:\Program Files\webHancer\Programs\webhdll.dll
obj[217]=File : C:\Program Files\webHancer\Programs\whiehlpr.dll
obj[218]=File : C:\Program Files\webHancer\Programs\whinstaller.exe
obj[223]=File : C:\WHCC2.exe
obj[232]=File : C:\Program Files\webhancer\programs\license.txt
obj[233]=File : C:\Program Files\webhancer\programs\readme.txt
obj[234]=File : C:\Program Files\webhancer\programs\sporder.dll
obj[235]=File : C:\Program Files\webhancer\programs\whagent.exe
obj[236]=File : C:\Program Files\webhancer\programs\whagent.ini
obj[237]=File : C:\Program Files\webhancer\programs\whSurvey.ini
obj[238]=File : C:\Program Files\whinstall\license.txt
obj[239]=File : C:\Program Files\whinstall\readme.txt
obj[240]=File : C:\Program Files\whinstall\whAgent.ini

ADWARE.CASINOCLIENT
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[12]=Process : C:\Program Files\System Files\plugin.dll
obj[15]=Process : C:\Program Files\System Files\plugin.dll
obj[17]=Process : C:\Program Files\System Files\plugin.dll
obj[19]=Process : C:\Program Files\System Files\plugin.dll
obj[22]=Process : C:\Program Files\System Files\plugin.dll
obj[23]=Process : C:\Program Files\System Files\plugin.dll
obj[27]=Process : C:\Program Files\System Files\plugin.dll
obj[34]=Regkey : typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}
obj[35]=Regkey : clsid\{8253d547-38dd-4325-b35a-f1817edfa5f5}
obj[49]=RegData : protocols\filter\text/html "CLSID"
obj[150]=Folder : C:\Program Files\System Icons
obj[151]=Folder : C:\Program Files\System Files
obj[198]=File : C:\Documents and Settings\Alex\Local Settings\Temp\cas2setup.exe
obj[204]=File : C:\Documents and Settings\Alex\Local Settings\Temp\Temporary Internet Files\Content.IE5\807LVHJ6\cas2setup[1].exe
obj[215]=File : C:\Program Files\System Files\plugin.dll
obj[241]=File : C:\Program Files\system files\kwdata.cdb
obj[242]=File : C:\Program Files\system files\System.exe
obj[243]=File : C:\Program Files\system files\Uninstall.exe

WIN32.TROJAN.DNSCHANGER
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[14]=Process : C:\Program Files\Network Monitor\netmon.exe
obj[152]=Folder : C:\Program Files\Network Monitor
obj[214]=File : C:\Program Files\Network Monitor\netmon.exe

ADWARE.ZENOSEARCH
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[20]=Process : C:\WINDOWS\system32\nwinqqag.exe
obj[47]=RegValue : software\microsoft\windows\currentversion\run "BrowserUpdateSched"
obj[153]=Regkey : software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno
obj[154]=RegValue : software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno "UninstallString"
obj[155]=Regkey : software\microsoft\windows\currentversion\uninstall\zeno search assistant
obj[156]=RegValue : software\microsoft\windows\currentversion\uninstall\zeno search assistant "UninstallString"
obj[244]=File : C:\WINDOWS\system32\msnav32.ax
obj[245]=File : C:\WINDOWS\system32\nt68rrtc12.sys
obj[246]=File : C:\WINDOWS\system32\zxdnt3d.cfg

ADWARE.DOLLARREVENUE
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[36]=Regkey : clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}
obj[37]=Regkey : interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
obj[38]=Regkey : typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
obj[157]=Regkey : software\microsoft\downloadmanager

SURFSIDEKICKBHO
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[39]=Regkey : clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}
obj[42]=Regkey : software\microsoft\windows\currentversion\uninstall\surf sidekick
obj[43]=RegValue : software\microsoft\windows\currentversion\uninstall\surf sidekick "UninstallString"
obj[158]=Regkey : software\surfsidekick3
obj[159]=Regkey : software\surfsidekick3
obj[160]=Folder : C:\Program Files\SurfSideKick 3
obj[207]=File : C:\Documents and Settings\Alex\Local Settings\Temp\Temporary Internet Files\Content.IE5\B8TPTIF3\SS1001[1].exe
obj[227]=File : C:\WINDOWS\SS1001.exe
obj[247]=File : C:\Program Files\surfsidekick 3\Ssk.exe
obj[248]=File : C:\Program Files\surfsidekick 3\SskBho.dll
obj[249]=File : C:\Program Files\surfsidekick 3\SskCore.dll

ABETTERINTERNET.NAIL
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[50]=RegData : software\microsoft\windows nt\currentversion\winlogon "Shell"

WINDOWS
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[51]=RegData : software\microsoft\windows nt\currentversion\winlogon "Shell"

POSSIBLE BROWSER HIJACK ATTEMPT
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[52]=RegData : Software\Microsoft\Internet Explorer\Main "Search Page"
obj[53]=RegData : Software\Microsoft\Internet Explorer\Search "SearchAssistant"
obj[54]=RegData : S-1-5-21-839522115-1060284298-1343024091-1003\Software\Microsoft\Internet Explorer\Main "Search Page"
obj[55]=RegData : S-1-5-21-839522115-1060284298-1343024091-1003\Software\Microsoft\Internet Explorer\Main "Start Page"
obj[56]=RegData : S-1-5-21-839522115-1060284298-1343024091-1003\Software\Microsoft\Internet Explorer\Main "Search Bar"
obj[57]=RegData : S-1-5-21-839522115-1060284298-1343024091-1003\Software\Microsoft\Internet Explorer\Main "Default_Search_URL"

TRACKING COOKIE
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[64]=IECache Entry : Cookie:alex@imrworldwide.com/cgi-bin
obj[65]=IECache Entry : Cookie:alex@media.fastclick.net/
obj[66]=IECache Entry : Cookie:alex@reduxads.valuead.com/
obj[67]=IECache Entry : Cookie:alex@sexlist.com/
obj[68]=IECache Entry : Cookie:alex@tradedoubler.com/
obj[69]=IECache Entry : Cookie:alex@doubleclick.net/
obj[70]=IECache Entry : Cookie:alex@counter1.sextracker.com/
obj[71]=IECache Entry : Cookie:alex@adserver.adreactor.com/
obj[72]=IECache Entry : Cookie:alex@landing.domainsponsor.com/
obj[73]=IECache Entry : Cookie:alex@ehg-farstone.hitbox.com/
obj[74]=IECache Entry : Cookie:alex@realmedia.com/
obj[75]=IECache Entry : Cookie:alex@atdmt.com/
obj[76]=IECache Entry : Cookie:alex@counter5.sextracker.com/
obj[77]=IECache Entry : Cookie:alex@perf.overture.com/
obj[78]=IECache Entry : Cookie:alex@questionmarket.com/
obj[79]=IECache Entry : Cookie:alex@c5.zedo.com/
obj[80]=IECache Entry : Cookie:alex@hitbox.com/
obj[81]=IECache Entry : Cookie:alex@trafficmp.com/
obj[82]=IECache Entry : Cookie:alex@as-us.falkag.net/
obj[83]=IECache Entry : Cookie:alex@advertising.com/
obj[84]=IECache Entry : Cookie:alex@zedo.com/
obj[85]=IECache Entry : Cookie:alex@trafic.ro/
obj[86]=IECache Entry : Cookie:alex@tripod.com/
obj[87]=IECache Entry : Cookie:alex@ads.pointroll.com/
obj[88]=IECache Entry : Cookie:alex@maxserving.com/
obj[89]=IECache Entry : Cookie:alex@mediaplex.com/
obj[90]=IECache Entry : Cookie:alex@citi.bridgetrack.com/
obj[91]=IECache Entry : Cookie:alex@serving-sys.com/
obj[92]=IECache Entry : Cookie:alex@as-eu.falkag.net/
obj[93]=IECache Entry : Cookie:alex@peel.com/
obj[94]=IECache Entry : Cookie:alex@ehg-playboy.hitbox.com/
obj[95]=IECache Entry : Cookie:alex@revenue.net/
obj[96]=IECache Entry : Cookie:alex@edge.ru4.com/
obj[97]=IECache Entry : Cookie:alex@tribalfusion.com/
obj[98]=IECache Entry : Cookie:alex@statcounter.com/
obj[99]=IECache Entry : Cookie:alex@ads.addynamix.com/
obj[100]=IECache Entry : Cookie:alex@sextracker.com/
obj[101]=IECache Entry : Cookie:alex@counter6.sextracker.com/
obj[102]=IECache Entry : Cookie:alex@bfast.com/
obj[103]=IECache Entry : Cookie:alex@casalemedia.com/
obj[104]=IECache Entry : Cookie:alex@targetnet.com/
obj[105]=IECache Entry : Cookie:alex@as1.falkag.de/
obj[106]=IECache Entry : Cookie:alex@adrevolver.com/
obj[107]=IECache Entry : Cookie:alex@paycounter.com/
obj[108]=IECache Entry : Cookie:alex@fastclick.net/
obj[109]=IECache Entry : Cookie:alex@media.adrevolver.com/adrevolver/
obj[110]=IECache Entry : Cookie:alex@stat.onestat.com/
obj[111]=IECache Entry : Cookie:alex@cs.sexcounter.com/
obj[112]=IECache Entry : Cookie:alex@adserver.adintensity.com/
obj[113]=IECache Entry : Cookie:alex@2o7.net/
obj[114]=IECache Entry : Cookie:alex@counter7.sextracker.com/
obj[115]=IECache Entry : Cookie:alex@pro-market.net/
obj[116]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@2o7[1].txt
obj[117]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@ads.addynamix[1].txt
obj[118]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@advertising[2].txt
obj[119]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@as-eu.falkag[2].txt
obj[120]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@as-us.falkag[1].txt
obj[121]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@atdmt[2].txt
obj[122]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@c5.zedo[1].txt
obj[123]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@casalemedia[2].txt
obj[124]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@counter1.sextracker[1].txt
obj[125]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@counter5.sextracker[1].txt
obj[126]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@doubleclick[1].txt
obj[127]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@fastclick[2].txt
obj[128]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@maxserving[2].txt
obj[129]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@media.fastclick[2].txt
obj[130]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@pro-market[1].txt
obj[131]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@realmedia[2].txt
obj[132]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@revenue[2].txt
obj[133]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@sextracker[1].txt
obj[134]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@trafficmp[1].txt
obj[135]=IECache Entry : C:\Documents and Settings\Alex\Local Settings\Temp\Cookies\alex@zedo[2].txt
obj[136]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@ads.addynamix[1].txt
obj[137]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@advertising[1].txt
obj[138]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@as-eu.falkag[1].txt
obj[139]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@as-us.falkag[2].txt
obj[140]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@atdmt[1].txt
obj[141]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@doubleclick[1].txt
obj[142]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@ehg-pcsecurityshield.hitbox[1].txt
obj[143]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@hitbox[1].txt
obj[144]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@realmedia[1].txt
obj[145]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@server.iad.liveperson[1].txt
obj[146]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@www.stopzilla[1].txt
obj[147]=IECache Entry : C:\WINDOWS\temp\Cookies\alex@zedo[2].txt

CMDSERVICES
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[161]=Regkey : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
obj[162]=RegValue : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} "DisplayName"
obj[163]=RegValue : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} "DisplayVersion"
obj[164]=RegValue : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} "NoModify"
obj[165]=RegValue : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} "NoRemove"
obj[166]=RegValue : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} "NoRepair"
obj[167]=RegValue : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} "UninstallString"
obj[168]=Regkey : system\controlset001\services\cmdservice
obj[169]=RegValue : system\controlset001\services\cmdservice "Start"
obj[170]=RegValue : system\controlset001\services\cmdservice "ErrorControl"
obj[171]=RegValue : system\controlset001\services\cmdservice "ImagePath"
obj[172]=RegValue : system\controlset001\services\cmdservice "DisplayName"
obj[173]=RegValue : system\controlset001\services\cmdservice "ObjectName"
obj[174]=Regkey : system\currentcontrolset\services\cmdservice
obj[175]=RegValue : system\currentcontrolset\services\cmdservice "Start"
obj[176]=RegValue : system\currentcontrolset\services\cmdservice "ErrorControl"
obj[177]=RegValue : system\currentcontrolset\services\cmdservice "ImagePath"
obj[178]=RegValue : system\currentcontrolset\services\cmdservice "DisplayName"
obj[179]=RegValue : system\currentcontrolset\services\cmdservice "ObjectName"
obj[180]=Regkey : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
obj[181]=RegValue : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} "DisplayName"
obj[182]=RegValue : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} "DisplayVersion"
obj[183]=RegValue : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} "NoModify"
obj[184]=RegValue : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} "NoRemove"
obj[185]=RegValue : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} "NoRepair"
obj[186]=RegValue : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} "UninstallString"
obj[199]=File : C:\Documents and Settings\Alex\Local Settings\Temp\cmdinst.exe
obj[202]=File : C:\Documents and Settings\Alex\Local Settings\Temp\temp.frA5B8
obj[208]=File : C:\Documents and Settings\Alex\Local Settings\Temp\Temporary Internet Files\Content.IE5\G8IAB34W\installer[1].exe
obj[209]=File : C:\Documents and Settings\Alex\Local Settings\Temp\Temporary Internet Files\Content.IE5\MHK7OD4X\MTE3NDI6ODoxNg[1].exe
obj[210]=File : C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\09ERS9U7\installer[1].exe
obj[211]=File : C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0XI7WTE7\MTE3NDI6ODoxNg[1].exe
obj[222]=File : C:\System Volume Information\_restore{8FF22BD8-EE9D-44DE-BFC1-A09C51B08E5B}\RP711\A0181799.exe
obj[224]=File : C:\WINDOWS\MTE3NDI6ODoxNg.exe
obj[226]=File : C:\WINDOWS\QWxleGFuZGVyIENoYW4\command.exe
obj[231]=File : C:\WINDOWS\temp\cmdinst.exe

COOLWEBSEARCH
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[187]=Regkey : protocols\filter\text/html
obj[188]=RegValue : protocols\filter\text/html "CLSID"
obj[189]=Regkey : software\microsoft\internet explorer\urlsearchhooks
obj[190]=RegValue : software\microsoft\internet explorer\main "Use Custom Search URL"
obj[191]=RegValue : software\microsoft\internet explorer\main "Enable Browser Extensions"
obj[192]=RegValue : software\microsoft\internet explorer\main "Search Bar"
obj[193]=RegValue : software\microsoft\windows\currentversion\policies\system "NoDispBackgroundPage"
obj[194]=RegValue : software\classes\protocols\filter\text/html "CLSID"
obj[200]=File : C:\Documents and Settings\Alex\Local Settings\Temp\temp.fr1F7E
obj[212]=File : C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8P274DYR\Installer[1].exe
obj[213]=File : C:\Installer.exe
obj[220]=File : C:\System Volume Information\_restore{8FF22BD8-EE9D-44DE-BFC1-A09C51B08E5B}\RP711\A0180790.dll
obj[250]=File : C:\WINDOWS\system32\wbem\logs\wbemess.log

WIN32.TROJANCLICKER
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[195]=RegData : software\microsoft\windows nt\currentversion\winlogon "Userinit"
obj[229]=File : C:\WINDOWS\system32\atmtd.dll
obj[230]=File : C:\WINDOWS\system32\atmtd.dll._
obj[254]=File : C:\WINDOWS\system32\ad.html

WIN32.TROJAN.DOWNLOADER
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[201]=File : C:\Documents and Settings\Alex\Local Settings\Temp\temp.fr51BE
obj[219]=File : C:\System Volume Information\_restore{8FF22BD8-EE9D-44DE-BFC1-A09C51B08E5B}\RP711\A0180789.exe
obj[251]=File : \drsmartload1.exe
obj[252]=File : \drsmartload45a.exe
obj[253]=File : \drsmartload46a.exe

ISEARCH TOOLBAR
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[203]=File : C:\Documents and Settings\Alex\Local Settings\Temp\temp.frBC99
obj[221]=File : C:\System Volume Information\_restore{8FF22BD8-EE9D-44DE-BFC1-A09C51B08E5B}\RP711\A0181798.dll
obj[225]=File : C:\WINDOWS\QWxleGFuZGVyIENoYW4\asappsrv.dll

TARGETSAVER
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[205]=File : C:\Documents and Settings\Alex\Local Settings\Temp\Temporary Internet Files\Content.IE5\807LVHJ6\stub_113_4_0_4_0[1].exe
obj[228]=File : C:\WINDOWS\stub_113_4_0_4_0.exe

OTHER
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
obj[255]=File : C:\WINDOWS\prefetch\CMDINST.EXE-0C71A1C6.pf
obj[256]=File : C:\WINDOWS\prefetch\INSTALLER.EXE-1BA629DD.pf
obj[257]=File : C:\WINDOWS\prefetch\NETMON.EXE-09C9CC43.pf
obj[258]=File : C:\WINDOWS\prefetch\MTE3NDI6ODOXNG.EXE-34CC5A1F.pf
obj[259]=File : C:\WINDOWS\prefetch\COMMAND.EXE-093CDCCB.pf
obj[260]=File : C:\WINDOWS\prefetch\SSK.EXE-20EC298C.pf
obj[261]=File : C:\WINDOWS\prefetch\DRSMARTLOAD1.EXE-04DD9FC7.pf

Please Click here!.

We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

This post has been edited by __RiP_ChAiN_: May 7 2006, 11:33 AM

My Hijackthis logfile

Logfile of HijackThis v1.99.1
Scan saved at 9:37:53 PM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Circle\VirtualCD\HvcdUI.exe
F:\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\AOL\1144562877\ee\AOLSoftware.exe
C:\windows\mousepad17.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\dwdsregt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
c:\program files\common files\aol\1144562877\ee\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alex\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supret.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-search.info/searchbar
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mkrog.exe
F2 - REG:system.ini: UserInit=userinit.exe,wfyrqnw.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Fz7v] C:\documents and settings\alex\local settings\temp\Fz7v.exe
O4 - HKLM\..\Run: [cKdGpUuF] C:\documents and settings\alex\local settings\temp\cKdGpUuF.exe
O4 - HKLM\..\Run: [firlnin] C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\8BEURKNO\delf061225[1].exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CircleVirtualCD] C:\Program Files\Circle\VirtualCD\HvcdUI.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144562877\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard17.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad17.exe
O4 - HKLM\..\Run: [newname] C:\\newname17.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{40-02-24-40-ZN}] C:\windows\system32\dwdsregt.exe CORN004
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Alex\Application Data\osoa.exe
O4 - HKCU\..\Run: [Rgcp] C:\WINDOWS\system32\t?skmgr.exe
O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: radio@netscape.lnk = C:\Program Files\Radio@Netscape Plus\Program\radio@netscape.exe
O4 - Startup: Registration .LNK = C:\Program Files\UBISOFT\Prince of Persia The Sands of Time\Support\Register\RegistrationReminder.exe
O4 - Startup: Zeno.lnk = ?
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\ppdsregr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O20 - AppInit_DLLs: repairs303169578.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\nxtevent.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\k8pm0i71e8.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\sYmlib.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Hello, thestreetdragon.

I apologize for the delay in getting back to you, I never recieved a topic notification of your last reply. Since it's been awhile since your last reply, please post back with a new HijackThis log and an update on your current situation.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.