hijack 1.99 - ads spy log

Can anyone please tell me if I am carrying viruses in this log. I am continually getting se.dll and have cleaned it many times. I have tried this but am not sure which items I should delete. Thank you!

C:\WINDOWS\Advanced Font Manager Setup Log.txt : wjcjw (11591 bytes)
C:\WINDOWS\ALCMTR.EXE : pkmoq (11591 bytes)
C:\WINDOWS\ALCMTR.EXE : pnzis (0 bytes)
C:\WINDOWS\bootstat.dat : ctnjl (100127 bytes)
C:\WINDOWS\dahotfix.log : kwaxx (10240 bytes)
C:\WINDOWS\DtcInstall.log : woekf (26624 bytes)
C:\WINDOWS\EPS820.ini : oueyh (11141 bytes)
C:\WINDOWS\EPS820.ini : umdnu (93184 bytes)
C:\WINDOWS\EPSTPLOG.BAK : zyenz (26624 bytes)
C:\WINDOWS\explorer.scf : gpuzn (93184 bytes)
C:\WINDOWS\FaxSetup.log : fnggi (10240 bytes)
C:\WINDOWS\FeatherTexture.bmp : gdyeg (93184 bytes)
C:\WINDOWS\FeatherTexture.bmp : soksa (10240 bytes)
C:\WINDOWS\HKCLFNK.ini : fzrzk (10240 bytes)
C:\WINDOWS\HKCLFNK.ini : ymmxm (11591 bytes)
C:\WINDOWS\hotbtnv.vxd : bptbz (11388 bytes)
C:\WINDOWS\IEPatchUninstall.log : uqlgc (3063 bytes)
C:\WINDOWS\iis6.log : mqwmw (56832 bytes)
C:\WINDOWS\IsUninst.exe : boivc (11591 bytes)
C:\WINDOWS\IsUninst.exe : frorq (0 bytes)
C:\WINDOWS\KB822603.log : mpaae (56832 bytes)
C:\WINDOWS\KB826939.log : qfapw (93184 bytes)
C:\WINDOWS\KB835221.log : annbd (100127 bytes)
C:\WINDOWS\KB835732.log : tglit (93184 bytes)
C:\WINDOWS\KB840374.log : indnv (18944 bytes)
C:\WINDOWS\msgsocm.log : oyvvo (11591 bytes)
C:\WINDOWS\nsreg.dat : zrhgk (56832 bytes)
C:\WINDOWS\ntbtlog.txt : buotf (30127 bytes)
C:\WINDOWS\n_gevqml.txt : jorpp (100127 bytes)
C:\WINDOWS\n_ixegpo.txt : bpjck (11801 bytes)
C:\WINDOWS\n_pauytv.dat : xzobs (100127 bytes)
C:\WINDOWS\n_sivxca.dat : ibsmo (30127 bytes)
C:\WINDOWS\ocgen.log : bssrf (100127 bytes)
C:\WINDOWS\Prairie Wind.bmp : tbrpk (26624 bytes)
C:\WINDOWS\Q329909.log : kmqpi (93184 bytes)
C:\WINDOWS\Q811114.log : nffsni (13581 bytes)
C:\WINDOWS\Q811114.log : sdnbc (10240 bytes)
C:\WINDOWS\QFE.log : naecq (100127 bytes)
C:\WINDOWS\regedit.exe : ggyxpk (11151 bytes)
C:\WINDOWS\Rhododendron.bmp : yhqcju (3567 bytes)
C:\WINDOWS\Santa Fe Stucco.bmp : fkkkj (12143 bytes)
C:\WINDOWS\Santa Fe Stucco.bmp : nfizt (11591 bytes)
C:\WINDOWS\Santa Fe Stucco.bmp : qchvm (30127 bytes)
C:\WINDOWS\SchedLgU.Txt : iibilf (66560 bytes)
C:\WINDOWS\setupact.log : gybev (11591 bytes)
C:\WINDOWS\setupact.log : lrpdj (93184 bytes)
C:\WINDOWS\setupapi.log.0.old : lvane (10240 bytes)
C:\WINDOWS\setuplog.txt : ilvbhx (11801 bytes)
C:\WINDOWS\setuplog.txt : yzusp (11591 bytes)
C:\WINDOWS\setuplog.txt : zvdtj (93184 bytes)
C:\WINDOWS\smscfg.ini : wcuzo (100127 bytes)
C:\WINDOWS\Soap Bubbles.bmp : alohch (30127 bytes)
C:\WINDOWS\Soap Bubbles.bmp : raexr (56832 bytes)
C:\WINDOWS\UNNeroBurnRights.cfg : jwhud (11591 bytes)
C:\WINDOWS\vb.ini : bxrhf (11591 bytes)
C:\WINDOWS\vb.ini : hhtwg (93184 bytes)
C:\WINDOWS\vbaddin.ini : zltod (30127 bytes)
C:\WINDOWS\wanmpsvc.exe : kfseb (10240 bytes)
C:\WINDOWS\wanmpsvc.exe : uykmz (3063 bytes)
C:\WINDOWS\wiaservc.log : cpwtm (26624 bytes)
C:\WINDOWS\Windows Update.log : dgdje (18944 bytes)
C:\WINDOWS\winhelp.exe : jasfv (10240 bytes)
C:\WINDOWS\winnt.bmp : ciaxo (100127 bytes)
C:\WINDOWS\winnt256.bmp : eqhnh (93184 bytes)
C:\WINDOWS\wmsetup.log : wagav (100127 bytes)
C:\WINDOWS\wsdu.log : pbqfq (11801 bytes)
C:\WINDOWS\zHotkey.exe : mqjwt (11591 bytes)
C:\WINDOWS\_default.pif : azowv (100127 bytes)

 

Hello sarison,

Could you post a complete HJT log?

Regards - Charles

 

Attached Hijack from 1-8-06

charles

I just ran Hijack and nothing is showing up as threat in the general scan.

However, I have just scanned and cleaned about 1 hr ago...

The sp or se.dll seems to find a door back into my system...I have used cwshredder 2.19.0.1099 and it was finding hidden.dll. Cleaned this and it came back. Not sure if it is a ghost or not.
-
I have attached the hijack log from 1-8-06. This is almost the same except for the files from the dll's on keys 02 and 018. They seem to change.

This dosent show the rundll.exe in the processes when it runs se.dll. I ended the process before the scan.

Thanks for your interest.

Logfile of HijackThis v1.99.0
Scan saved at 11:56:47 AM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\pshop2\Photoshop.exe
C:\DOCUME~1\OWNER~1.SVD\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\OWNER~1.SVD\LOCALS~1\Temp\~e5d141.tmp
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJB.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\DOCUME~1\OWNER~1.SVD\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\OWNER~1.SVD\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\OWNER~1.SVD\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {3E860760-F7C4-49A0-BFE5-4D5DB5E172B3} - C:\WINDOWS\system32\amphdaa.dll
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SVLAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P47 "Auto EPSON Stylus Photo R200 Series on SVLAPTOP" /O23 "\\SVLAPTOP\R 200 Laptop" /M "Stylus Photo R200 "
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\OWNER~1.SVD\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O18 - Filter: text/html - {A553CA8E-C657-4EF3-B941-7F63DD9039C9} - C:\WINDOWS\system32\amphdaa.dll
O18 - Filter: text/plain - {A553CA8E-C657-4EF3-B941-7F63DD9039C9} - C:\WINDOWS\system32\amphdaa.dll
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe