Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Project 1 Virus [RESOLVED]


  • This topic is locked This topic is locked

#1
MarkInCali

MarkInCali

    Member

  • Member
  • PipPip
  • 10 posts
I was recently a victim of the Project 1 virus.... I searched on the internet on how to cure this bug, so I downloaded these two scanners, and im still coming up with random pop ups. Its not as bad as it used to be, but I would like to get rid of this for good. Please help, hijack file included.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:03:31 AM, on 8/22/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\Duce6.exe
D:\WINDOWS\win32081214254862.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\LimeWire\LimeWire.exe
D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
D:\Program Files\AOL Companion\companion.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PartyGaming\PartyGaming.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\webHancer\Programs\whagent.exe
D:\Program Files\webHancer\Programs\whsurvey.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\John M\Local Settings\Temporary Internet Files\Content.IE5\YTC7EXYH\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DDE4B80-376C-4968-88BF-65B7CA07D94E} - (no file)
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - D:\WINDOWS\System32\nspE7.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "D:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACTX1] D:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [hov3ee5e] RUNDLL32.EXE w0045e67.dll,n 0033ee5b000000020045e67
O4 - HKLM\..\Run: [TheMonitor] D:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [win32081214254862] D:\WINDOWS\win32081214254862.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding [url="http://iesettingsupdate""]http://iesettingsupdate"[/url]
O4 - HKLM\..\Run: [webHancer Survey Companion] D:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096768316012
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nu.../FIX/WinATS.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - D:\WINDOWS\System32\xeymi.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe (file missing)
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
MarkInCali

MarkInCali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for your help in advance. I just installed the service pack, and here is my Hijack This log....

Logfile of HijackThis v1.99.1
Scan saved at 11:27:43 AM, on 8/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\msiexec.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\Duce6.exe
D:\WINDOWS\win32092142548621.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\WINDOWS\win32092142548621.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\LimeWire\LimeWire.exe
D:\Program Files\AOL Companion\companion.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\John M\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DDE4B80-376C-4968-88BF-65B7CA07D94E} - (no file)
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - D:\WINDOWS\System32\nspE7.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - D:\WINDOWS\System32\adrotate.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "D:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hov3ee5e] RUNDLL32.EXE w0045e67.dll,n 0033ee5b000000020045e67
O4 - HKLM\..\Run: [TheMonitor] D:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [win32092142548621] D:\WINDOWS\win32092142548621.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096768316012
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nu.../FIX/WinATS.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Ok, let's down to it. :whistling:

First you must change the location of Hijackthis. It should not run from a temp directory.
  • Download and run the HijackThis autoinstall program
  • Please choose the default location of C:\Program Files as the destination.
  • Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

===========



Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
MarkInCali

MarkInCali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok... heres the Hijack file...

Logfile of HijackThis v1.99.1
Scan saved at 9:23:11 PM, on 8/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\WINDOWS\win32092142548621.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\Program Files\LimeWire\LimeWire.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe
D:\WINDOWS\Duce6.exe
D:\Program Files\AOL Companion\companion.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DDE4B80-376C-4968-88BF-65B7CA07D94E} - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - D:\WINDOWS\System32\nspE7.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - D:\WINDOWS\System32\adrotate.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "D:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hov3ee5e] RUNDLL32.EXE w0045e67.dll,n 0033ee5b000000020045e67
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [win32092142548621] D:\WINDOWS\win32092142548621.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [TheMonitor] D:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096768316012
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nu.../FIX/WinATS.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe



And here's the ComboFix log....

John M - 06-08-23 21:12:45.47
ComboFix 06.08.18 - Running from: D:\Documents and Settings\John M\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\Duce6.exe
D:\WINDOWS\Duce6.exe


((((((((((((((((((((((((((((((( Files Created from 2006-07-23 to 2006-08-23 ))))))))))))))))))))))))))))))))))


2006-08-23 18:43 183,296 D:\WINDOWS\NDNuninstall7_22.exe
2006-08-23 18:40 8,464 D:\WINDOWS\system32\sporder.dll
2006-08-23 18:40 50,688 D:\WINDOWS\NDNuninstall6_38.exe
2006-08-23 10:30 9,216 D:\WINDOWS\system32\wuauserv.dll
2006-08-23 10:30 86,528 D:\WINDOWS\system32\wlnotify.dll
2006-08-23 10:30 86,016 D:\WINDOWS\system32\xactsrv.dll
2006-08-23 10:30 77,824 D:\WINDOWS\system32\wmpstub.exe
2006-08-23 10:30 77,824 D:\WINDOWS\system32\wmpshell.dll
2006-08-23 10:30 56,832 D:\WINDOWS\system32\wzcdlg.dll
2006-08-23 10:30 51,200 D:\WINDOWS\system32\wmerrenu.dll
2006-08-23 10:30 48,128 D:\WINDOWS\system32\winsta.dll
2006-08-23 10:30 446,464 D:\WINDOWS\system32\wmvdmoe.dll
2006-08-23 10:30 38,912 D:\WINDOWS\system32\wsnmp32.dll
2006-08-23 10:30 311,327 D:\WINDOWS\system32\wmv8dmod.dll
2006-08-23 10:30 296,448 D:\WINDOWS\system32\wmstream.dll
2006-08-23 10:30 266,752 D:\WINDOWS\winhlp32.exe
2006-08-23 10:30 264,704 D:\WINDOWS\system32\wzcsvc.dll
2006-08-23 10:30 253,952 D:\WINDOWS\system32\wmpcd.dll
2006-08-23 10:30 247,808 D:\WINDOWS\system32\wow32.dll
2006-08-23 10:30 23,552 D:\WINDOWS\system32\wzcsapi.dll
2006-08-23 10:30 172,664 D:\WINDOWS\system32\xenroll.dll
2006-08-23 10:30 171,520 D:\WINDOWS\system32\winmm.dll
2006-08-23 10:30 17,408 D:\WINDOWS\system32\wtsapi32.dll
2006-08-23 10:30 168,448 D:\WINDOWS\system32\wldap32.dll
2006-08-23 10:30 13,312 D:\WINDOWS\system32\wship6.dll
2006-08-23 10:30 118,784 D:\WINDOWS\system32\wmsdmoe.dll
2006-08-23 10:30 1,998,848 D:\WINDOWS\system32\wmploc.dll
2006-08-23 10:30 1,404,928 D:\WINDOWS\system32\wmpui.dll
2006-08-23 10:30 1,298,432 D:\WINDOWS\system32\wmpcore.dll
2006-08-23 10:29 91,136 D:\WINDOWS\system32\rastls.dll
2006-08-23 10:29 88,064 D:\WINDOWS\system32\tscfgwmi.dll
2006-08-23 10:29 87,304 D:\WINDOWS\system32\rdpdd.dll
2006-08-23 10:29 82,944 D:\WINDOWS\system32\smlogsvc.exe
2006-08-23 10:29 81,920 D:\WINDOWS\system32\trkwks.dll
2006-08-23 10:29 8,192 D:\WINDOWS\system32\scrnsave.scr
2006-08-23 10:29 75,912 D:\WINDOWS\system32\rdpwsx.dll
2006-08-23 10:29 74,240 D:\WINDOWS\system32\rtcshare.exe
2006-08-23 10:29 71,168 D:\WINDOWS\system32\telnet.exe
2006-08-23 10:29 71,168 D:\WINDOWS\system32\storprop.dll
2006-08-23 10:29 71,168 D:\WINDOWS\system32\sdbinst.exe
2006-08-23 10:29 674,816 D:\WINDOWS\system32\sxs.dll
2006-08-23 10:29 667,648 D:\WINDOWS\system32\ss3dfo.scr
2006-08-23 10:29 66,560 D:\WINDOWS\system32\spoolss.dll
2006-08-23 10:29 66,048 D:\WINDOWS\system32\sigverif.exe
2006-08-23 10:29 638,976 D:\WINDOWS\system32\sstext3d.scr
2006-08-23 10:29 63,488 D:\WINDOWS\system32\srclient.dll
2006-08-23 10:29 62,976 D:\WINDOWS\system32\shgina.dll
2006-08-23 10:29 61,952 D:\WINDOWS\system32\webclnt.dll
2006-08-23 10:29 61,952 D:\WINDOWS\system32\sti.dll
2006-08-23 10:29 60,416 D:\WINDOWS\system32\wextract.exe
2006-08-23 10:29 60,416 D:\WINDOWS\system32\shimeng.dll
2006-08-23 10:29 6,144 D:\WINDOWS\system32\sensapi.dll
2006-08-23 10:29 57,856 D:\WINDOWS\system32\raschap.dll
2006-08-23 10:29 569,344 D:\WINDOWS\system32\sspipes.scr
2006-08-23 10:29 56,320 D:\WINDOWS\system32\remotepg.dll
2006-08-23 10:29 534,016 D:\WINDOWS\system32\spider.exe
2006-08-23 10:29 52,224 D:\WINDOWS\system32\secur32.dll
2006-08-23 10:29 49,664 D:\WINDOWS\system32\vfwwdm32.dll
2006-08-23 10:29 48,640 D:\WINDOWS\system32\vdmredir.dll
2006-08-23 10:29 48,128 D:\WINDOWS\system32\reg.exe
2006-08-23 10:29 479,261 D:\WINDOWS\system32\vbscript.dll
2006-08-23 10:29 47,616 D:\WINDOWS\system32\utilman.exe
2006-08-23 10:29 44,032 D:\WINDOWS\system32\regapi.dll
2006-08-23 10:29 44,032 D:\WINDOWS\system32\rdpclip.exe
2006-08-23 10:29 43,008 D:\WINDOWS\system32\ssdpsrv.dll
2006-08-23 10:29 423,424 D:\WINDOWS\system32\riched20.dll
2006-08-23 10:29 420,864 D:\WINDOWS\system32\shimgvw.dll
2006-08-23 10:29 409,088 D:\WINDOWS\system32\vssapi.dll
2006-08-23 10:29 40,960 D:\WINDOWS\system32\tscupgrd.exe
2006-08-23 10:29 385,024 D:\WINDOWS\system32\sqlsrv32.dll
2006-08-23 10:29 384,000 D:\WINDOWS\system32\themeui.dll
2006-08-23 10:29 364,544 D:\WINDOWS\system32\ssflwbox.scr
2006-08-23 10:29 36,352 D:\WINDOWS\system32\sens.dll
2006-08-23 10:29 34,304 D:\WINDOWS\system32\rcimlby.exe
2006-08-23 10:29 339,456 D:\WINDOWS\system32\usp10.dll
2006-08-23 10:29 334,848 D:\WINDOWS\system32\smlogcfg.dll
2006-08-23 10:29 33,280 D:\WINDOWS\system32\shmgrate.exe
2006-08-23 10:29 32,256 D:\WINDOWS\system32\umandlg.dll
2006-08-23 10:29 316,416 D:\WINDOWS\system32\wiaservc.dll
2006-08-23 10:29 3,338 D:\WINDOWS\system32\redir.exe
2006-08-23 10:29 297,984 D:\WINDOWS\system32\scesrv.dll
2006-08-23 10:29 27,136 D:\WINDOWS\system32\ssdpapi.dll
2006-08-23 10:29 258,048 D:\WINDOWS\system32\webcheck.dll
2006-08-23 10:29 251,904 D:\WINDOWS\system32\strmdll.dll
2006-08-23 10:29 24,064 D:\WINDOWS\system32\skeys.exe
2006-08-23 10:29 233,984 D:\WINDOWS\system32\tapisrv.dll
2006-08-23 10:29 231,424 D:\WINDOWS\system32\upnpui.dll
2006-08-23 10:29 22,528 D:\WINDOWS\system32\slayerxp.dll
2006-08-23 10:29 22,528 D:\WINDOWS\system32\shfolder.dll
2006-08-23 10:29 22,016 D:\WINDOWS\system32\udhisapi.dll
2006-08-23 10:29 203,264 D:\WINDOWS\system32\uxtheme.dll
2006-08-23 10:29 200,192 D:\WINDOWS\system32\termsrv.dll
2006-08-23 10:29 20,992 D:\WINDOWS\system32\setup.exe
2006-08-23 10:29 193,536 D:\WINDOWS\system32\rasppp.dll
2006-08-23 10:29 19,456 D:\WINDOWS\system32\ssmarque.scr
2006-08-23 10:29 18,944 D:\WINDOWS\system32\ssbezier.scr
2006-08-23 10:29 174,592 D:\WINDOWS\system32\scecli.dll
2006-08-23 10:29 171,008 D:\WINDOWS\system32\sccsccp.dll
2006-08-23 10:29 17,408 D:\WINDOWS\system32\ssmyst.scr
2006-08-23 10:29 169,984 D:\WINDOWS\system32\sccbase.dll
2006-08-23 10:29 165,376 D:\WINDOWS\system32\w32time.dll
2006-08-23 10:29 165,376 D:\WINDOWS\system32\tapi32.dll
2006-08-23 10:29 164,864 D:\WINDOWS\system32\upnphost.dll
2006-08-23 10:29 16,896 D:\WINDOWS\system32\snmpapi.dll
2006-08-23 10:29 16,384 D:\WINDOWS\system32\watchdog.sys
2006-08-23 10:29 16,384 D:\WINDOWS\system32\ups.exe
2006-08-23 10:29 159,232 D:\WINDOWS\system32\schedsvc.dll
2006-08-23 10:29 158,720 D:\WINDOWS\system32\srsvc.dll
2006-08-23 10:29 14,848 D:\WINDOWS\system32\rdpsnd.dll
2006-08-23 10:29 135,680 D:\WINDOWS\system32\rdchost.dll
2006-08-23 10:29 134,144 D:\WINDOWS\regedit.exe
2006-08-23 10:29 133,632 D:\WINDOWS\system32\rsaenh.dll
2006-08-23 10:29 133,120 D:\WINDOWS\system32\sfc_os.dll
2006-08-23 10:29 130,560 D:\WINDOWS\system32\sti_ci.dll
2006-08-23 10:29 13,824 D:\WINDOWS\system32\rassapi.dll
2006-08-23 10:29 13,312 D:\WINDOWS\system32\ssstars.scr
2006-08-23 10:29 128,512 D:\WINDOWS\system32\taskmgr.exe
2006-08-23 10:29 124,928 D:\WINDOWS\system32\webvw.dll
2006-08-23 10:29 120,320 D:\WINDOWS\system32\upnp.dll
2006-08-23 10:29 12,800 D:\WINDOWS\system32\runonce.exe
2006-08-23 10:29 12,288 D:\WINDOWS\system32\rdsaddin.exe
2006-08-23 10:29 119,808 D:\WINDOWS\system32\wiadss.dll
2006-08-23 10:29 117,760 D:\WINDOWS\system32\stobject.dll
2006-08-23 10:29 116,224 D:\WINDOWS\system32\shsvcs.dll
2006-08-23 10:29 11,776 D:\WINDOWS\system32\sigtab.dll
2006-08-23 10:29 107,008 D:\WINDOWS\system32\umpnpmgr.dll
2006-08-23 10:29 106,496 D:\WINDOWS\system32\url.dll
2006-08-23 10:29 10,752 D:\WINDOWS\system32\tracert.exe
2006-08-23 10:29 1,349,120 D:\WINDOWS\system32\query.dll
2006-08-23 10:29 1,157,632 D:\WINDOWS\system32\sfcfiles.dll
2006-08-23 10:29 1,142,784 D:\WINDOWS\system32\quartz.dll
2006-08-23 10:28 98,304 D:\WINDOWS\system32\oleprn.dll
2006-08-23 10:28 95,744 D:\WINDOWS\system32\nlhtml.dll
2006-08-23 10:28 94,208 D:\WINDOWS\system32\odbccp32.dll
2006-08-23 10:28 921,475 D:\WINDOWS\system32\ati3d2ag.dll
2006-08-23 10:28 9,728 D:\WINDOWS\system32\mstinit.exe
2006-08-23 10:28 857,600 D:\WINDOWS\system32\netplwiz.dll
2006-08-23 10:28 844,675 D:\WINDOWS\system32\ati3d1ag.dll
2006-08-23 10:28 82,944 D:\WINDOWS\system32\psbase.dll
2006-08-23 10:28 81,408 D:\WINDOWS\system32\msoert2.dll
2006-08-23 10:28 699,392 D:\WINDOWS\system32\msxml2.dll
2006-08-23 10:28 686,080 D:\WINDOWS\system32\opengl32.dll
2006-08-23 10:28 68,096 D:\WINDOWS\system32\mscms.dll
2006-08-23 10:28 67,584 D:\WINDOWS\system32\msctfp.dll
2006-08-23 10:28 65,536 D:\WINDOWS\system32\msconf.dll
2006-08-23 10:28 64,512 D:\WINDOWS\system32\msiexec.exe
2006-08-23 10:28 61,440 D:\WINDOWS\system32\odbccu32.dll
2006-08-23 10:28 61,440 D:\WINDOWS\system32\odbccr32.dll
2006-08-23 10:28 598,016 D:\WINDOWS\system32\mstscax.dll
2006-08-23 10:28 584,192 D:\WINDOWS\system32\netcfgx.dll
2006-08-23 10:28 58,880 D:\WINDOWS\system32\pautoenr.dll
2006-08-23 10:28 56,320 D:\WINDOWS\system32\mshtmler.dll
2006-08-23 10:28 552,991 D:\WINDOWS\system32\msrepl40.dll
2006-08-23 10:28 53,248 D:\WINDOWS\system32\packager.exe
2006-08-23 10:28 53,248 D:\WINDOWS\system32\odbcconf.exe
2006-08-23 10:28 512,031 D:\WINDOWS\system32\msexch40.dll
2006-08-23 10:28 511,488 D:\WINDOWS\system32\qedit.dll
2006-08-23 10:28 504,832 D:\WINDOWS\system32\msftedit.dll
2006-08-23 10:28 5,120 D:\WINDOWS\system32\hccoin.dll
2006-08-23 10:28 49,152 D:\WINDOWS\system32\npptools.dll
2006-08-23 10:28 421,919 D:\WINDOWS\system32\msrd2x40.dll
2006-08-23 10:28 42,496 D:\WINDOWS\system32\ncobjapi.dll
2006-08-23 10:28 403,456 D:\WINDOWS\system32\winbrand.dll
2006-08-23 10:28 401,462 D:\WINDOWS\system32\msvcp60.dll
2006-08-23 10:28 4,608 D:\WINDOWS\system32\msimg32.dll
2006-08-23 10:28 4,126 D:\WINDOWS\system32\msdxmlc.dll
2006-08-23 10:28 399,360 D:\WINDOWS\system32\netlogon.dll
2006-08-23 10:28 392,704 D:\WINDOWS\system32\ntmssvc.dll
2006-08-23 10:28 39,424 D:\WINDOWS\system32\net.exe
2006-08-23 10:28 388,608 D:\WINDOWS\system32\mstsc.exe
2006-08-23 10:28 38,400 D:\WINDOWS\system32\ntmsapi.dll
2006-08-23 10:28 38,400 D:\WINDOWS\system32\ntlanman.dll
2006-08-23 10:28 377,984 D:\WINDOWS\system32\ati2dvaa.dll
2006-08-23 10:28 368,710 D:\WINDOWS\system32\msisam11.dll
2006-08-23 10:28 357,376 D:\WINDOWS\system32\qdvd.dll
2006-08-23 10:28 348,195 D:\WINDOWS\system32\msjetoledb40.dll
2006-08-23 10:28 348,191 D:\WINDOWS\system32\mspbde40.dll
2006-08-23 10:28 344,095 D:\WINDOWS\system32\msxbde40.dll
2006-08-23 10:28 339,968 D:\WINDOWS\system32\mspaint.exe
2006-08-23 10:28 33,808 D:\WINDOWS\system32\ntio.sys
2006-08-23 10:28 328,704 D:\WINDOWS\system32\oakley.dll
2006-08-23 10:28 326,656 D:\WINDOWS\system32\netsetup.exe
2006-08-23 10:28 323,072 D:\WINDOWS\system32\msvcrt.dll
2006-08-23 10:28 32,768 D:\WINDOWS\system32\odbcad32.exe
2006-08-23 10:28 319,760 D:\WINDOWS\system32\msnsspc.dll
2006-08-23 10:28 319,519 D:\WINDOWS\system32\msexcl40.dll
2006-08-23 10:28 31,744 D:\WINDOWS\system32\pid.dll
2006-08-23 10:28 305,664 D:\WINDOWS\system32\msihnd.dll
2006-08-23 10:28 3,584 D:\WINDOWS\system32\dsprpres.dll
2006-08-23 10:28 3,494,303 D:\WINDOWS\system32\nv4_disp.dll
2006-08-23 10:28 266,752 D:\WINDOWS\system32\msctf.dll
2006-08-23 10:28 254,976 D:\WINDOWS\system32\pdh.dll
2006-08-23 10:28 253,983 D:\WINDOWS\system32\mstext40.dll
2006-08-23 10:28 250,368 D:\WINDOWS\system32\mstask.dll
2006-08-23 10:28 245,760 D:\WINDOWS\system32\msscp.dll
2006-08-23 10:28 241,725 D:\WINDOWS\system32\msuni11.dll
2006-08-23 10:28 241,695 D:\WINDOWS\system32\msjtes40.dll
2006-08-23 10:28 24,576 D:\WINDOWS\system32\odbcbcp.dll
2006-08-23 10:28 24,576 D:\WINDOWS\system32\nmmkcert.dll
2006-08-23 10:28 238,080 D:\WINDOWS\system32\newdev.dll
2006-08-23 10:28 229,888 D:\WINDOWS\system32\msieftp.dll
2006-08-23 10:28 228,864 D:\WINDOWS\system32\msoeacct.dll
2006-08-23 10:28 22,528 D:\WINDOWS\system32\mslbui.dll
2006-08-23 10:28 218,112 D:\WINDOWS\system32\sbe.dll
2006-08-23 10:28 213,023 D:\WINDOWS\system32\msltus40.dll
2006-08-23 10:28 212,480 D:\WINDOWS\system32\osk.exe
2006-08-23 10:28 202,496 D:\WINDOWS\system32\ati2dvag.dll
2006-08-23 10:28 200,704 D:\WINDOWS\system32\odbc32.dll
2006-08-23 10:28 2,086,400 D:\WINDOWS\system32\msi.dll
2006-08-23 10:28 192,512 D:\WINDOWS\system32\mswebdvd.dll
2006-08-23 10:28 187,904 D:\WINDOWS\system32\xpsp1res.dll
2006-08-23 10:28 184,832 D:\WINDOWS\system32\qcap.dll
2006-08-23 10:28 182,784 D:\WINDOWS\system32\msutb.dll
2006-08-23 10:28 18,944 D:\WINDOWS\system32\faxpatch.exe
2006-08-23 10:28 175,104 D:\WINDOWS\system32\mspmsp.dll
2006-08-23 10:28 172,032 D:\WINDOWS\system32\mssap.dll
2006-08-23 10:28 17,408 D:\WINDOWS\system32\psapi.dll
2006-08-23 10:28 165,888 D:\WINDOWS\system32\ntmsdba.dll
2006-08-23 10:28 16,384 D:\WINDOWS\system32\ping.exe
2006-08-23 10:28 16,384 D:\WINDOWS\system32\odbc32gt.dll
2006-08-23 10:28 16,384 D:\WINDOWS\system32\nddenb32.dll
2006-08-23 10:28 155,648 D:\WINDOWS\system32\encdec.dll
2006-08-23 10:28 154,112 D:\WINDOWS\system32\netman.dll
2006-08-23 10:28 147,456 D:\WINDOWS\system32\odbctrac.dll
2006-08-23 10:28 143,872 D:\WINDOWS\system32\msimtf.dll
2006-08-23 10:28 137,216 D:\WINDOWS\system32\ntshrui.dll
2006-08-23 10:28 131,072 D:\WINDOWS\system32\msorcl32.dll
2006-08-23 10:28 126,976 D:\WINDOWS\system32\msdart.dll
2006-08-23 10:28 122,880 D:\WINDOWS\system32\odbcconf.dll
2006-08-23 10:28 12,288 D:\WINDOWS\system32\odbcp32r.dll
2006-08-23 10:28 12,288 D:\WINDOWS\system32\mscpx32r.dll
2006-08-23 10:28 12,288 D:\WINDOWS\system32\encapi.dll
2006-08-23 10:28 116,736 D:\WINDOWS\system32\mplay32.exe
2006-08-23 10:28 115,200 D:\WINDOWS\system32\net1.exe
2006-08-23 10:28 113,664 D:\WINDOWS\system32\msvfw32.dll
2006-08-23 10:28 112,128 D:\WINDOWS\system32\ntmarta.dll
2006-08-23 10:28 110,080 D:\WINDOWS\system32\sbeio.dll
2006-08-23 10:28 109,568 D:\WINDOWS\system32\offfilt.dll
2006-08-23 10:28 105,984 D:\WINDOWS\system32\netdde.exe
2006-08-23 10:28 10,240 D:\WINDOWS\system32\msrle32.dll
2006-08-23 10:28 1,677,312 D:\WINDOWS\system32\wmvcore2.dll
2006-08-23 10:28 1,622,528 D:\WINDOWS\system32\netshell.dll
2006-08-23 10:28 1,503,262 D:\WINDOWS\system32\msjet40.dll
2006-08-23 10:28 1,220,608 D:\WINDOWS\system32\msvidctl.dll
2006-08-23 10:28 1,122,304 D:\WINDOWS\system32\msxml3.dll
2006-08-23 10:27 94,720 D:\WINDOWS\system32\dmusic.dll
2006-08-23 10:27 91,648 D:\WINDOWS\system32\iuctl.dll
2006-08-23 10:27 9,216 D:\WINDOWS\system32\icaapi.dll
2006-08-23 10:27 9,216 D:\WINDOWS\system32\dumprep.exe
2006-08-23 10:27 82,432 D:\WINDOWS\system32\fldrclnr.dll
2006-08-23 10:27 802,304 D:\WINDOWS\system32\dxmrtp.dll
2006-08-23 10:27 8,832 D:\WINDOWS\system32\framebuf.dll
2006-08-23 10:27 786,432 D:\WINDOWS\system32\dxdiag.exe
2006-08-23 10:27 77,312 D:\WINDOWS\system32\dmscript.dll
2006-08-23 10:27 76,288 D:\WINDOWS\system32\dfrgfat.exe
2006-08-23 10:27 73,728 D:\WINDOWS\system32\ils.dll
2006-08-23 10:27 70,656 D:\WINDOWS\system32\defrag.exe
2006-08-23 10:27 70,144 D:\WINDOWS\system32\cryptdlg.dll
2006-08-23 10:27 7,040 D:\WINDOWS\system32\kd1394.dll
2006-08-23 10:27 66,560 D:\WINDOWS\system32\faultrep.dll
2006-08-23 10:27 61,440 D:\WINDOWS\system32\dbnetlib.dll
2006-08-23 10:27 60,928 D:\WINDOWS\system32\ipv6.exe
2006-08-23 10:27 59,392 D:\WINDOWS\system32\iesetup.dll
2006-08-23 10:27 587,776 D:\WINDOWS\system32\inetcomm.dll
2006-08-23 10:27 58,368 D:\WINDOWS\system32\dpvsetup.exe
2006-08-23 10:27 57,856 D:\WINDOWS\system32\licwmi.dll
2006-08-23 10:27 57,344 D:\WINDOWS\system32\dmcompos.dll
2006-08-23 10:27 56,320 D:\WINDOWS\system32\dpnhupnp.dll
2006-08-23 10:27 55,296 D:\WINDOWS\system32\digest.dll
2006-08-23 10:27 53,248 D:\WINDOWS\system32\cryptsvc.dll
2006-08-23 10:27 51,712 D:\WINDOWS\system32\ipconfig.exe
2006-08-23 10:27 504,320 D:\WINDOWS\system32\logonui.exe
2006-08-23 10:27 498,205 D:\WINDOWS\system32\dxmasf.dll
2006-08-23 10:27 49,664 D:\WINDOWS\system32\ixsso.dll
2006-08-23 10:27 49,664 D:\WINDOWS\system32\dpwsockx.dll
2006-08-23 10:27 49,152 D:\WINDOWS\system32\eventlog.dll
2006-08-23 10:27 489,984 D:\WINDOWS\system32\dbghelp.dll
2006-08-23 10:27 471,040 D:\WINDOWS\system32\cryptui.dll
2006-08-23 10:27 45,568 D:\WINDOWS\system32\docprop2.dll
2006-08-23 10:27 42,537 D:\WINDOWS\system32\keyboard.sys
2006-08-23 10:27 381,440 D:\WINDOWS\system32\lmrt.dll
2006-08-23 10:27 380,445 D:\WINDOWS\system32\expsrv.dll
2006-08-23 10:27 36,922 D:\WINDOWS\system32\imeshare.dll
2006-08-23 10:27 35,328 D:\WINDOWS\system32\dfrgsnap.dll
2006-08-23 10:27 32,256 D:\WINDOWS\system32\mnmdd.dll
2006-08-23 10:27 318,464 D:\WINDOWS\system32\ippromon.dll
2006-08-23 10:27 31,744 D:\WINDOWS\system32\dmloader.dll
2006-08-23 10:27 307,712 D:\WINDOWS\system32\cscui.dll
2006-08-23 10:27 30,208 D:\WINDOWS\system32\imgutil.dll
2006-08-23 10:27 294,912 D:\WINDOWS\system32\iedkcs32.dll
2006-08-23 10:27 29,696 D:\WINDOWS\system32\dpnhpast.dll
2006-08-23 10:27 28,672 D:\WINDOWS\system32\ie4uinit.exe
2006-08-23 10:27 28,672 D:\WINDOWS\system32\dbnmpntw.dll
2006-08-23 10:27 272,896 D:\WINDOWS\system32\kerberos.dll
2006-08-23 10:27 27,648 D:\WINDOWS\system32\pidgen.dll
2006-08-23 10:27 263,680 D:\WINDOWS\system32\duser.dll
2006-08-23 10:27 263,168 D:\WINDOWS\system32\devmgr.dll
2006-08-23 10:27 26,112 D:\WINDOWS\system32\dmband.dll
2006-08-23 10:27 253,440 D:\WINDOWS\system32\ddraw.dll
2006-08-23 10:27 25,600 D:\WINDOWS\system32\dfsshlex.dll
2006-08-23 10:27 240,640 D:\WINDOWS\system32\hnetcfg.dll
2006-08-23 10:27 24,576 D:\WINDOWS\system32\dbmsvinn.dll
2006-08-23 10:27 24,576 D:\WINDOWS\system32\dbmsrpcn.dll
2006-08-23 10:27 236,032 D:\WINDOWS\system32\icm32.dll
2006-08-23 10:27 227,840 D:\WINDOWS\system32\dsquery.dll
2006-08-23 10:27 219,648 D:\WINDOWS\system32\logon.scr
2006-08-23 10:27 210,944 D:\WINDOWS\system32\moricons.dll
2006-08-23 10:27 206,336 D:\WINDOWS\system32\dpvoice.dll
2006-08-23 10:27 204,288 D:\WINDOWS\system32\ieaksie.dll
2006-08-23 10:27 20,480 D:\WINDOWS\system32\dbmsadsn.dll
2006-08-23 10:27 196,096 D:\WINDOWS\system32\mobsync.dll
2006-08-23 10:27 19,456 D:\WINDOWS\system32\licmgr10.dll
2006-08-23 10:27 19,456 D:\WINDOWS\system32\fontview.exe
2006-08-23 10:27 19,456 D:\WINDOWS\system32\ersvc.dll
2006-08-23 10:27 180,224 D:\WINDOWS\system32\dwwin.exe
2006-08-23 10:27 178,688 D:\WINDOWS\system32\eudcedit.exe
2006-08-23 10:27 172,544 D:\WINDOWS\system32\dmime.dll
2006-08-23 10:27 168,960 D:\WINDOWS\system32\dinput8.dll
2006-08-23 10:27 165,376 D:\WINDOWS\system32\els.dll
2006-08-23 10:27 163,840 D:\WINDOWS\system32\mindex.dll
2006-08-23 10:27 16,384 D:\WINDOWS\system32\ds32gt.dll
2006-08-23 10:27 156,672 D:\WINDOWS\system32\dpnet.dll
2006-08-23 10:27 155,648 D:\WINDOWS\system32\ipsecsvc.dll
2006-08-23 10:27 151,552 D:\WINDOWS\system32\dinput.dll
2006-08-23 10:27 135,680 D:\WINDOWS\system32\dsprop.dll
2006-08-23 10:27 134,144 D:\WINDOWS\system32\ipv6mon.dll
2006-08-23 10:27 13,312 D:\WINDOWS\system32\ctfmon.exe
2006-08-23 10:27 126,976 D:\WINDOWS\system32\ieakeng.dll
2006-08-23 10:27 124,928 D:\WINDOWS\system32\dssenh.dll
2006-08-23 10:27 123,904 D:\WINDOWS\system32\imapi.exe
2006-08-23 10:27 115,200 D:\WINDOWS\system32\dpcdll.dll
2006-08-23 10:27 114,176 D:\WINDOWS\system32\input.dll
2006-08-23 10:27 113,152 D:\WINDOWS\system32\idq.dll
2006-08-23 10:27 113,152 D:\WINDOWS\system32\dfrgui.dll
2006-08-23 10:27 110,080 D:\WINDOWS\system32\dmstyle.dll
2006-08-23 10:27 103,936 D:\WINDOWS\system32\imm32.dll
2006-08-23 10:27 103,424 D:\WINDOWS\system32\dgnet.dll
2006-08-23 10:27 10,240 D:\WINDOWS\system32\localui.dll
2006-08-23 10:27 1,180,672 D:\WINDOWS\system32\d3d8.dll
2006-08-23 10:27 1,128,960 D:\WINDOWS\system32\mmcndmgr.dll
2006-08-23 10:27 1,004,032 D:\WINDOWS\explorer.exe
2006-08-23 10:26 98,816 D:\WINDOWS\system32\clipbrd.exe
2006-08-23 10:26 91,648 D:\WINDOWS\system32\ahui.exe
2006-08-23 10:26 91,136 D:\WINDOWS\system32\advpack.dll
2006-08-23 10:26 8,192 D:\WINDOWS\system32\autolfn.exe
2006-08-23 10:26 76,288 D:\WINDOWS\system32\avifil32.dll
2006-08-23 10:26 74,810 D:\WINDOWS\system32\atl.dll
2006-08-23 10:26 71,680 D:\WINDOWS\system32\browsewm.dll
2006-08-23 10:26 64,512 D:\WINDOWS\system32\ciodm.dll
2006-08-23 10:26 62,976 D:\WINDOWS\system32\browselc.dll
2006-08-23 10:26 62,464 D:\WINDOWS\system32\adsmsext.dll
2006-08-23 10:26 6,656 D:\WINDOWS\system32\batt.dll
2006-08-23 10:26 59,904 D:\WINDOWS\system32\cabinet.dll
2006-08-23 10:26 59,392 D:\WINDOWS\system32\6to4svc.dll
2006-08-23 10:26 54,272 D:\WINDOWS\system32\clusapi.dll
2006-08-23 10:26 5,120 D:\WINDOWS\system32\asferror.dll
2006-08-23 10:26 49,152 D:\WINDOWS\system32\browser.dll
2006-08-23 10:26 41,984 D:\WINDOWS\system32\alg.exe
2006-08-23 10:26 41,472 D:\WINDOWS\system32\cmdl32.exe
2006-08-23 10:26 38,912 D:\WINDOWS\system32\audiosrv.dll
2006-08-23 10:26 324,608 D:\WINDOWS\system32\cmdial32.dll
2006-08-23 10:26 32,768 D:\WINDOWS\system32\cfgbkend.dll
2006-08-23 10:26 24,576 D:\WINDOWS\system32\conime.exe
2006-08-23 10:26 239,616 D:\WINDOWS\system32\adsnt.dll
2006-08-23 10:26 238,592 D:\WINDOWS\system32\compatui.dll
2006-08-23 10:26 22,528 D:\WINDOWS\system32\at.exe
2006-08-23 10:26 186,880 D:\WINDOWS\system32\certcli.dll
2006-08-23 10:26 179,712 D:\WINDOWS\system32\cewmdm.dll
2006-08-23 10:26 162,816 D:\WINDOWS\system32\adsldp.dll
2006-08-23 10:26 158,720 D:\WINDOWS\system32\credui.dll
2006-08-23 10:26 14,366 D:\WINDOWS\system32\asfsipc.dll
2006-08-23 10:26 139,776 D:\WINDOWS\system32\adsldpc.dll
2006-08-23 10:26 115,712 D:\WINDOWS\system32\apphelp.dll
2006-08-22 16:52 159,744 D:\WINDOWS\win32092142548621.exe
2006-08-21 12:55 32,573 D:\WINDOWS\system32\adrot-uninst.exe
2006-08-21 08:36 78,848 D:\WINDOWS\system32\nspE7.dll
2006-08-21 07:47 58,880 D:\WINDOWS\system32\adrotate.dll
2006-08-19 22:16 32,768 D:\setup.exe
2006-08-19 21:21 224 D:\n.bat
2006-08-19 17:27 106,496 D:\WINDOWS\Duce6.exe
2006-08-19 17:26 1,167 D:\WINDOWS\system32\hov3ee5e.sys
2006-08-19 17:25 214,748 D:\WINDOWS\Setup90.exe
2006-08-19 17:25 115,157 D:\WINDOWS\Justin.exe
2006-08-19 17:16 25,624 D:\WINDOWS\system32\dr.exe
2006-08-19 17:16 224 D:\WINDOWS\system32\n.bat
2006-08-19 17:15 137,432 D:\WINDOWS\system32\install.exe
2006-08-19 17:12 0 D:\WINDOWS\system32\taskkill.exe
2006-08-19 17:12 0 D:\WINDOWS\b.exe
2006-08-10 15:50 45,056 D:\WINDOWS\system32\Icam5com.dll
2006-08-10 15:50 20,480 D:\WINDOWS\system32\Icam5EXT.dll
2006-08-10 15:36 75,776 D:\WINDOWS\system32\CNBJMON2.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-23 21:10 -------- d-------- D:\Program Files\Hijackthis
2006-08-23 21:04 -------- d-------- D:\Program Files\Mozilla Firefox
2006-08-23 21:00 -------- d-a-s---- D:\Program Files\NewDotNet
2006-08-23 18:43 183296 --a-s---- D:\WINDOWS\NDNuninstall7_22.exe
2006-08-23 18:40 8464 --a------ D:\WINDOWS\system32\sporder.dll
2006-08-23 18:40 50688 --a-s---- D:\WINDOWS\NDNuninstall6_38.exe
2006-08-23 18:33 -------- d-------- D:\Program Files\Spyware Doctor
2006-08-23 18:31 -------- d-------- D:\Documents and Settings\John M\Application Data\PC Tools
2006-08-23 11:18 -------- d-------- D:\Program Files\Messenger
2006-08-23 11:18 -------- d-------- D:\Program Files\Internet Explorer
2006-08-23 11:08 -------- d-------- D:\Program Files\NetMeeting
2006-08-23 10:49 -------- d-------- D:\Program Files\Movie Maker
2006-08-23 10:48 -------- d-------- D:\Program Files\Windows Media Player
2006-08-23 10:48 -------- d-------- D:\Program Files\Outlook Express
2006-08-23 10:48 -------- d-------- D:\Program Files\Common Files\System
2006-08-23 08:58 32573 --a------ D:\WINDOWS\system32\adrot-uninst.exe
2006-08-23 08:55 -------- d-------- D:\Program Files\ewido anti-spyware 4.0
2006-08-22 16:56 -------- d-------- D:\Program Files\CCleaner
2006-08-22 16:52 159744 --a------ D:\WINDOWS\win32092142548621.exe
2006-08-22 15:28 106496 --a------ D:\WINDOWS\Duce6.exe
2006-08-22 15:11 -------- d-------- D:\Program Files\Common Files
2006-08-22 11:42 -------- d-------- D:\Program Files\NoAdware4
2006-08-21 12:45 -------- d-------- D:\Documents and Settings\John M\Application Data\Lavasoft
2006-08-21 08:36 78848 --a------ D:\WINDOWS\system32\nspE7.dll
2006-08-21 07:47 58880 --a------ D:\WINDOWS\system32\adrotate.dll
2006-08-20 00:34 -------- d-------- D:\Program Files\Common Files\fzko
2006-08-20 00:34 -------- d-------- D:\Program Files\Common Files\eAcceleration
2006-08-19 23:43 -------- d-------- D:\Program Files\topMoxie
2006-08-19 23:42 -------- d-------- D:\Program Files\SaveNow
2006-08-19 23:28 -------- d-------- D:\Program Files\ComPlus Applications
2006-08-19 22:27 224 --a------ D:\n.bat
2006-08-19 22:26 32768 --a------ D:\setup.exe
2006-08-19 22:26 1167 --a------ D:\WINDOWS\system32\hov3ee5e.sys
2006-08-19 18:47 -------- d---s---- D:\Documents and Settings\John M\Application Data\Microsoft
2006-08-19 17:25 214748 --a------ D:\WINDOWS\Setup90.exe
2006-08-19 17:25 115157 --a------ D:\WINDOWS\Justin.exe
2006-08-19 17:16 25624 --a------ D:\WINDOWS\system32\dr.exe
2006-08-19 17:16 224 --a------ D:\WINDOWS\system32\n.bat
2006-08-19 17:15 137432 --a------ D:\WINDOWS\system32\install.exe
2006-08-19 17:12 0 --a------ D:\WINDOWS\system32\taskkill.exe
2006-08-19 17:12 0 --a------ D:\WINDOWS\b.exe
2006-08-17 12:32 -------- d-------- D:\Program Files\America Online 9.0
2006-08-17 12:32 -------- d-------- D:\Documents and Settings\John M\Application Data\Help
2006-08-17 10:34 -------- d-------- D:\Program Files\PartyGaming
2006-08-10 16:14 -------- d-------- D:\Program Files\Common Files\Adobe
2006-07-29 16:34 -------- d-------- D:\Documents and Settings\John M\Application Data\Real
2006-07-29 16:32 -------- d-------- D:\Program Files\Common Files\xing shared
2006-07-29 16:32 -------- d-------- D:\Program Files\Common Files\Real
2006-07-10 16:38 51072 --a------ D:\WINDOWS\system32\drivers\ikhlayer.sys
2006-07-10 16:38 30592 --a------ D:\WINDOWS\system32\drivers\ikhfile.sys
2006-05-16 23:20 17 --a------ D:\Program Files\d.bat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"AOLDialer"="D:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"D:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"Pure Networks Port Magic"="\"D:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"hov3ee5e"="RUNDLL32.EXE w0045e67.dll,n 0033ee5b000000020045e67"
"!ewido"="\"D:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"win32092142548621"="D:\\WINDOWS\\win32092142548621.exe"
"adstart"="\"iexplore.exe\" \"http://iesettingsupdate\""
"New.net Startup"="rundll32 D:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="D:\\Program Files\\Outlook Express\\kyzererop.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="D:\\Program Files\\ComPlus Applications\\howyp.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,d2,03,00,00,23,00,00,00,1c,01,00,00,27,01,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Completion time: Wed 08/23/2006 21:15:27.55
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Very good! Now let's get rid of some of this junk for you.


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    D:\WINDOWS\system32\adrot-uninst.exe
    D:\WINDOWS\win32092142548621.exe
    D:\WINDOWS\Duce6.exe
    D:\WINDOWS\system32\nspE7.dll
    D:\WINDOWS\system32\adrotate.dll
    D:\n.bat
    D:\setup.exe
    D:\WINDOWS\system32\hov3ee5e.sys
    D:\WINDOWS\Setup90.exe
    D:\WINDOWS\Justin.exe
    D:\WINDOWS\system32\dr.exe
    D:\WINDOWS\system32\n.bat
    D:\WINDOWS\system32\install.exe
    D:\WINDOWS\system32\taskkill.exe
    D:\WINDOWS\b.exe
    D:\Program Files\d.bat




  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.

============



I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

  • 0

#7
MarkInCali

MarkInCali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok... deleted the files you told me to delete from Killbox, however I did not get the message PendingFileRenameOperations prompt. My computer rebooted on its own, and here is the log from the killbox.

Pocket Killbox version
Running on Windows XP as John M(Administrator)
was started @ Tuesday, August 22, 2006, 4:08 PM

Killbox Closed(Exit) @ 4:10:01 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as John M(Administrator)
was started @ Tuesday, August 22, 2006, 4:17 PM

Killbox Closed(Exit) @ 4:18:20 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as John M(Administrator)
was started @ Thursday, August 24, 2006, 8:03 PM

# 1 [Delete on Reboot]
Path = D:\WINDOWS\system32\adrot-uninst.exe


# 2 [Delete on Reboot]
Path = D:\WINDOWS\win32092142548621.exe


# 3 [Delete on Reboot]
Path = D:\WINDOWS\Duce6.exe


# 4 [Delete on Reboot]
Path = D:\WINDOWS\system32\nspE7.dll


# 5 [Delete on Reboot]
Path = D:\WINDOWS\system32\adrotate.dll


# 6 [Delete on Reboot]
Path = D:\n.bat


# 7 [Delete on Reboot]
Path = D:\setup.exe


# 8 [Delete on Reboot]
Path = D:\WINDOWS\system32\hov3ee5e.sys


# 9 [Delete on Reboot]
Path = D:\WINDOWS\Setup90.exe


# 10 [Delete on Reboot]
Path = D:\WINDOWS\Justin.exe


# 11 [Delete on Reboot]
Path = D:\WINDOWS\system32\dr.exe


# 12 [Delete on Reboot]
Path = D:\WINDOWS\system32\n.bat


# 13 [Delete on Reboot]
Path = D:\WINDOWS\system32\install.exe


# 14 [Delete on Reboot]
Path = D:\WINDOWS\system32\taskkill.exe


# 15 [Delete on Reboot]
Path = D:\WINDOWS\b.exe


# 16 [Delete on Reboot]
Path = D:\Program Files\d.bat


I Rebooted @ 8:04:40 PM
Killbox Closed(Exit) @ 8:04:52 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as John M(Administrator)
was started @ Thursday, August 24, 2006, 8:20 PM

Killbox Closed(Exit) @ 8:24:45 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as John M(Administrator)
was started @ Thursday, August 24, 2006, 8:31 PM

And here is the new Hijackthis log

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL You've Got Pictures Screensaver
CCleaner (remove only)
Comcast High-Speed Internet Install Wizard
ComcastSUPPORT
Enhanced Browser Overlay
ewido anti-spyware 4.0
Hijackthis 1.99.1
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_05
LimeWire 4.10.9
Mozilla Firefox (1.5.0.6)
PartyBingo
PartyCasino
PartyGammon
PartyPoker
Pure Networks Port Magic
QuickTime
RealPlayer
Spyware Doctor 4.0
Viewpoint Media Player
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817606
Windows XP Service Pack 1a
Yahoo! Toolbar
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
There's a few easy ones for us.


Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Enhanced Browser Overlay
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_05
Viewpoint Media Player



==========


The current version of Java can be downloaded from http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 8' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.



==========


First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To get rid of New.net we are going to run it's uninstall procedure. Please locate and double click on these files, one at a time.

D:\WINDOWS\NDNuninstall7_22.exe

D:\WINDOWS\NDNuninstall6_38.exe


It's possible that the second one will be gone after running the first one. Or it may not work if the program is completely uninstalled already. Once the uninstallation is complete, delete both of these files.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.


==========


Reboot your computer and post a new hijackthis log(like the initial log that you posted).
  • 0

#9
MarkInCali

MarkInCali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Heres the new Hijackthis file

Logfile of HijackThis v1.99.1
Scan saved at 1:23:26 PM, on 8/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\LimeWire\LimeWire.exe
D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AOL Companion\companion.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DDE4B80-376C-4968-88BF-65B7CA07D94E} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - D:\WINDOWS\System32\nspE7.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "D:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hov3ee5e] RUNDLL32.EXE w0045e67.dll,n 0033ee5b000000020045e67
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [win32092142548621] D:\WINDOWS\win32092142548621.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [TheMonitor] D:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096768316012
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nu.../FIX/WinATS.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
It looks better every time I see it. :whistling:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {1DDE4B80-376C-4968-88BF-65B7CA07D94E} - (no file)
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - D:\WINDOWS\System32\nspE7.dll (file missing)
O4 - HKLM\..\Run: [hov3ee5e] RUNDLL32.EXE w0045e67.dll,n 0033ee5b000000020045e67
O4 - HKLM\..\Run: [win32092142548621] D:\WINDOWS\win32092142548621.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [TheMonitor] D:\WINDOWS\Duce6.exe
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nu.../FIX/WinATS.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)



Reboot your computer.


Please post a new hijackthis log and a new log from Combofix.
  • 0

Advertisements


#11
MarkInCali

MarkInCali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yes, its getting better after every step :whistling:


There were two files I couldnt find on the Hijackthis program to fix. They are......


O4 - HKLM\..\Run: [win32092142548621] D:\WINDOWS\win32092142548621.exe

O4 - HKLM\..\Run: [TheMonitor] D:\WINDOWS\Duce6.exe

Here is the new Hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 9:29:44 AM, on 8/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\AOL Companion\companion.exe
D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "D:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096768316012
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe


And heres the new combofix log....

John M - 06-08-26 9:30:12.40
ComboFix 06.08.18 - Running from: D:\Documents and Settings\John M\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-26 to 2006-08-26 ))))))))))))))))))))))))))))))))))


2006-08-25 12:28 22,752 D:\WINDOWS\system32\spupdsvc.exe
2006-08-23 18:43 183,296 D:\WINDOWS\NDNuninstall7_22.exe
2006-08-23 18:40 8,464 D:\WINDOWS\system32\sporder.dll
2006-08-23 10:30 9,216 D:\WINDOWS\system32\wuauserv.dll
2006-08-23 10:30 86,528 D:\WINDOWS\system32\wlnotify.dll
2006-08-23 10:30 86,016 D:\WINDOWS\system32\xactsrv.dll
2006-08-23 10:30 77,824 D:\WINDOWS\system32\wmpstub.exe
2006-08-23 10:30 77,824 D:\WINDOWS\system32\wmpshell.dll
2006-08-23 10:30 56,832 D:\WINDOWS\system32\wzcdlg.dll
2006-08-23 10:30 51,200 D:\WINDOWS\system32\wmerrenu.dll
2006-08-23 10:30 48,128 D:\WINDOWS\system32\winsta.dll
2006-08-23 10:30 446,464 D:\WINDOWS\system32\wmvdmoe.dll
2006-08-23 10:30 38,912 D:\WINDOWS\system32\wsnmp32.dll
2006-08-23 10:30 311,327 D:\WINDOWS\system32\wmv8dmod.dll
2006-08-23 10:30 296,448 D:\WINDOWS\system32\wmstream.dll
2006-08-23 10:30 266,752 D:\WINDOWS\winhlp32.exe
2006-08-23 10:30 264,704 D:\WINDOWS\system32\wzcsvc.dll
2006-08-23 10:30 253,952 D:\WINDOWS\system32\wmpcd.dll
2006-08-23 10:30 247,808 D:\WINDOWS\system32\wow32.dll
2006-08-23 10:30 23,552 D:\WINDOWS\system32\wzcsapi.dll
2006-08-23 10:30 172,664 D:\WINDOWS\system32\xenroll.dll
2006-08-23 10:30 171,520 D:\WINDOWS\system32\winmm.dll
2006-08-23 10:30 17,408 D:\WINDOWS\system32\wtsapi32.dll
2006-08-23 10:30 168,448 D:\WINDOWS\system32\wldap32.dll
2006-08-23 10:30 13,312 D:\WINDOWS\system32\wship6.dll
2006-08-23 10:30 118,784 D:\WINDOWS\system32\wmsdmoe.dll
2006-08-23 10:30 1,998,848 D:\WINDOWS\system32\wmploc.dll
2006-08-23 10:30 1,425,680 D:\WINDOWS\system32\wmpui.dll
2006-08-23 10:30 1,298,432 D:\WINDOWS\system32\wmpcore.dll
2006-08-23 10:29 91,136 D:\WINDOWS\system32\rastls.dll
2006-08-23 10:29 88,064 D:\WINDOWS\system32\tscfgwmi.dll
2006-08-23 10:29 87,304 D:\WINDOWS\system32\rdpdd.dll
2006-08-23 10:29 82,944 D:\WINDOWS\system32\smlogsvc.exe
2006-08-23 10:29 81,920 D:\WINDOWS\system32\trkwks.dll
2006-08-23 10:29 8,192 D:\WINDOWS\system32\scrnsave.scr
2006-08-23 10:29 75,912 D:\WINDOWS\system32\rdpwsx.dll
2006-08-23 10:29 74,240 D:\WINDOWS\system32\rtcshare.exe
2006-08-23 10:29 72,192 D:\WINDOWS\system32\telnet.exe
2006-08-23 10:29 71,168 D:\WINDOWS\system32\storprop.dll
2006-08-23 10:29 71,168 D:\WINDOWS\system32\sdbinst.exe
2006-08-23 10:29 667,648 D:\WINDOWS\system32\ss3dfo.scr
2006-08-23 10:29 66,560 D:\WINDOWS\system32\spoolss.dll
2006-08-23 10:29 66,048 D:\WINDOWS\system32\sigverif.exe
2006-08-23 10:29 638,976 D:\WINDOWS\system32\sstext3d.scr
2006-08-23 10:29 63,488 D:\WINDOWS\system32\srclient.dll
2006-08-23 10:29 62,976 D:\WINDOWS\system32\shgina.dll
2006-08-23 10:29 61,952 D:\WINDOWS\system32\webclnt.dll
2006-08-23 10:29 61,952 D:\WINDOWS\system32\sti.dll
2006-08-23 10:29 60,416 D:\WINDOWS\system32\wextract.exe
2006-08-23 10:29 60,416 D:\WINDOWS\system32\shimeng.dll
2006-08-23 10:29 6,144 D:\WINDOWS\system32\sensapi.dll
2006-08-23 10:29 57,856 D:\WINDOWS\system32\raschap.dll
2006-08-23 10:29 569,344 D:\WINDOWS\system32\sspipes.scr
2006-08-23 10:29 56,320 D:\WINDOWS\system32\remotepg.dll
2006-08-23 10:29 534,016 D:\WINDOWS\system32\spider.exe
2006-08-23 10:29 52,224 D:\WINDOWS\system32\secur32.dll
2006-08-23 10:29 49,664 D:\WINDOWS\system32\vfwwdm32.dll
2006-08-23 10:29 48,640 D:\WINDOWS\system32\vdmredir.dll
2006-08-23 10:29 48,128 D:\WINDOWS\system32\reg.exe
2006-08-23 10:29 479,261 D:\WINDOWS\system32\vbscript.dll
2006-08-23 10:29 47,616 D:\WINDOWS\system32\utilman.exe
2006-08-23 10:29 44,032 D:\WINDOWS\system32\regapi.dll
2006-08-23 10:29 44,032 D:\WINDOWS\system32\rdpclip.exe
2006-08-23 10:29 43,008 D:\WINDOWS\system32\ssdpsrv.dll
2006-08-23 10:29 423,424 D:\WINDOWS\system32\riched20.dll
2006-08-23 10:29 420,864 D:\WINDOWS\system32\shimgvw.dll
2006-08-23 10:29 409,088 D:\WINDOWS\system32\vssapi.dll
2006-08-23 10:29 40,960 D:\WINDOWS\system32\tscupgrd.exe
2006-08-23 10:29 385,024 D:\WINDOWS\system32\sqlsrv32.dll
2006-08-23 10:29 384,000 D:\WINDOWS\system32\themeui.dll
2006-08-23 10:29 364,544 D:\WINDOWS\system32\ssflwbox.scr
2006-08-23 10:29 36,352 D:\WINDOWS\system32\sens.dll
2006-08-23 10:29 34,304 D:\WINDOWS\system32\rcimlby.exe
2006-08-23 10:29 339,456 D:\WINDOWS\system32\usp10.dll
2006-08-23 10:29 334,848 D:\WINDOWS\system32\smlogcfg.dll
2006-08-23 10:29 33,280 D:\WINDOWS\system32\shmgrate.exe
2006-08-23 10:29 32,256 D:\WINDOWS\system32\umandlg.dll
2006-08-23 10:29 316,416 D:\WINDOWS\system32\wiaservc.dll
2006-08-23 10:29 3,338 D:\WINDOWS\system32\redir.exe
2006-08-23 10:29 297,984 D:\WINDOWS\system32\scesrv.dll
2006-08-23 10:29 27,136 D:\WINDOWS\system32\ssdpapi.dll
2006-08-23 10:29 258,048 D:\WINDOWS\system32\webcheck.dll
2006-08-23 10:29 251,904 D:\WINDOWS\system32\strmdll.dll
2006-08-23 10:29 24,064 D:\WINDOWS\system32\skeys.exe
2006-08-23 10:29 233,984 D:\WINDOWS\system32\tapisrv.dll
2006-08-23 10:29 231,424 D:\WINDOWS\system32\upnpui.dll
2006-08-23 10:29 22,528 D:\WINDOWS\system32\slayerxp.dll
2006-08-23 10:29 22,528 D:\WINDOWS\system32\shfolder.dll
2006-08-23 10:29 22,016 D:\WINDOWS\system32\udhisapi.dll
2006-08-23 10:29 203,264 D:\WINDOWS\system32\uxtheme.dll
2006-08-23 10:29 200,192 D:\WINDOWS\system32\termsrv.dll
2006-08-23 10:29 20,992 D:\WINDOWS\system32\setup.exe
2006-08-23 10:29 193,536 D:\WINDOWS\system32\rasppp.dll
2006-08-23 10:29 19,456 D:\WINDOWS\system32\ssmarque.scr
2006-08-23 10:29 18,944 D:\WINDOWS\system32\ssbezier.scr
2006-08-23 10:29 174,592 D:\WINDOWS\system32\scecli.dll
2006-08-23 10:29 171,008 D:\WINDOWS\system32\sccsccp.dll
2006-08-23 10:29 17,408 D:\WINDOWS\system32\ssmyst.scr
2006-08-23 10:29 169,984 D:\WINDOWS\system32\sccbase.dll
2006-08-23 10:29 165,376 D:\WINDOWS\system32\w32time.dll
2006-08-23 10:29 165,376 D:\WINDOWS\system32\tapi32.dll
2006-08-23 10:29 164,864 D:\WINDOWS\system32\upnphost.dll
2006-08-23 10:29 16,896 D:\WINDOWS\system32\snmpapi.dll
2006-08-23 10:29 16,384 D:\WINDOWS\system32\watchdog.sys
2006-08-23 10:29 16,384 D:\WINDOWS\system32\ups.exe
2006-08-23 10:29 159,232 D:\WINDOWS\system32\schedsvc.dll
2006-08-23 10:29 158,720 D:\WINDOWS\system32\srsvc.dll
2006-08-23 10:29 14,848 D:\WINDOWS\system32\rdpsnd.dll
2006-08-23 10:29 135,680 D:\WINDOWS\system32\rdchost.dll
2006-08-23 10:29 134,144 D:\WINDOWS\regedit.exe
2006-08-23 10:29 133,632 D:\WINDOWS\system32\rsaenh.dll
2006-08-23 10:29 133,120 D:\WINDOWS\system32\sfc_os.dll
2006-08-23 10:29 130,560 D:\WINDOWS\system32\sti_ci.dll
2006-08-23 10:29 13,824 D:\WINDOWS\system32\rassapi.dll
2006-08-23 10:29 13,312 D:\WINDOWS\system32\ssstars.scr
2006-08-23 10:29 128,512 D:\WINDOWS\system32\taskmgr.exe
2006-08-23 10:29 124,928 D:\WINDOWS\system32\webvw.dll
2006-08-23 10:29 120,320 D:\WINDOWS\system32\upnp.dll
2006-08-23 10:29 12,800 D:\WINDOWS\system32\runonce.exe
2006-08-23 10:29 12,288 D:\WINDOWS\system32\rdsaddin.exe
2006-08-23 10:29 119,808 D:\WINDOWS\system32\wiadss.dll
2006-08-23 10:29 117,760 D:\WINDOWS\system32\stobject.dll
2006-08-23 10:29 116,224 D:\WINDOWS\system32\shsvcs.dll
2006-08-23 10:29 11,776 D:\WINDOWS\system32\sigtab.dll
2006-08-23 10:29 106,496 D:\WINDOWS\system32\url.dll
2006-08-23 10:29 10,752 D:\WINDOWS\system32\tracert.exe
2006-08-23 10:29 1,349,120 D:\WINDOWS\system32\query.dll
2006-08-23 10:29 1,157,632 D:\WINDOWS\system32\sfcfiles.dll
2006-08-23 10:28 98,304 D:\WINDOWS\system32\oleprn.dll
2006-08-23 10:28 95,744 D:\WINDOWS\system32\nlhtml.dll
2006-08-23 10:28 94,208 D:\WINDOWS\system32\odbccp32.dll
2006-08-23 10:28 921,475 D:\WINDOWS\system32\ati3d2ag.dll
2006-08-23 10:28 91,136 D:\WINDOWS\system32\MSOERT2.DLL
2006-08-23 10:28 9,728 D:\WINDOWS\system32\mstinit.exe
2006-08-23 10:28 857,600 D:\WINDOWS\system32\netplwiz.dll
2006-08-23 10:28 844,675 D:\WINDOWS\system32\ati3d1ag.dll
2006-08-23 10:28 82,944 D:\WINDOWS\system32\psbase.dll
2006-08-23 10:28 78,848 D:\WINDOWS\system32\msiexec.exe
2006-08-23 10:28 699,392 D:\WINDOWS\system32\msxml2.dll
2006-08-23 10:28 686,080 D:\WINDOWS\system32\opengl32.dll
2006-08-23 10:28 67,584 D:\WINDOWS\system32\msctfp.dll
2006-08-23 10:28 65,536 D:\WINDOWS\system32\msconf.dll
2006-08-23 10:28 61,440 D:\WINDOWS\system32\odbccu32.dll
2006-08-23 10:28 61,440 D:\WINDOWS\system32\odbccr32.dll
2006-08-23 10:28 598,016 D:\WINDOWS\system32\mstscax.dll
2006-08-23 10:28 584,192 D:\WINDOWS\system32\netcfgx.dll
2006-08-23 10:28 58,880 D:\WINDOWS\system32\pautoenr.dll
2006-08-23 10:28 56,320 D:\WINDOWS\system32\mshtmler.dll
2006-08-23 10:28 552,991 D:\WINDOWS\system32\msrepl40.dll
2006-08-23 10:28 53,248 D:\WINDOWS\system32\packager.exe
2006-08-23 10:28 53,248 D:\WINDOWS\system32\odbcconf.exe
2006-08-23 10:28 512,031 D:\WINDOWS\system32\msexch40.dll
2006-08-23 10:28 511,488 D:\WINDOWS\system32\qedit.dll
2006-08-23 10:28 504,832 D:\WINDOWS\system32\msftedit.dll
2006-08-23 10:28 5,120 D:\WINDOWS\system32\hccoin.dll
2006-08-23 10:28 49,152 D:\WINDOWS\system32\npptools.dll
2006-08-23 10:28 421,919 D:\WINDOWS\system32\msrd2x40.dll
2006-08-23 10:28 42,496 D:\WINDOWS\system32\ncobjapi.dll
2006-08-23 10:28 403,456 D:\WINDOWS\system32\winbrand.dll
2006-08-23 10:28 401,462 D:\WINDOWS\system32\msvcp60.dll
2006-08-23 10:28 4,608 D:\WINDOWS\system32\msimg32.dll
2006-08-23 10:28 4,126 D:\WINDOWS\system32\msdxmlc.dll
2006-08-23 10:28 399,360 D:\WINDOWS\system32\netlogon.dll
2006-08-23 10:28 392,704 D:\WINDOWS\system32\ntmssvc.dll
2006-08-23 10:28 39,424 D:\WINDOWS\system32\net.exe
2006-08-23 10:28 388,608 D:\WINDOWS\system32\mstsc.exe
2006-08-23 10:28 38,400 D:\WINDOWS\system32\ntmsapi.dll
2006-08-23 10:28 38,400 D:\WINDOWS\system32\ntlanman.dll
2006-08-23 10:28 377,984 D:\WINDOWS\system32\ati2dvaa.dll
2006-08-23 10:28 368,710 D:\WINDOWS\system32\msisam11.dll
2006-08-23 10:28 357,376 D:\WINDOWS\system32\qdvd.dll
2006-08-23 10:28 348,195 D:\WINDOWS\system32\msjetoledb40.dll
2006-08-23 10:28 348,191 D:\WINDOWS\system32\mspbde40.dll
2006-08-23 10:28 344,095 D:\WINDOWS\system32\msxbde40.dll
2006-08-23 10:28 339,968 D:\WINDOWS\system32\mspaint.exe
2006-08-23 10:28 33,808 D:\WINDOWS\system32\ntio.sys
2006-08-23 10:28 328,704 D:\WINDOWS\system32\oakley.dll
2006-08-23 10:28 326,656 D:\WINDOWS\system32\netsetup.exe
2006-08-23 10:28 323,072 D:\WINDOWS\system32\msvcrt.dll
2006-08-23 10:28 32,768 D:\WINDOWS\system32\odbcad32.exe
2006-08-23 10:28 319,760 D:\WINDOWS\system32\msnsspc.dll
2006-08-23 10:28 319,519 D:\WINDOWS\system32\msexcl40.dll
2006-08-23 10:28 31,744 D:\WINDOWS\system32\pid.dll
2006-08-23 10:28 3,584 D:\WINDOWS\system32\dsprpres.dll
2006-08-23 10:28 3,494,303 D:\WINDOWS\system32\nv4_disp.dll
2006-08-23 10:28 271,360 D:\WINDOWS\system32\msihnd.dll
2006-08-23 10:28 266,752 D:\WINDOWS\system32\msctf.dll
2006-08-23 10:28 254,976 D:\WINDOWS\system32\pdh.dll
2006-08-23 10:28 253,983 D:\WINDOWS\system32\mstext40.dll
2006-08-23 10:28 250,368 D:\WINDOWS\system32\mstask.dll
2006-08-23 10:28 245,760 D:\WINDOWS\system32\msscp.dll
2006-08-23 10:28 241,725 D:\WINDOWS\system32\msuni11.dll
2006-08-23 10:28 241,695 D:\WINDOWS\system32\msjtes40.dll
2006-08-23 10:28 24,576 D:\WINDOWS\system32\odbcbcp.dll
2006-08-23 10:28 24,576 D:\WINDOWS\system32\nmmkcert.dll
2006-08-23 10:28 238,080 D:\WINDOWS\system32\newdev.dll
2006-08-23 10:28 229,888 D:\WINDOWS\system32\msieftp.dll
2006-08-23 10:28 229,376 D:\WINDOWS\system32\MSOEACCT.DLL
2006-08-23 10:28 22,528 D:\WINDOWS\system32\mslbui.dll
2006-08-23 10:28 218,112 D:\WINDOWS\system32\sbe.dll
2006-08-23 10:28 213,023 D:\WINDOWS\system32\msltus40.dll
2006-08-23 10:28 212,480 D:\WINDOWS\system32\osk.exe
2006-08-23 10:28 202,496 D:\WINDOWS\system32\ati2dvag.dll
2006-08-23 10:28 200,704 D:\WINDOWS\system32\odbc32.dll
2006-08-23 10:28 2,890,240 D:\WINDOWS\system32\msi.dll
2006-08-23 10:28 192,512 D:\WINDOWS\system32\mswebdvd.dll
2006-08-23 10:28 187,904 D:\WINDOWS\system32\xpsp1res.dll
2006-08-23 10:28 184,832 D:\WINDOWS\system32\qcap.dll
2006-08-23 10:28 182,784 D:\WINDOWS\system32\msutb.dll
2006-08-23 10:28 18,944 D:\WINDOWS\system32\faxpatch.exe
2006-08-23 10:28 175,104 D:\WINDOWS\system32\mspmsp.dll
2006-08-23 10:28 172,032 D:\WINDOWS\system32\mssap.dll
2006-08-23 10:28 17,408 D:\WINDOWS\system32\psapi.dll
2006-08-23 10:28 165,888 D:\WINDOWS\system32\ntmsdba.dll
2006-08-23 10:28 16,384 D:\WINDOWS\system32\ping.exe
2006-08-23 10:28 16,384 D:\WINDOWS\system32\odbc32gt.dll
2006-08-23 10:28 16,384 D:\WINDOWS\system32\nddenb32.dll
2006-08-23 10:28 155,648 D:\WINDOWS\system32\encdec.dll
2006-08-23 10:28 154,112 D:\WINDOWS\system32\netman.dll
2006-08-23 10:28 147,456 D:\WINDOWS\system32\odbctrac.dll
2006-08-23 10:28 143,872 D:\WINDOWS\system32\msimtf.dll
2006-08-23 10:28 137,216 D:\WINDOWS\system32\ntshrui.dll
2006-08-23 10:28 131,072 D:\WINDOWS\system32\msorcl32.dll
2006-08-23 10:28 126,976 D:\WINDOWS\system32\msdart.dll
2006-08-23 10:28 122,880 D:\WINDOWS\system32\odbcconf.dll
2006-08-23 10:28 12,288 D:\WINDOWS\system32\odbcp32r.dll
2006-08-23 10:28 12,288 D:\WINDOWS\system32\mscpx32r.dll
2006-08-23 10:28 12,288 D:\WINDOWS\system32\encapi.dll
2006-08-23 10:28 116,736 D:\WINDOWS\system32\mplay32.exe
2006-08-23 10:28 115,200 D:\WINDOWS\system32\net1.exe
2006-08-23 10:28 113,664 D:\WINDOWS\system32\msvfw32.dll
2006-08-23 10:28 112,128 D:\WINDOWS\system32\ntmarta.dll
2006-08-23 10:28 110,080 D:\WINDOWS\system32\sbeio.dll
2006-08-23 10:28 109,568 D:\WINDOWS\system32\offfilt.dll
2006-08-23 10:28 105,984 D:\WINDOWS\system32\netdde.exe
2006-08-23 10:28 10,240 D:\WINDOWS\system32\msrle32.dll
2006-08-23 10:28 1,677,312 D:\WINDOWS\system32\wmvcore2.dll
2006-08-23 10:28 1,622,528 D:\WINDOWS\system32\netshell.dll
2006-08-23 10:28 1,503,262 D:\WINDOWS\system32\msjet40.dll
2006-08-23 10:28 1,220,608 D:\WINDOWS\system32\msvidctl.dll
2006-08-23 10:28 1,122,304 D:\WINDOWS\system32\msxml3.dll
2006-08-23 10:27 94,720 D:\WINDOWS\system32\dmusic.dll
2006-08-23 10:27 91,648 D:\WINDOWS\system32\iuctl.dll
2006-08-23 10:27 9,216 D:\WINDOWS\system32\icaapi.dll
2006-08-23 10:27 9,216 D:\WINDOWS\system32\dumprep.exe
2006-08-23 10:27 802,304 D:\WINDOWS\system32\dxmrtp.dll
2006-08-23 10:27 8,832 D:\WINDOWS\system32\framebuf.dll
2006-08-23 10:27 786,432 D:\WINDOWS\system32\dxdiag.exe
2006-08-23 10:27 77,312 D:\WINDOWS\system32\dmscript.dll
2006-08-23 10:27 76,288 D:\WINDOWS\system32\dfrgfat.exe
2006-08-23 10:27 73,728 D:\WINDOWS\system32\ils.dll
2006-08-23 10:27 70,656 D:\WINDOWS\system32\defrag.exe
2006-08-23 10:27 70,144 D:\WINDOWS\system32\cryptdlg.dll
2006-08-23 10:27 7,040 D:\WINDOWS\system32\kd1394.dll
2006-08-23 10:27 66,560 D:\WINDOWS\system32\faultrep.dll
2006-08-23 10:27 61,440 D:\WINDOWS\system32\dbnetlib.dll
2006-08-23 10:27 60,928 D:\WINDOWS\system32\ipv6.exe
2006-08-23 10:27 596,480 D:\WINDOWS\system32\INETCOMM.DLL
2006-08-23 10:27 59,392 D:\WINDOWS\system32\iesetup.dll
2006-08-23 10:27 58,368 D:\WINDOWS\system32\dpvsetup.exe
2006-08-23 10:27 57,856 D:\WINDOWS\system32\licwmi.dll
2006-08-23 10:27 57,344 D:\WINDOWS\system32\dmcompos.dll
2006-08-23 10:27 56,320 D:\WINDOWS\system32\dpnhupnp.dll
2006-08-23 10:27 55,296 D:\WINDOWS\system32\digest.dll
2006-08-23 10:27 53,248 D:\WINDOWS\system32\cryptsvc.dll
2006-08-23 10:27 51,712 D:\WINDOWS\system32\ipconfig.exe
2006-08-23 10:27 504,320 D:\WINDOWS\system32\logonui.exe
2006-08-23 10:27 498,205 D:\WINDOWS\system32\dxmasf.dll
2006-08-23 10:27 49,664 D:\WINDOWS\system32\ixsso.dll
2006-08-23 10:27 49,664 D:\WINDOWS\system32\dpwsockx.dll
2006-08-23 10:27 49,152 D:\WINDOWS\system32\eventlog.dll
2006-08-23 10:27 489,984 D:\WINDOWS\system32\dbghelp.dll
2006-08-23 10:27 471,040 D:\WINDOWS\system32\cryptui.dll
2006-08-23 10:27 45,568 D:\WINDOWS\system32\docprop2.dll
2006-08-23 10:27 42,537 D:\WINDOWS\system32\keyboard.sys
2006-08-23 10:27 381,440 D:\WINDOWS\system32\lmrt.dll
2006-08-23 10:27 380,445 D:\WINDOWS\system32\expsrv.dll
2006-08-23 10:27 36,922 D:\WINDOWS\system32\imeshare.dll
2006-08-23 10:27 35,328 D:\WINDOWS\system32\dfrgsnap.dll
2006-08-23 10:27 32,256 D:\WINDOWS\system32\mnmdd.dll
2006-08-23 10:27 318,464 D:\WINDOWS\system32\ippromon.dll
2006-08-23 10:27 31,744 D:\WINDOWS\system32\dmloader.dll
2006-08-23 10:27 307,712 D:\WINDOWS\system32\cscui.dll
2006-08-23 10:27 30,208 D:\WINDOWS\system32\imgutil.dll
2006-08-23 10:27 294,912 D:\WINDOWS\system32\iedkcs32.dll
2006-08-23 10:27 29,696 D:\WINDOWS\system32\dpnhpast.dll
2006-08-23 10:27 28,672 D:\WINDOWS\system32\ie4uinit.exe
2006-08-23 10:27 28,672 D:\WINDOWS\system32\dbnmpntw.dll
2006-08-23 10:27 272,896 D:\WINDOWS\system32\kerberos.dll
2006-08-23 10:27 27,648 D:\WINDOWS\system32\pidgen.dll
2006-08-23 10:27 263,680 D:\WINDOWS\system32\duser.dll
2006-08-23 10:27 263,168 D:\WINDOWS\system32\devmgr.dll
2006-08-23 10:27 26,112 D:\WINDOWS\system32\dmband.dll
2006-08-23 10:27 253,440 D:\WINDOWS\system32\ddraw.dll
2006-08-23 10:27 25,600 D:\WINDOWS\system32\dfsshlex.dll
2006-08-23 10:27 240,640 D:\WINDOWS\system32\hnetcfg.dll
2006-08-23 10:27 24,576 D:\WINDOWS\system32\dbmsvinn.dll
2006-08-23 10:27 24,576 D:\WINDOWS\system32\dbmsrpcn.dll
2006-08-23 10:27 237,056 D:\WINDOWS\system32\icm32.dll
2006-08-23 10:27 227,840 D:\WINDOWS\system32\dsquery.dll
2006-08-23 10:27 219,648 D:\WINDOWS\system32\logon.scr
2006-08-23 10:27 210,944 D:\WINDOWS\system32\moricons.dll
2006-08-23 10:27 206,336 D:\WINDOWS\system32\dpvoice.dll
2006-08-23 10:27 204,288 D:\WINDOWS\system32\ieaksie.dll
2006-08-23 10:27 20,480 D:\WINDOWS\system32\dbmsadsn.dll
2006-08-23 10:27 196,096 D:\WINDOWS\system32\mobsync.dll
2006-08-23 10:27 19,456 D:\WINDOWS\system32\licmgr10.dll
2006-08-23 10:27 19,456 D:\WINDOWS\system32\fontview.exe
2006-08-23 10:27 19,456 D:\WINDOWS\system32\ersvc.dll
2006-08-23 10:27 180,224 D:\WINDOWS\system32\dwwin.exe
2006-08-23 10:27 178,688 D:\WINDOWS\system32\eudcedit.exe
2006-08-23 10:27 172,544 D:\WINDOWS\system32\dmime.dll
2006-08-23 10:27 168,960 D:\WINDOWS\system32\dinput8.dll
2006-08-23 10:27 165,376 D:\WINDOWS\system32\els.dll
2006-08-23 10:27 163,840 D:\WINDOWS\system32\mindex.dll
2006-08-23 10:27 16,384 D:\WINDOWS\system32\ds32gt.dll
2006-08-23 10:27 156,672 D:\WINDOWS\system32\dpnet.dll
2006-08-23 10:27 155,648 D:\WINDOWS\system32\ipsecsvc.dll
2006-08-23 10:27 151,552 D:\WINDOWS\system32\dinput.dll
2006-08-23 10:27 135,680 D:\WINDOWS\system32\dsprop.dll
2006-08-23 10:27 134,144 D:\WINDOWS\system32\ipv6mon.dll
2006-08-23 10:27 13,312 D:\WINDOWS\system32\ctfmon.exe
2006-08-23 10:27 126,976 D:\WINDOWS\system32\ieakeng.dll
2006-08-23 10:27 124,928 D:\WINDOWS\system32\dssenh.dll
2006-08-23 10:27 123,904 D:\WINDOWS\system32\imapi.exe
2006-08-23 10:27 115,200 D:\WINDOWS\system32\dpcdll.dll
2006-08-23 10:27 114,176 D:\WINDOWS\system32\input.dll
2006-08-23 10:27 113,152 D:\WINDOWS\system32\idq.dll
2006-08-23 10:27 113,152 D:\WINDOWS\system32\dfrgui.dll
2006-08-23 10:27 110,080 D:\WINDOWS\system32\dmstyle.dll
2006-08-23 10:27 103,936 D:\WINDOWS\system32\imm32.dll
2006-08-23 10:27 103,424 D:\WINDOWS\system32\dgnet.dll
2006-08-23 10:27 10,240 D:\WINDOWS\system32\localui.dll
2006-08-23 10:27 1,180,672 D:\WINDOWS\system32\d3d8.dll
2006-08-23 10:27 1,128,960 D:\WINDOWS\system32\mmcndmgr.dll
2006-08-23 10:27 1,004,032 D:\WINDOWS\explorer.exe
2006-08-23 10:26 98,816 D:\WINDOWS\system32\clipbrd.exe
2006-08-23 10:26 91,648 D:\WINDOWS\system32\ahui.exe
2006-08-23 10:26 91,136 D:\WINDOWS\system32\advpack.dll
2006-08-23 10:26 8,192 D:\WINDOWS\system32\autolfn.exe
2006-08-23 10:26 76,288 D:\WINDOWS\system32\avifil32.dll
2006-08-23 10:26 74,810 D:\WINDOWS\system32\atl.dll
2006-08-23 10:26 71,680 D:\WINDOWS\system32\browsewm.dll
2006-08-23 10:26 64,512 D:\WINDOWS\system32\ciodm.dll
2006-08-23 10:26 62,976 D:\WINDOWS\system32\browselc.dll
2006-08-23 10:26 62,464 D:\WINDOWS\system32\adsmsext.dll
2006-08-23 10:26 6,656 D:\WINDOWS\system32\batt.dll
2006-08-23 10:26 59,904 D:\WINDOWS\system32\cabinet.dll
2006-08-23 10:26 59,392 D:\WINDOWS\system32\6to4svc.dll
2006-08-23 10:26 54,272 D:\WINDOWS\system32\clusapi.dll
2006-08-23 10:26 5,120 D:\WINDOWS\system32\asferror.dll
2006-08-23 10:26 49,152 D:\WINDOWS\system32\browser.dll
2006-08-23 10:26 41,984 D:\WINDOWS\system32\alg.exe
2006-08-23 10:26 41,472 D:\WINDOWS\system32\cmdl32.exe
2006-08-23 10:26 38,912 D:\WINDOWS\system32\audiosrv.dll
2006-08-23 10:26 324,608 D:\WINDOWS\system32\cmdial32.dll
2006-08-23 10:26 32,768 D:\WINDOWS\system32\cfgbkend.dll
2006-08-23 10:26 24,576 D:\WINDOWS\system32\conime.exe
2006-08-23 10:26 239,616 D:\WINDOWS\system32\adsnt.dll
2006-08-23 10:26 238,592 D:\WINDOWS\system32\compatui.dll
2006-08-23 10:26 22,528 D:\WINDOWS\system32\at.exe
2006-08-23 10:26 186,880 D:\WINDOWS\system32\certcli.dll
2006-08-23 10:26 179,712 D:\WINDOWS\system32\cewmdm.dll
2006-08-23 10:26 162,816 D:\WINDOWS\system32\adsldp.dll
2006-08-23 10:26 158,720 D:\WINDOWS\system32\credui.dll
2006-08-23 10:26 14,366 D:\WINDOWS\system32\asfsipc.dll
2006-08-23 10:26 139,776 D:\WINDOWS\system32\adsldpc.dll
2006-08-23 10:26 115,712 D:\WINDOWS\system32\apphelp.dll
2006-08-10 15:50 45,056 D:\WINDOWS\system32\Icam5com.dll
2006-08-10 15:50 20,480 D:\WINDOWS\system32\Icam5EXT.dll
2006-08-10 15:36 75,776 D:\WINDOWS\system32\CNBJMON2.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-26 09:29 -------- d-------- D:\Program Files\Hijackthis
2006-08-26 09:16 -------- d-------- D:\Program Files\Outlook Express
2006-08-26 09:16 -------- d-------- D:\Program Files\Common Files\System
2006-08-25 19:17 -------- d-------- D:\Program Files\Mozilla Firefox
2006-08-25 13:07 -------- d-------- D:\Program Files\Java
2006-08-25 13:03 -------- d-------- D:\Program Files\Common Files\Java
2006-08-25 13:03 -------- d-------- D:\Program Files\Common Files
2006-08-25 12:15 -------- d-------- D:\Program Files\ewido anti-spyware 4.0
2006-08-23 18:43 183296 --------- D:\WINDOWS\NDNuninstall7_22.exe
2006-08-23 18:40 8464 --a------ D:\WINDOWS\system32\sporder.dll
2006-08-23 18:33 -------- d-------- D:\Program Files\Spyware Doctor
2006-08-23 18:31 -------- d-------- D:\Documents and Settings\John M\Application Data\PC Tools
2006-08-23 11:18 -------- d-------- D:\Program Files\Messenger
2006-08-23 11:18 -------- d-------- D:\Program Files\Internet Explorer
2006-08-23 11:08 -------- d-------- D:\Program Files\NetMeeting
2006-08-23 10:49 -------- d-------- D:\Program Files\Movie Maker
2006-08-23 10:48 -------- d-------- D:\Program Files\Windows Media Player
2006-08-22 16:56 -------- d-------- D:\Program Files\CCleaner
2006-08-22 11:42 -------- d-------- D:\Program Files\NoAdware4
2006-08-21 12:45 -------- d-------- D:\Documents and Settings\John M\Application Data\Lavasoft
2006-08-20 00:34 -------- d-------- D:\Program Files\Common Files\fzko
2006-08-20 00:34 -------- d-------- D:\Program Files\Common Files\eAcceleration
2006-08-19 23:43 -------- d-------- D:\Program Files\topMoxie
2006-08-19 23:42 -------- d-------- D:\Program Files\SaveNow
2006-08-19 23:28 -------- d-------- D:\Program Files\ComPlus Applications
2006-08-19 18:47 -------- d---s---- D:\Documents and Settings\John M\Application Data\Microsoft
2006-08-17 12:32 -------- d-------- D:\Program Files\America Online 9.0
2006-08-17 12:32 -------- d-------- D:\Documents and Settings\John M\Application Data\Help
2006-08-17 10:34 -------- d-------- D:\Program Files\PartyGaming
2006-08-10 16:14 -------- d-------- D:\Program Files\Common Files\Adobe
2006-07-29 16:34 -------- d-------- D:\Documents and Settings\John M\Application Data\Real
2006-07-29 16:32 -------- d-------- D:\Program Files\Common Files\xing shared
2006-07-29 16:32 -------- d-------- D:\Program Files\Common Files\Real
2006-07-10 16:38 51072 --a------ D:\WINDOWS\system32\drivers\ikhlayer.sys
2006-07-10 16:38 30592 --a------ D:\WINDOWS\system32\drivers\ikhfile.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="D:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"D:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"Pure Networks Port Magic"="\"D:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"Adobe Photo Downloader"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!ewido"="\"D:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="D:\\Program Files\\Outlook Express\\kyzererop.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="D:\\Program Files\\ComPlus Applications\\howyp.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,d2,03,00,00,23,00,00,00,1c,01,00,00,27,01,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Completion time: Sat 08/26/2006 9:32:13.28
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"=-
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


============


Use Killbox as you did before to delete these files on reboot.

D:\WINDOWS\NDNuninstall7_22.exe
D:\Program Files\Outlook Express\kyzererop.html
D:\Program Files\ComPlus Applications\howyp.html



============


Please download and install AVG antivirus. Follow the prompts to download and install all updates and then run a complete scan.


Reboot once more and post a new hijackthis log.
Let me know how your compuiter is working now and any issues that you are still having.
  • 0

#13
MarkInCali

MarkInCali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry about the delayed reply, everything seems to be running more smoothly.

I've done everything you told me until I downloaded AVG antivirus. When it was installing, it fails at the end saying that theres 4 errors and 1 warning. I've tried installing it twice already. Here's the new Hijack this log...

Logfile of HijackThis v1.99.1
Scan saved at 1:27:52 PM, on 8/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
D:\Program Files\AOL Companion\companion.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\WINDOWS\System32\wuauclt.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "D:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = D:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Program Files\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096768316012
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Download the trial version of Registry Tuneup from Acelogix and run it.
You may have to run it a few times to clean up everything.

Then reboot your computer and retry the installation of AVG.

Let me know how it goes.
  • 0

#15
MarkInCali

MarkInCali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
So Far.... So Good :whistling: Installed AVG and got rid of a few trojans. I think I have a new task now. My computer keeps warning me that I am running out of hardrive space. Im not sure which stuff to clean up. Also, this computer has two hardrives, im just not sure how to move things from one drive to the other. Again.... your help is very much appreciated.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP