Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my hijack this log


  • Please log in to reply

#1
a_skater_guy

a_skater_guy

    Member

  • Member
  • PipPip
  • 10 posts
ive done multiple steps listed b4 posting for help and i am positive i still have spyware/adware and its winantiviruspro 2006 and im sure there is another one as well heres the log and i hope u can help me :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 12:23:39 AM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ME\Desktop\SA mods\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uhvjsul.dll,mrpmvyf
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfr..._instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158746022123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:


Right click hijackthis.exe and rename it to HJT.exe


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#3
a_skater_guy

a_skater_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
k here they are

Logfile of HijackThis v1.99.1
Scan saved at 3:33:49 AM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ME\Desktop\SA mods\hjt.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\System32\unaoakg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\utkfxyjd.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E5E6DCF2-6D11-450B-8571-B416DFE0ADCE} - C:\WINDOWS\System32\mljge.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uhvjsul.dll,mrpmvyf
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfr..._instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158746022123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

and the vundo one


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 3:12:21 AM 10/1/2006

Listing files found while scanning....

C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\Program Files\Common Files\{BC674009-07D0-1033-0113-060314060001}\services.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.bak2 Has been deleted!

Attempting to delete C:\Program Files\Common Files\{BC674009-07D0-1033-0113-060314060001}\services.dll
C:\Program Files\Common Files\{BC674009-07D0-1033-0113-060314060001}\services.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 3:24:38 AM 10/1/2006

Listing files found while scanning....

C:\WINDOWS\system32\mljge.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Has been deleted!

Performing Repairs to the registry.
Done!


thanks
  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi skater :whistling:

Please run a scan with HijackThis and check the following lines for removal:

O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\System32\unaoakg.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\utkfxyjd.dll (file missing)
O2 - BHO: (no name) - {E5E6DCF2-6D11-450B-8571-B416DFE0ADCE} - C:\WINDOWS\System32\mljge.dll (file missing)
O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uhvjsul.dll,mrpmvyf
O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
a_skater_guy

a_skater_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok here it is thanks for taking time to help me

ME - 06-10-02 1:28:12.25 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\ME\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{BC674009-07D0-1033-0113-060314060001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 ))))))))))))))))))))))))))))))))))


2006-09-26 23:23 143,380 --a------ C:\WINDOWS\system32\ksidndfj.exe
2006-09-24 18:21 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-09-24 18:21 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-09-24 18:21 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-09-24 18:21 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-09-24 18:21 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-09-24 18:21 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-09-24 18:21 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-09-24 18:21 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-09-24 17:30 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-09-24 17:30 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-09-24 17:30 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-23 04:31 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-23 04:31 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-23 04:31 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-09-23 04:31 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-23 04:31 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-23 04:31 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-23 04:31 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-09-22 19:49 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-21 17:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-21 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-21 17:24 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-09-21 16:50 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-21 16:49 96,256 --a------ C:\WINDOWS\system32\drivers\sptd2765.sys
2006-09-21 16:49 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-21 16:44 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-20 21:59 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-09-20 21:48 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-20 03:08 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-20 03:08 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-20 03:08 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-09-20 03:08 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-20 03:08 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-20 03:08 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-09-20 03:08 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-20 03:08 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-20 03:08 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2006-09-20 03:08 243,200 --a------ C:\WINDOWS\system32\es.dll
2006-09-20 03:08 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-20 03:08 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-20 03:08 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-20 03:08 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2006-09-20 03:08 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2006-09-20 03:08 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-20 03:07 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-09-20 03:07 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-09-20 03:07 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-09-20 03:07 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-20 03:01 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-20 02:59 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-09-20 02:23 592 --a------ C:\WINDOWS\chgkey.vbs
2006-09-20 01:27 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-09-20 01:27 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-09-20 01:27 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2006-09-20 01:27 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-09-20 01:27 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-20 01:23 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-20 01:23 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-20 01:23 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-20 01:23 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-20 01:23 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-20 01:23 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-19 22:05 94,208 --a------ C:\WINDOWS\system32\uhvjsul.dll
2006-09-19 22:05 72,704 --a------ C:\WINDOWS\system32\unaoakg.dll
2006-09-19 21:56 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2006-09-19 07:07 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-09-19 07:07 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2006-09-19 07:07 487,424 --a------ C:\WINDOWS\system32\Msvcp70.dll
2006-09-19 07:07 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-09-19 07:07 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2006-09-19 07:07 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2006-09-19 07:07 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2006-09-19 07:07 188,416 --a------ C:\WINDOWS\system32\eax.dll
2006-09-19 07:07 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2006-09-19 07:07 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-18 23:23 9,410,048 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2006-09-18 23:23 77,824 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2006-09-18 23:23 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-18 23:23 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-09-18 23:23 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-18 23:23 2,324,480 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-09-18 23:23 156,672 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll
2006-09-18 23:23 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-18 23:23 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-09-18 23:22 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-09-18 23:22 294,912 -r------- C:\WINDOWS\alcupd.exe
2006-09-18 23:22 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2006-09-18 23:22 200,704 -r------- C:\WINDOWS\alcrmv.exe
2006-09-18 20:31 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-09-18 20:31 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-09-18 20:31 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-09-18 20:31 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2006-09-18 20:31 335,872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-09-18 20:31 335,872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-09-18 20:31 327,680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-09-18 20:31 327,680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-09-18 20:31 327,680 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-09-18 20:31 323,584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-09-18 20:31 323,584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-09-18 20:31 323,584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-09-18 20:31 319,488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-09-18 20:31 319,488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-09-18 20:31 315,392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-09-18 20:31 315,392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-09-18 20:31 311,296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-09-18 20:31 303,104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-09-18 20:31 303,104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-09-18 20:31 303,104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-09-18 20:31 299,008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-09-18 20:31 299,008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-09-18 20:31 294,912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-09-18 20:31 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-09-18 20:31 294,912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-09-18 20:31 286,720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-09-18 20:31 286,720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-09-18 20:31 282,624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-09-18 20:31 282,624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-09-18 20:31 278,528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-09-18 20:31 278,528 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-09-18 20:31 278,528 --a------ C:\WINDOWS\system32\nvrses.dll
2006-09-18 20:31 278,528 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-09-18 20:31 274,432 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-09-18 20:31 270,336 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-09-18 20:31 270,336 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-09-18 20:31 270,336 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-09-18 20:31 266,240 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-09-18 20:31 266,240 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-09-18 20:31 266,240 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-09-18 20:31 262,144 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-09-18 20:31 258,048 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-09-18 20:31 253,952 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-09-18 20:31 253,952 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-09-18 20:31 253,952 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-09-18 20:31 253,952 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-09-18 20:31 249,856 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-09-18 20:31 249,856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-09-18 20:31 249,856 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-09-18 20:31 245,760 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-09-18 20:31 245,760 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-09-18 20:31 245,760 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-09-18 20:31 221,184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-09-18 20:31 212,992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-09-18 20:31 196,608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-09-18 20:31 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-18 20:31 167,936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-09-18 20:31 163,840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-09-18 20:31 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-09-18 20:31 122,880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-09-18 20:31 1,662,976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-09-18 20:31 1,519,616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-09-18 20:31 1,466,368 --a------ C:\WINDOWS\system32\nview.dll
2006-09-18 20:31 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-09-18 20:31 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-09-18 20:30 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-09-18 20:30 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-09-18 20:30 7,557,120 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-09-18 20:30 573,440 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-09-18 20:30 5,419,008 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-09-18 20:30 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-09-18 20:30 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-09-18 20:30 143,426 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-09-18 20:29 94,208 --a------ C:\WINDOWS\system32\nvapi.dll
2006-09-18 20:29 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-09-18 20:29 35,840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-09-18 20:29 3,960,064 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-18 20:29 3,642,784 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-09-18 20:25 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2006-09-18 20:25 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2006-09-18 20:25 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2006-09-18 20:25 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2006-09-18 20:14 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-18 20:14 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-18 20:13 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-09-18 20:13 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2006-09-18 20:09 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-18 20:09 0 -rahs---- C:\MSDOS.SYS
2006-09-18 20:09 0 -rahs---- C:\IO.SYS
2006-09-18 20:09 0 --a------ C:\CONFIG.SYS
2006-09-18 20:09 0 --a------ C:\AUTOEXEC.BAT
2006-09-18 20:08 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-18 20:07 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-18 20:07 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-18 20:07 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-18 20:07 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-18 20:07 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-18 20:07 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-18 20:07 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-18 20:07 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-18 20:07 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-18 20:07 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-18 20:07 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-18 20:07 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-18 20:07 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-18 20:07 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-18 20:07 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-18 20:07 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-18 20:07 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-18 20:07 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-18 20:07 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-18 20:07 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-18 20:07 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-18 20:07 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-18 20:07 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-18 20:07 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-18 20:07 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-18 20:07 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-18 20:07 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-18 20:07 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-18 20:06 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-18 20:06 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-18 20:06 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-18 20:06 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-18 20:06 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-18 20:06 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-18 20:06 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-18 20:06 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-18 20:06 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-18 20:06 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-18 20:06 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-18 20:06 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-18 20:06 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-18 20:06 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-18 20:06 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-18 20:06 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-18 20:06 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-18 20:06 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-18 20:06 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-18 20:06 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-18 20:06 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-18 20:06 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-18 20:06 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-18 20:06 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-18 20:06 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-18 20:06 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-18 20:06 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-18 20:06 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-18 20:06 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-18 20:06 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-18 20:06 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-18 20:06 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-18 20:06 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-18 20:06 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-18 20:06 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-18 20:06 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-18 20:06 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-18 20:06 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-18 20:06 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-18 20:06 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-18 20:06 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-18 20:06 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-18 20:06 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-18 20:06 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-18 20:06 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-18 20:06 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-18 20:06 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-18 20:06 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-18 20:06 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-18 20:06 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-18 20:06 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-18 20:06 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-18 20:06 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-18 20:06 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-18 20:06 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-18 20:06 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-18 20:06 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-18 20:06 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-18 20:06 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-18 20:06 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-18 20:06 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-18 20:06 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-18 20:06 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-18 20:06 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-18 20:06 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-18 20:06 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-18 20:06 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-18 20:06 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-18 20:06 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-18 20:06 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-18 20:06 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-18 20:06 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-18 20:06 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-18 20:06 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-18 20:05 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-18 20:05 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-18 13:02 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-18 13:02 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-09-18 13:02 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-18 13:02 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-18 13:02 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-18 13:02 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2006-09-18 13:02 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-09-18 13:02 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-09-18 13:02 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-18 13:02 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-18 13:02 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-18 13:02 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-18 13:01 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-18 13:01 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2006-09-18 13:01 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-09-18 13:00 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-18 12:59 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-18 12:59 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-18 12:59 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-18 12:59 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-18 12:59 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-18 12:59 69,120 --a------ C:\WINDOWS\notepad.exe
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-18 12:59 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-18 12:59 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-18 12:59 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-18 12:59 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-18 12:59 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-18 12:59 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-18 12:59 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-18 12:59 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-18 12:59 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-18 12:59 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-18 12:59 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-18 12:59 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-18 12:59 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-18 12:59 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-18 12:59 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-02 01:28 -------- d-------- C:\Program Files\Common Files
2006-10-02 00:15 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-01 12:42 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-28 05:01 -------- d---s---- C:\Documents and Settings\ME\Application Data\Microsoft
2006-09-25 19:10 -------- d-------- C:\Documents and Settings\ME\Application Data\CamfrogWEB
2006-09-25 17:10 -------- d-------- C:\Program Files\Smart Projects
2006-09-25 16:57 -------- d-------- C:\Documents and Settings\ME\Application Data\uTorrent
2006-09-25 02:17 -------- d-------- C:\Program Files\San Andreas Mod Installer
2006-09-25 02:12 -------- d-------- C:\Program Files\Internet Explorer
2006-09-25 00:35 -------- d-------- C:\Program Files\QuickTime
2006-09-23 05:17 -------- d-------- C:\Program Files\Messenger
2006-09-23 04:34 -------- d-------- C:\Program Files\Common Files\Nero
2006-09-23 04:32 -------- d-------- C:\Program Files\Ahead
2006-09-23 04:31 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-22 19:46 -------- d-------- C:\Program Files\LimeWire
2006-09-22 10:49 -------- d-------- C:\Program Files\Windows Media Player
2006-09-22 10:44 -------- d-------- C:\Program Files\Outlook Express
2006-09-22 10:44 -------- d-------- C:\Program Files\Common Files\System
2006-09-21 18:03 -------- d-------- C:\Program Files\MSN Messenger
2006-09-21 17:49 -------- d-------- C:\Program Files\Movie Maker
2006-09-21 17:46 -------- d-------- C:\Program Files\Windows NT
2006-09-21 17:46 -------- d-------- C:\Program Files\NetMeeting
2006-09-21 16:51 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-21 16:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-21 16:13 -------- d-------- C:\Program Files\Rockstar Games
2006-09-21 15:24 -------- d-------- C:\Program Files\PowerISO
2006-09-20 02:59 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-20 02:59 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-20 01:23 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-19 06:12 -------- d-------- C:\Program Files\WinRAR
2006-09-18 23:23 -------- d-------- C:\Program Files\Realtek Sound Manager
2006-09-18 23:23 -------- d-------- C:\Program Files\Realtek AC97
2006-09-18 23:23 -------- d-------- C:\Program Files\AvRack
2006-09-18 23:22 -------- d-------- C:\Program Files\MsnMusic
2006-09-18 22:14 -------- d-------- C:\Program Files\utorrent
2006-09-18 21:56 -------- d-------- C:\Documents and Settings\ME\Application Data\AdobeUM
2006-09-18 21:24 -------- d-------- C:\Documents and Settings\ME\Application Data\Macromedia
2006-09-18 21:20 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-18 21:20 -------- d-------- C:\Documents and Settings\ME\Application Data\Adobe
2006-09-18 21:02 -------- d-------- C:\Program Files\Java
2006-09-18 21:02 -------- d-------- C:\Documents and Settings\ME\Application Data\Sun
2006-09-18 21:01 -------- d-------- C:\Program Files\Common Files\Java
2006-09-18 20:57 -------- d-------- C:\Program Files\Zone Labs
2006-09-18 20:46 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-18 20:42 -------- d-------- C:\Program Files\Symantec
2006-09-18 20:41 -------- d-------- C:\Program Files\SymNetDrv
2006-09-18 20:35 -------- d-------- C:\Program Files\Adobe
2006-09-18 20:29 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-18 20:25 -------- d-------- C:\Program Files\ASUS
2006-09-18 20:24 -------- d-------- C:\Program Files\Marvell
2006-09-18 20:19 -------- d-------- C:\Documents and Settings\ME\Application Data\Symantec
2006-09-18 20:13 -------- d-------- C:\Documents and Settings\ME\Application Data\Identities
2006-09-18 20:12 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-18 20:09 -------- d-------- C:\Program Files\xerox
2006-09-18 20:09 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-18 20:08 -------- d-------- C:\Program Files\Online Services
2006-09-18 20:07 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-18 20:07 -------- d-------- C:\Program Files\Common Files\Services
2006-09-18 20:07 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-18 20:06 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-18 20:06 -------- d-------- C:\Program Files\MSN
2006-09-18 12:59 62 --ahs---- C:\Documents and Settings\ME\Application Data\desktop.ini
2006-09-18 12:59 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-18 12:59 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SoundMan"="SOUNDMAN.EXE"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - ME.job

Completion time: Mon 10/02/2006 1:29:13.56
ComboFix.txt
  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Browse for and delete this file:
C:\WINDOWS\system32\ksidndfj.exe

Can you post a new Hijack log and let me know how things are running ?
  • 0

#7
a_skater_guy

a_skater_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok here it is
things seem to be running full speed and no popups but i havnt been anline too long i will reply tomorrow woith updated results

Logfile of HijackThis v1.99.1
Scan saved at 3:38:03 AM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ME\Desktop\SA mods\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfr..._instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158746022123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
The log looks fine, Just let me know after you have surfed for a while :whistling:
  • 0

#9
a_skater_guy

a_skater_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
tyvm my comp seems to be running perfectly and i havnt had any problems yet i will post again if something pops up but it seems to be working excelent tyvm :whistling:
  • 0

#10
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Great :whistling:

let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run these free malware scanners weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP