Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware from Outerinfo

Started by misscoco , Oct 01 2006 09:03 AM

  • This topic is locked This topic is locked

#31
Armodeluxe
Posted 24 October 2006 - 06:11 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Your log looks clean now.

Now let's reset your restore points.

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'

Next goto Start Menu > Run > type

cleanmgr

click OK, when Disk Cleanup opens goto the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Please take the following into consideration to maintain a clean computer.

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.
Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

Advertisements

#32
misscoco
Posted 30 October 2006 - 08:58 PM

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ok so a new problem has come up. Everytime I'm online an internet explorer error message pops up and when I hit send it makes my entire desktop go blank.
  • 0

#33
Armodeluxe
Posted 31 October 2006 - 06:52 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please post the exact contents of the error message along with a new HijackThis log.
  • 0

#34
misscoco
Posted 31 October 2006 - 08:30 AM

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi jack this log and I'm waiting for the error message to show up again. Also the pop up are back!

Logfile of HijackThis v1.99.1
Scan saved at 08:29, on 06-10-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\GWMDMpi.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {bde139d7-dbbe-4e75-b43a-f5c1216cc757} - C:\WINDOWS\system32\bootwdm.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160690526031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160690505921
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...856/mcfscan.cab
O20 - Winlogon Notify: bootwdm - C:\WINDOWS\SYSTEM32\bootwdm.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
  • 0

#35
Armodeluxe
Posted 01 November 2006 - 07:19 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
If you still have combofix on your desktop, delete it and download the new version.

Download this file - combofix.exe

and save it to your desktop.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /v bootwdm

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
  • 0

#36
misscoco
Posted 01 November 2006 - 09:58 AM

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Combo Fix log

Courtnie - 06-11-01 9:55:56.76 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Courtnie\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-01 to 2006-11-01 ))))))))))))))))))))))))))))))))))


2006-10-31 21:54 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2006-10-31 21:53 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-31 21:53 9,216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2006-10-31 21:53 57,344 --a------ C:\WINDOWS\system32\pavipc.dll
2006-10-31 21:53 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2006-10-31 21:53 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2006-10-31 21:53 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2006-10-31 21:53 44,544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2006-10-31 21:53 36,864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2006-10-31 21:53 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2006-10-31 21:53 245,760 --a------ C:\WINDOWS\system32\PavSHook.dll
2006-10-31 21:53 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-10-31 21:53 23,296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2006-10-31 21:53 185,472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2006-10-31 21:53 16,640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2006-10-31 21:53 16,000 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2006-10-31 21:53 140,416 --a------ C:\WINDOWS\system32\drivers\netflt.sys
2006-10-31 21:53 139,264 --a------ C:\WINDOWS\system32\TpUtil.dll
2006-10-31 21:53 103,936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys
2006-10-31 21:53 101,888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2006-10-31 21:50 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2006-10-31 21:50 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2006-10-24 03:06 18,772 --a------ C:\WINDOWS\system32\bootwdm.dll
2006-10-16 07:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-15 09:13 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-10-13 02:19 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-10-13 02:19 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-10-13 02:19 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-10-12 16:13 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-12 16:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-10-12 16:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-10-12 16:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-12 16:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-12 16:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-12 16:03 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-12 16:03 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-12 16:03 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-12 16:03 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-12 16:03 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-12 16:03 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-12 04:34 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-10-04 07:52 96,768 --a------ C:\WINDOWS\system32\psbase.dll
2006-10-04 07:52 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2006-10-04 07:52 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-04 07:52 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-10-04 07:52 92,168 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-10-04 07:52 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-10-04 07:52 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2006-10-04 07:52 9,216 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-10-04 07:52 89,600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-10-04 07:52 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-04 07:52 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-04 07:52 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-10-04 07:52 77,312 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-10-04 07:52 77,312 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-10-04 07:52 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-04 07:52 75,776 --a------ C:\WINDOWS\system32\telnet.exe
2006-10-04 07:52 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-04 07:52 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2006-10-04 07:52 713,728 --a------ C:\WINDOWS\system32\opengl32.dll
2006-10-04 07:52 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-10-04 07:52 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-10-04 07:52 70,144 --a------ C:\WINDOWS\system32\sigverif.exe
2006-10-04 07:52 69,632 --a------ C:\WINDOWS\system32\raschap.dll
2006-10-04 07:52 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-10-04 07:52 68,096 --a------ C:\WINDOWS\system32\shgina.dll
2006-10-04 07:52 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-10-04 07:52 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-04 07:52 67,584 --a------ C:\WINDOWS\system32\sti.dll
2006-10-04 07:52 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-04 07:52 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2006-10-04 07:52 65,536 --a------ C:\WINDOWS\system32\shimeng.dll
2006-10-04 07:52 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-10-04 07:52 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-10-04 07:52 62,976 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-10-04 07:52 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-04 07:52 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2006-10-04 07:52 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-04 07:52 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-04 07:52 6,656 --a------ C:\WINDOWS\system32\sensapi.dll
2006-10-04 07:52 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-04 07:52 58,368 --a------ C:\WINDOWS\system32\packager.exe
2006-10-04 07:52 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2006-10-04 07:52 55,808 --a------ C:\WINDOWS\system32\secur32.dll
2006-10-04 07:52 54,784 --a------ C:\WINDOWS\system32\npptools.dll
2006-10-04 07:52 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-04 07:52 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2006-10-04 07:52 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-10-04 07:52 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-10-04 07:52 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-10-04 07:52 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2006-10-04 07:52 50,176 --a------ C:\WINDOWS\system32\reg.exe
2006-10-04 07:52 49,664 --a------ C:\WINDOWS\system32\regapi.dll
2006-10-04 07:52 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-10-04 07:52 442,368 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-10-04 07:52 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-04 07:52 438,272 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-10-04 07:52 435,200 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-10-04 07:52 431,616 --a------ C:\WINDOWS\system32\riched20.dll
2006-10-04 07:52 430,592 --a------ C:\WINDOWS\system32\vssapi.dll
2006-10-04 07:52 43,520 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-10-04 07:52 42,496 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-10-04 07:52 42,496 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-10-04 07:52 417,792 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-04 07:52 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-04 07:52 406,528 --a------ C:\WINDOWS\system32\usp10.dll
2006-10-04 07:52 40,960 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-10-04 07:52 393,216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-10-04 07:52 385,536 --a------ C:\WINDOWS\system32\themeui.dll
2006-10-04 07:52 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-04 07:52 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-04 07:52 38,912 --a------ C:\WINDOWS\system32\sens.dll
2006-10-04 07:52 378,368 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-04 07:52 37,888 --a------ C:\WINDOWS\system32\url.dll
2006-10-04 07:52 363,008 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-10-04 07:52 359,936 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-10-04 07:52 35,840 --a------ C:\WINDOWS\system32\umandlg.dll
2006-10-04 07:52 35,840 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-10-04 07:52 35,328 --a------ C:\WINDOWS\system32\pid.dll
2006-10-04 07:52 34,816 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-10-04 07:52 337,920 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-10-04 07:52 333,312 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-10-04 07:52 33,840 --a------ C:\WINDOWS\system32\ntio.sys
2006-10-04 07:52 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-10-04 07:52 313,856 --a------ C:\WINDOWS\system32\scesrv.dll
2006-10-04 07:52 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-04 07:52 303,616 --a------ C:\WINDOWS\system32\wmstream.dll
2006-10-04 07:52 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-10-04 07:52 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-04 07:52 283,648 --a------ C:\WINDOWS\winhlp32.exe
2006-10-04 07:52 283,648 --a------ C:\WINDOWS\system32\pdh.dll
2006-10-04 07:52 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-04 07:52 276,480 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-04 07:52 270,848 --------- C:\WINDOWS\system32\sbe.dll
2006-10-04 07:52 264,192 --a------ C:\WINDOWS\system32\wow32.dll
2006-10-04 07:52 26,624 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-04 07:52 26,112 --a------ C:\WINDOWS\system32\skeys.exe
2006-10-04 07:52 25,600 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-10-04 07:52 25,088 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-10-04 07:52 25,088 --a------ C:\WINDOWS\system32\shfolder.dll
2006-10-04 07:52 249,856 --a------ C:\WINDOWS\system32\odbc32.dll
2006-10-04 07:52 248,832 --a------ C:\WINDOWS\system32\newdev.dll
2006-10-04 07:52 246,302 --a------ C:\WINDOWS\system32\strmdll.dll
2006-10-04 07:52 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-10-04 07:52 239,616 --a------ C:\WINDOWS\system32\upnpui.dll
2006-10-04 07:52 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-04 07:52 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-04 07:52 23,040 --a------ C:\WINDOWS\system32\setup.exe
2006-10-04 07:52 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2006-10-04 07:52 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-04 07:52 215,552 --a------ C:\WINDOWS\system32\osk.exe
2006-10-04 07:52 206,336 --a------ C:\WINDOWS\system32\rasppp.dll
2006-10-04 07:52 20,992 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-10-04 07:52 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
2006-10-04 07:52 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-10-04 07:52 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-10-04 07:52 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-04 07:52 2,105,344 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-04 07:52 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2006-10-04 07:52 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-04 07:52 19,968 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-10-04 07:52 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-04 07:52 187,392 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-10-04 07:52 185,344 --a------ C:\WINDOWS\system32\upnphost.dll
2006-10-04 07:52 181,760 --a------ C:\WINDOWS\system32\tapi32.dll
2006-10-04 07:52 180,224 --a------ C:\WINDOWS\system32\scecli.dll
2006-10-04 07:52 18,944 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-10-04 07:52 18,944 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-10-04 07:52 18,432 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-10-04 07:52 18,432 --a------ C:\WINDOWS\system32\ups.exe
2006-10-04 07:52 179,712 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-10-04 07:52 176,128 --a------ C:\WINDOWS\system32\winmm.dll
2006-10-04 07:52 174,592 --a------ C:\WINDOWS\system32\w32time.dll
2006-10-04 07:52 174,200 --a------ C:\WINDOWS\system32\xenroll.dll
2006-10-04 07:52 172,032 --a------ C:\WINDOWS\system32\wldap32.dll
2006-10-04 07:52 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-10-04 07:52 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-04 07:52 17,920 --a------ C:\WINDOWS\system32\ping.exe
2006-10-04 07:52 17,664 --a------ C:\WINDOWS\system32\watchdog.sys
2006-10-04 07:52 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-10-04 07:52 16,896 --a------ C:\WINDOWS\system32\rassapi.dll
2006-10-04 07:52 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-10-04 07:52 159,232 --------- C:\WINDOWS\system32\sbeio.dll
2006-10-04 07:52 152,576 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-10-04 07:52 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-04 07:52 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-10-04 07:52 146,432 --a------ C:\WINDOWS\regedit.exe
2006-10-04 07:52 143,872 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-10-04 07:52 140,288 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-04 07:52 14,336 --a------ C:\WINDOWS\system32\ssstars.scr
2006-10-04 07:52 14,336 --a------ C:\WINDOWS\system32\runonce.exe
2006-10-04 07:52 136,704 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-10-04 07:52 135,680 --a------ C:\WINDOWS\system32\webvw.dll
2006-10-04 07:52 135,680 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-10-04 07:52 135,168 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-10-04 07:52 132,608 --a------ C:\WINDOWS\system32\upnp.dll
2006-10-04 07:52 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-04 07:52 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-04 07:52 13,312 --a------ C:\WINDOWS\system32\sigtab.dll
2006-10-04 07:52 124,416 --a------ C:\WINDOWS\system32\wiadss.dll
2006-10-04 07:52 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-04 07:52 121,856 --a------ C:\WINDOWS\system32\stobject.dll
2006-10-04 07:52 120,832 --a------ C:\WINDOWS\system32\offfilt.dll
2006-10-04 07:52 12,288 --a------ C:\WINDOWS\system32\tracert.exe
2006-10-04 07:52 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-10-04 07:52 118,784 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-10-04 07:52 115,200 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-10-04 07:52 112,128 --a------ C:\WINDOWS\system32\rastls.dll
2006-10-04 07:52 107,008 --a------ C:\WINDOWS\system32\oleprn.dll
2006-10-04 07:52 106,496 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-10-04 07:52 103,936 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-10-04 07:52 102,400 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-04 07:52 10,752 --a------ C:\WINDOWS\hh.exe
2006-10-04 07:52 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-10-04 07:52 1,580,544 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-10-04 07:52 1,435,648 --a------ C:\WINDOWS\system32\query.dll
2006-10-04 07:52 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-04 07:52 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-04 07:51 875,008 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-10-04 07:51 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-10-04 07:51 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-10-04 07:51 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-04 07:51 701,440 --a------ C:\WINDOWS\system32\msxml2.dll
2006-10-04 07:51 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-04 07:51 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-04 07:51 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-04 07:51 69,120 --a------ C:\WINDOWS\system32\msctfp.dll
2006-10-04 07:51 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-04 07:51 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-04 07:51 622,080 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-10-04 07:51 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-04 07:51 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-04 07:51 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-04 07:51 56,832 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-04 07:51 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-10-04 07:51 537,088 --------- C:\WINDOWS\system32\msftedit.dll
2006-10-04 07:51 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-04 07:51 514,560 --a------ C:\WINDOWS\system32\logonui.exe
2006-10-04 07:51 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-10-04 07:51 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-04 07:51 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-10-04 07:51 42,496 --a------ C:\WINDOWS\system32\net.exe
2006-10-04 07:51 413,696 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-10-04 07:51 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-04 07:51 407,040 --a------ C:\WINDOWS\system32\netlogon.dll
2006-10-04 07:51 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-10-04 07:51 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-10-04 07:51 4,096 --------- C:\WINDOWS\system32\dsprpres.dll
2006-10-04 07:51 399,872 --a------ C:\WINDOWS\system32\lmrt.dll
2006-10-04 07:51 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-04 07:51 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-10-04 07:51 36,352 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-10-04 07:51 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-10-04 07:51 356,352 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-04 07:51 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-10-04 07:51 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-10-04 07:51 343,040 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-10-04 07:51 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-04 07:51 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-04 07:51 329,728 --a------ C:\WINDOWS\system32\netsetup.exe
2006-10-04 07:51 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-04 07:51 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-10-04 07:51 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-04 07:51 294,400 --a------ C:\WINDOWS\system32\msctf.dll
2006-10-04 07:51 290,816 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-10-04 07:51 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-04 07:51 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-04 07:51 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-10-04 07:51 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-04 07:51 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-10-04 07:51 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-04 07:51 25,088 --a------ C:\WINDOWS\system32\mslbui.dll
2006-10-04 07:51 248,832 --a------ C:\WINDOWS\system32\msieftp.dll
2006-10-04 07:51 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-10-04 07:51 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-10-04 07:51 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-04 07:51 220,672 --a------ C:\WINDOWS\system32\logon.scr
2006-10-04 07:51 22,016 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-04 07:51 216,064 --a------ C:\WINDOWS\system32\moricons.dll
2006-10-04 07:51 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-10-04 07:51 207,360 --a------ C:\WINDOWS\system32\mobsync.dll
2006-10-04 07:51 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-10-04 07:51 201,728 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-04 07:51 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-10-04 07:51 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-04 07:51 20,480 --------- C:\WINDOWS\system32\encapi.dll
2006-10-04 07:51 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-10-04 07:51 195,072 --a------ C:\WINDOWS\system32\msutb.dll
2006-10-04 07:51 186,368 --------- C:\WINDOWS\system32\encdec.dll
2006-10-04 07:51 18,944 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-10-04 07:51 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-10-04 07:51 159,232 --a------ C:\WINDOWS\system32\msimtf.dll
2006-10-04 07:51 151,552 --a------ C:\WINDOWS\system32\msdart.dll
2006-10-04 07:51 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-04 07:51 143,360 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-10-04 07:51 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-04 07:51 134,656 --------- C:\WINDOWS\system32\mssap.dll
2006-10-04 07:51 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-04 07:51 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-04 07:51 124,928 --a------ C:\WINDOWS\system32\net1.exe
2006-10-04 07:51 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-04 07:51 120,832 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-10-04 07:51 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-04 07:51 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-04 07:51 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-10-04 07:51 111,104 --a------ C:\WINDOWS\system32\netdde.exe
2006-10-04 07:51 11,776 --a------ C:\WINDOWS\system32\localui.dll
2006-10-04 07:51 11,264 --a------ C:\WINDOWS\system32\msrle32.dll
2006-10-04 07:51 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-04 07:51 103,936 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-04 07:51 1,708,032 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-04 07:51 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-10-04 07:51 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-04 07:51 1,192,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-10-04 07:51 1,057,760 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-10-04 07:50 97,280 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-10-04 07:50 9,344 --a------ C:\WINDOWS\system32\framebuf.dll
2006-10-04 07:50 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2006-10-04 07:50 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-10-04 07:50 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2006-10-04 07:50 82,432 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-10-04 07:50 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-04 07:50 80,384 --a------ C:\WINDOWS\system32\faultrep.dll
2006-10-04 07:50 7,424 --a------ C:\WINDOWS\system32\kd1394.dll
2006-10-04 07:50 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-04 07:50 68,608 --a------ C:\WINDOWS\system32\digest.dll
2006-10-04 07:50 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-04 07:50 62,976 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-04 07:50 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-10-04 07:50 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-10-04 07:50 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-04 07:50 55,808 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-10-04 07:50 55,808 --a------ C:\WINDOWS\system32\eventlog.dll
2006-10-04 07:50 54,272 --a------ C:\WINDOWS\system32\ixsso.dll
2006-10-04 07:50 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-10-04 07:50 48,128 --a------ C:\WINDOWS\system32\docprop2.dll
2006-10-04 07:50 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-10-04 07:50 41,472 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-10-04 07:50 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-10-04 07:50 38,912 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-10-04 07:50 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2006-10-04 07:50 36,921 --a------ C:\WINDOWS\system32\imeshare.dll
2006-10-04 07:50 35,840 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-04 07:50 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2006-10-04 07:50 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-10-04 07:50 344,064 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-10-04 07:50 34,304 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-04 07:50 330,752 --a------ C:\WINDOWS\system32\ippromon.dll
2006-10-04 07:50 323,584 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-04 07:50 304,128 --a------ C:\WINDOWS\system32\duser.dll
2006-10-04 07:50 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2006-10-04 07:50 282,624 --a------ C:\WINDOWS\system32\devmgr.dll
2006-10-04 07:50 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2006-10-04 07:50 28,672 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-10-04 07:50 25,088 --a------ C:\WINDOWS\system32\defrag.exe
2006-10-04 07:50 24,064 --a------ C:\WINDOWS\system32\pidgen.dll
2006-10-04 07:50 239,104 --a------ C:\WINDOWS\system32\dsquery.dll
2006-10-04 07:50 23,040 --a------ C:\WINDOWS\system32\ersvc.dll
2006-10-04 07:50 216,576 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-04 07:50 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-10-04 07:50 20,992 --a------ C:\WINDOWS\system32\fontview.exe
2006-10-04 07:50 193,024 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-10-04 07:50 183,296 --a------ C:\WINDOWS\system32\els.dll
2006-10-04 07:50 181,760 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-04 07:50 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-04 07:50 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-10-04 07:50 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-10-04 07:50 159,232 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-04 07:50 155,136 --a------ C:\WINDOWS\system32\itircl.dll
2006-10-04 07:50 150,016 --a------ C:\WINDOWS\system32\imapi.exe
2006-10-04 07:50 142,336 --a------ C:\WINDOWS\system32\dsprop.dll
2006-10-04 07:50 139,264 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-04 07:50 137,216 --a------ C:\WINDOWS\system32\itss.dll
2006-10-04 07:50 137,216 --a------ C:\WINDOWS\system32\dssenh.dll
2006-10-04 07:50 123,904 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-10-04 07:50 123,392 --a------ C:\WINDOWS\system32\input.dll
2006-10-04 07:50 120,832 --a------ C:\WINDOWS\system32\idq.dll
2006-10-04 07:50 111,104 --a------ C:\WINDOWS\system32\dgnet.dll
2006-10-04 07:50 110,080 --a------ C:\WINDOWS\system32\imm32.dll
2006-10-04 07:50 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-04 07:50 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-10-04 07:50 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-04 07:50 10,752 --a------ C:\WINDOWS\system32\dumprep.exe
2006-10-04 07:50 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-04 07:50 1,032,192 --a------ C:\WINDOWS\explorer.exe
2006-10-04 07:49 99,840 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-04 07:49 98,304 --a------ C:\WINDOWS\system32\ahui.exe
2006-10-04 07:49 84,992 --a------ C:\WINDOWS\system32\avifil32.dll
2006-10-04 07:49 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-04 07:49 8,192 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-04 07:49 78,336 --a------ C:\WINDOWS\system32\browsewm.dll
2006-10-04 07:49 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-10-04 07:49 75,544 --a------ C:\WINDOWS\system32\cdm.dll
2006-10-04 07:49 74,752 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-10-04 07:49 69,120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-10-04 07:49 68,096 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-10-04 07:49 640,000 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-10-04 07:49 63,488 --a------ C:\WINDOWS\system32\browselc.dll
2006-10-04 07:49 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-10-04 07:49 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-10-04 07:49 58,880 --a------ C:\WINDOWS\system32\atl.dll
2006-10-04 07:49 57,856 --a------ C:\WINDOWS\system32\clusapi.dll
2006-10-04 07:49 512,512 --a------ C:\WINDOWS\system32\cryptui.dll
2006-10-04 07:49 47,104 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-10-04 07:49 44,544 --a------ C:\WINDOWS\system32\alg.exe
2006-10-04 07:49 42,496 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-10-04 07:49 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-04 07:49 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2006-10-04 07:49 343,040 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-10-04 07:49 326,656 --a------ C:\WINDOWS\system32\cscui.dll
2006-10-04 07:49 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-10-04 07:49 27,648 --a------ C:\WINDOWS\system32\conime.exe
2006-10-04 07:49 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-04 07:49 263,680 --a------ C:\WINDOWS\system32\adsnt.dll
2006-10-04 07:49 252,928 --a------ C:\WINDOWS\system32\compatui.dll
2006-10-04 07:49 25,088 --a------ C:\WINDOWS\system32\at.exe
2006-10-04 07:49 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-10-04 07:49 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-04 07:49 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-10-04 07:49 194,560 --a------ C:\WINDOWS\system32\certcli.dll
2006-10-04 07:49 175,616 --a------ C:\WINDOWS\system32\adsldp.dll
2006-10-04 07:49 163,840 --a------ C:\WINDOWS\system32\credui.dll
2006-10-04 07:49 159,232 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-04 07:49 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-10-04 07:49 143,360 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-10-04 07:49 126,976 --a------ C:\WINDOWS\system32\apphelp.dll
2006-10-04 07:49 110,592 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-10-04 07:49 11,264 --a------ C:\WINDOWS\system32\autolfn.exe
2006-10-04 07:49 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-04 07:49 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-31 22:09 -------- d-------- C:\Program Files\Wireless LAN
2006-10-31 22:08 -------- d-------- C:\Program Files\Messenger
2006-10-31 22:08 -------- d-------- C:\Program Files\LimeWire
2006-10-31 22:08 -------- d-------- C:\Program Files\Internet Explorer
2006-10-31 21:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-31 21:51 -------- d-------- C:\Program Files\Panda Software
2006-10-31 21:43 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-31 21:42 -------- d-------- C:\Program Files\Common Files\Panda Software
2006-10-31 21:42 -------- d-------- C:\Program Files\Common Files
2006-10-31 08:29 -------- d-------- C:\Program Files\Hijackthis
2006-10-18 07:44 -------- d-------- C:\Program Files\Common Files\System
2006-10-18 07:38 -------- d-------- C:\Program Files\Outlook Express
2006-10-16 16:37 -------- d---s---- C:\Documents and Settings\Courtnie\Application Data\Microsoft
2006-10-16 07:45 -------- d-------- C:\Program Files\Windows Media Player
2006-10-16 07:42 -------- d-------- C:\Program Files\Movie Maker
2006-10-16 07:35 -------- d-------- C:\Program Files\Windows NT
2006-10-16 07:35 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 16:03 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-11 04:58 25600 --a------ C:\WINDOWS\UpdReg.EXE
2006-10-11 04:58 25600 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-11 04:58 25600 --a------ C:\WINDOWS\GWMDMpi.exe
2006-09-13 19:50 -------- d-------- C:\Program Files\Yahoo!
2006-09-13 19:50 -------- d-------- C:\Program Files\Common Files\Scanner
2006-09-12 23:09 1110528 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 09:03 -------- d-------- C:\Documents and Settings\Courtnie\Application Data\Yahoo!
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 05:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PROMon.exe"="PROMon.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"GWMDMMSG"="GWMDMMSG.exe"
"GWMDMpi"="C:\\WINDOWS\\GWMDMpi.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bootwdm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-01 9:56:35.14
C:\ComboFix.txt ... 06-11-01 09:56
C:\ComboFix2.txt ... 06-10-19 06:55
C:\ComboFix3.txt ... 06-10-10 07:41
  • 0

#37
misscoco
Posted 01 November 2006 - 09:59 AM

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi jack this log

Logfile of HijackThis v1.99.1
Scan saved at 09:59, on 06-11-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\GWMDMpi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {bde139d7-dbbe-4e75-b43a-f5c1216cc757} - C:\WINDOWS\system32\bootwdm.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160690526031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160690505921
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...856/mcfscan.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: bootwdm - C:\WINDOWS\SYSTEM32\bootwdm.dll
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
  • 0

#38
Armodeluxe
Posted 02 November 2006 - 06:31 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Open HiJackThis.
Click "Open the Misc Tools section"
Click "Delete a file on reboot..."
In the "Enter file to delete on reboot..." window, navigate to:

C:\WINDOWS\system32

And select the file

bootwdm.dll

Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. You do, so click Yes.

After reboot open HijackThis and click Scan. Put a check next to these: (it should say file missing next to those entries)

O2 - BHO: (no name) - {bde139d7-dbbe-4e75-b43a-f5c1216cc757} - C:\WINDOWS\system32\bootwdm.dll
O20 - Winlogon Notify: bootwdm - C:\WINDOWS\SYSTEM32\bootwdm.dll

Close all other windows except HijackThis and click Fix Checked.

Then post a new HijackThis log.
  • 0

#39
misscoco
Posted 02 November 2006 - 08:14 AM

misscoco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Jack This Log

Logfile of HijackThis v1.99.1
Scan saved at 08:13, on 06-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\GWMDMpi.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160690526031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160690505921
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...856/mcfscan.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
  • 0

#40
Armodeluxe
Posted 03 November 2006 - 06:57 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, looks good.

The version of Panda you installed, does it include a firewall or is it antivirus only?

Also I will suggest that you uninstall Limewire, I think that is the way you're getting infected.

At the very least, anything you download, get it scanned before clicking on it.

You can submit the file at Jotti to see if it's infected.

http://virusscan.jotti.org/
  • 0

Advertisements

#41
Armodeluxe
Posted 07 November 2006 - 06:18 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP