Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OIN and spyware

Started by tommy619 , Oct 15 2006 07:07 AM

  • Please log in to reply

#1
tommy619
Posted 15 October 2006 - 07:07 AM

tommy619

    Member

  • Member
  • PipPip
  • 10 posts
the program i use are: AVG ANTI-VIRUS
AVG ANTI-SPYWARE

I remove OIN from the add or remove program but it still there when i search specify word. And the spyware i really dont know what kind of it but it take me to any anti ware like cleandriver.com, registy cleaner site and etc. I dont know what to do?

Logfile of HijackThis v1.99.1
Scan saved at 5:43:48 AM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\1158755182\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\CROSOF~1\wuauclt.exe
C:\Documents and Settings\Tommy Ly\Application Data\?ymbols\l?[bleep].exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tommy Ly\Desktop\Anti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F1B6366A-A5D6-8E09-DBCE-FFDA1BCB6AB7} - C:\WINDOWS\system32\ipjqxlu.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158755182\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Wrau] "C:\PROGRA~1\CROSOF~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Uoj] C:\Documents and Settings\Tommy Ly\Application Data\?ymbols\l?[bleep].exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements

#2
Noviciate
Posted 15 October 2006 - 01:54 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  • Trojan Hunter has been reported to detect this tool as Worm.Qiv.100 - please ignore this, it's a false-positive.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT:
  • Click Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

  • 0

#3
tommy619
Posted 15 October 2006 - 03:59 PM

tommy619

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
1.) when i click on internet and take me to site to myspace.com, heavy.com, ad.oinadserver.com, advirsting, or etc.
2.) when i search a specify word on the yahoo.com. it gave me another window internet and the top left side sayin OIN Search. but i search when i got up today nuthin happen but im makin sure i get it out.
3.) i know my internet is slowing down
thanks for the reply

-----------------------------------------------------------------------------------------------------------------------------



Tommy Ly - 06-10-15 14:49:00.95 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Documents and Settings\Tommy Ly\Desktop\Anti"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Tommy Ly\Application Data\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\Tommy Ly\Application Data\YMBOLS~1\l?[bleep].exe
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\CROSOF~1\wuauclt.exe
C:\QooBox\Purity\Program Files\CROSOF~1\??crosoft
C:\QooBox\Purity\WINDOWS\system32\SKS~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM3~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))


2006-10-15 06:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-15 04:40 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-10-15 04:40 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-10-14 19:03 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-14 19:03 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-14 19:02 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-14 19:02 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-14 19:02 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-07 01:48 2 --a------ C:\WINDOWS\system32\wnstssv.exe
2006-10-07 01:48 184,769 --a------ C:\WINDOWS\run2.exe
2006-09-25 15:54 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-09-25 15:54 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-09-25 15:54 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-09-25 15:54 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-09-25 15:54 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-09-25 15:54 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-09-25 15:54 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-09-25 15:54 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-09-24 16:58 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-20 05:37 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-09-20 05:37 139,264 --a------ C:\WINDOWS\War3Unin.exe
2006-09-20 05:27 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-09-20 05:27 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-09-20 05:27 619,156 --a------ C:\WINDOWS\system32\divx.dll
2006-09-20 05:27 568,850 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-09-20 05:27 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-09-20 05:27 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-09-20 05:27 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2006-09-20 05:27 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-09-20 05:27 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-09-20 05:27 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-09-20 05:27 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2006-09-20 05:27 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-09-20 05:27 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-09-20 05:27 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2006-09-20 05:24 46,080 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-20 05:24 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-09-20 05:24 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-09-20 05:12 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-09-20 05:12 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-09-20 05:12 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-09-20 05:12 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-09-20 05:12 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-09-20 05:12 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-09-20 05:12 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-09-20 05:11 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-20 04:58 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2006-09-20 04:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-09-20 04:58 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2006-09-20 04:58 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2006-09-20 04:58 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-09-20 04:58 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-09-20 04:58 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-09-20 04:58 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-09-20 04:58 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2006-09-20 04:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-20 04:58 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-09-20 04:58 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-09-20 04:58 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2006-09-20 04:58 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2006-09-20 04:58 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-09-20 04:58 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2006-09-20 04:58 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-09-20 04:58 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-09-20 04:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-09-20 04:58 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2006-09-20 04:58 326,656 --a------ C:\WINDOWS\system32\drivers\Camdrl.sys
2006-09-20 04:58 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2006-09-20 04:58 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2006-09-20 04:58 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-09-20 04:58 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-09-20 04:58 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2006-09-20 04:58 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-09-20 04:58 204,800 --a------ C:\WINDOWS\system32\LVCodec2.dll
2006-09-20 04:58 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2006-09-20 04:58 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2006-09-20 04:58 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2006-09-20 04:58 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2006-09-20 04:58 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-09-20 04:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-09-20 04:58 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2006-09-20 04:55 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-20 04:53 38,400 -ra------ C:\WINDOWS\system32\drivers\EL910N51.sys
2006-09-20 04:53 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-09-20 04:51 41,984 --------- C:\WINDOWS\Ctregrun.exe
2006-09-20 04:49 90,112 --------- C:\WINDOWS\Updreg.EXE
2006-09-20 04:49 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2006-09-20 04:49 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2006-09-20 04:49 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2006-09-20 04:49 53,552 --------- C:\WINDOWS\CTCCW.DLL
2006-09-20 04:49 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-20 04:49 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2006-09-20 04:49 24,976 --------- C:\WINDOWS\CTRES.DLL
2006-09-20 04:49 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2006-09-20 04:49 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2006-09-20 04:48 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2006-09-20 04:48 904,496 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2006-09-20 04:48 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2006-09-20 04:48 69,632 --a------ C:\WINDOWS\system32\ctcoinst.dll
2006-09-20 04:48 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2006-09-20 04:48 645,392 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys
2006-09-20 04:48 606,208 --a------ C:\WINDOWS\system32\ctsblfx.dll
2006-09-20 04:48 6,096 --a------ C:\WINDOWS\system32\drivers\ctprxy2k.sys
2006-09-20 04:48 585,728 --a------ C:\WINDOWS\system32\ctaudfx.dll
2006-09-20 04:48 57,344 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2006-09-20 04:48 53,248 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2006-09-20 04:48 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2006-09-20 04:48 49,152 --a------ C:\WINDOWS\MIDIDEF.EXE
2006-09-20 04:48 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2006-09-20 04:48 466,944 --a------ C:\WINDOWS\system32\CTDC0001.DLL
2006-09-20 04:48 45,056 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2006-09-20 04:48 366,160 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2006-09-20 04:48 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2006-09-20 04:48 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2006-09-20 04:48 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2006-09-20 04:48 332,800 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2006-09-20 04:48 327,680 --a------ C:\WINDOWS\system32\CTDC0000.DLL
2006-09-20 04:48 28,672 --a------ C:\WINDOWS\system32\CTMMEP.DLL
2006-09-20 04:48 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2006-09-20 04:48 20,480 --a------ C:\WINDOWS\system32\ENSDEF.EXE
2006-09-20 04:48 20,480 --a------ C:\WINDOWS\INRES.DLL
2006-09-20 04:48 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2006-09-20 04:48 180,224 --a------ C:\WINDOWS\READREG.EXE
2006-09-20 04:48 178,672 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2006-09-20 04:48 177,456 --a------ C:\WINDOWS\system32\drivers\CTOSS9X.SYS
2006-09-20 04:48 172,032 --a------ C:\WINDOWS\system32\SFMS32.DLL
2006-09-20 04:48 159,744 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2006-09-20 04:48 155,648 --a------ C:\WINDOWS\system32\OPENAL32.DLL
2006-09-20 04:48 148,432 --a------ C:\WINDOWS\system32\drivers\haP16v2k.sys
2006-09-20 04:48 145,488 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys
2006-09-20 04:48 143,360 --a------ C:\WINDOWS\system32\ctdvinst.dll
2006-09-20 04:48 139,264 --a------ C:\WINDOWS\system32\CTDCIFCE.DLL
2006-09-20 04:48 130,288 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2006-09-20 04:48 126,976 --a------ C:\WINDOWS\system32\CTASIO.DLL
2006-09-20 04:48 12,160 --a------ C:\WINDOWS\system32\drivers\CTGAME.SYS
2006-09-20 04:48 118,784 --a------ C:\WINDOWS\system32\CTSCAL.DLL
2006-09-20 04:48 114,688 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2006-09-20 04:48 114,688 --a------ C:\WINDOWS\system32\commonfx.dll
2006-09-20 04:48 110,592 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2006-09-20 04:48 106,496 --a------ C:\WINDOWS\system32\CTTHXCAL.DLL
2006-09-20 04:47 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2006-09-20 04:47 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2006-09-20 04:46 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll
2006-09-20 04:46 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2006-09-20 04:46 331,776 --------- C:\WINDOWS\system32\CTMEDENG.DLL
2006-09-20 04:46 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2006-09-20 04:46 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL
2006-09-20 04:45 15,840 --a------ C:\WINDOWS\system32\drivers\pfmodnt.sys
2006-09-20 04:36 0 -rahs---- C:\MSDOS.SYS
2006-09-20 04:36 0 -rahs---- C:\IO.SYS
2006-09-20 04:36 0 --a------ C:\CONFIG.SYS
2006-09-20 04:36 0 --a------ C:\AUTOEXEC.BAT
2006-09-20 04:35 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-20 04:34 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-20 04:34 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-20 04:34 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-20 04:34 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-20 04:34 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-20 04:34 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-20 04:34 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-20 04:34 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-20 04:34 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-20 04:34 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-20 04:34 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-20 04:34 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-20 04:34 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-20 04:34 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-09-20 04:34 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-20 04:34 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-20 04:34 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-20 04:34 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-20 04:34 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-20 04:34 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-20 04:34 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-09-20 04:34 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-20 04:34 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-20 04:34 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-20 04:34 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-20 04:34 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-20 04:34 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-20 04:34 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-09-20 04:34 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-20 04:34 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-20 04:34 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-20 04:34 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-20 04:34 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-20 04:34 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-20 04:33 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-20 04:33 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-20 04:33 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-20 04:33 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-20 04:33 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-20 04:33 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-20 04:33 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-20 04:33 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-20 04:33 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-20 04:33 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-20 04:33 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-20 04:32 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-20 04:32 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-20 04:32 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-20 04:32 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-20 04:32 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-20 04:32 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-20 04:32 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-20 04:32 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-20 04:32 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-20 04:32 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-20 04:32 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-20 04:32 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-20 04:32 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-20 04:32 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-20 04:32 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-20 04:32 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-20 04:32 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-20 04:32 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-20 04:32 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-20 04:32 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-20 04:32 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-20 04:32 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-20 04:32 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-20 04:32 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-20 04:32 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-20 04:32 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-20 04:32 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-20 04:32 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-20 04:32 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-20 04:32 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-20 04:32 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-20 04:32 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-20 04:32 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-20 04:32 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-20 04:32 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-20 04:32 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-20 04:32 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-20 04:32 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-20 04:32 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-20 04:32 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-20 04:32 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-20 04:32 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-20 04:32 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-20 04:32 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-20 04:32 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-20 04:32 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-20 04:32 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-20 04:32 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-20 04:32 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-20 04:32 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-20 04:32 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-20 04:32 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-20 04:32 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-20 04:32 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-20 04:32 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-20 04:32 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-20 04:32 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-20 04:32 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-20 04:32 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-20 04:32 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-20 04:32 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-20 04:32 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-20 04:32 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-20 04:32 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-20 04:32 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-20 04:32 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-20 04:32 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-20 04:32 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-20 04:32 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-20 04:32 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-20 04:32 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-20 04:32 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-20 04:32 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-20 04:32 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-20 04:32 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-20 04:32 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-20 04:32 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-20 04:32 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-20 04:32 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-20 04:32 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-20 04:32 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-20 04:32 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-20 04:32 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-20 04:32 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-19 21:27 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-19 21:27 8,704 --a------ C:\WINDOWS\system32\drivers\Dot4scan.sys
2006-09-19 21:27 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-19 21:27 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-19 21:27 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-19 21:27 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-09-19 21:27 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-19 21:27 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-19 21:27 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-19 21:27 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-19 21:27 324,608 --a------ C:\WINDOWS\system32\hpojwia.dll
2006-09-19 21:27 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-19 21:27 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys
2006-09-19 21:27 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys
2006-09-19 21:27 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-19 21:27 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-19 21:27 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-19 21:27 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2006-09-19 21:26 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-19 21:26 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-19 21:26 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-09-19 21:26 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-19 21:26 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-09-19 21:26 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-19 21:26 3,980,288 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-19 21:26 3,454,656 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-09-19 21:26 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2006-09-19 21:26 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-19 21:26 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-09-19 21:25 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-09-19 21:24 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-19 21:24 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-19 21:24 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-19 21:24 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-19 21:24 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-19 21:24 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-19 21:24 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-19 21:24 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-19 21:24 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-19 21:24 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-19 21:24 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-19 21:24 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-19 21:24 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-19 21:24 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-19 21:24 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-19 21:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-19 21:24 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-19 21:24 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-19 21:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-19 21:24 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-19 21:24 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-15 14:29 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\uTorrent
2006-10-15 06:14 -------- d-------- C:\Program Files\Grisoft
2006-10-15 03:01 -------- d-------- C:\Program Files\Yahoo!
2006-10-15 03:01 -------- d-------- C:\Program Files\CCleaner
2006-10-15 02:51 -------- d-------- C:\Program Files\Common Files
2006-10-14 22:20 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Help
2006-10-14 19:03 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\AVG7
2006-10-14 19:02 -------- d---s---- C:\Documents and Settings\Tommy Ly\Application Data\Microsoft
2006-10-12 06:06 -------- d-------- C:\Program Files\Warcraft III
2006-09-29 08:25 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\AdobeUM
2006-09-29 08:24 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-29 08:24 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Adobe
2006-09-29 08:23 873 --a------ C:\Documents and Settings\Tommy Ly\Application Data\AdobeDLM.log
2006-09-29 08:23 0 --a------ C:\Documents and Settings\Tommy Ly\Application Data\dm.ini
2006-09-29 08:23 -------- d-------- C:\Program Files\Adobe
2006-09-27 13:53 -------- d-------- C:\Program Files\Ventrilo
2006-09-27 13:53 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-27 13:53 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Ventrilo
2006-09-25 10:16 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Real
2006-09-24 16:57 -------- d-------- C:\Program Files\Microsoft Office
2006-09-24 16:57 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-24 16:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-24 16:57 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-22 22:44 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\acccore
2006-09-20 05:42 -------- d-------- C:\Program Files\uTorrent
2006-09-20 05:34 -------- d-------- C:\Program Files\Winamp
2006-09-20 05:32 -------- d-------- C:\Program Files\MAIET
2006-09-20 05:32 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\gunz-mrb
2006-09-20 05:29 -------- d-------- C:\Program Files\WinRAR
2006-09-20 05:29 -------- d-------- C:\Program Files\IrfanView
2006-09-20 05:28 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Media Player Classic
2006-09-20 05:27 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-09-20 05:26 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-20 05:26 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-20 05:26 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-20 05:26 -------- d-------- C:\Program Files\AOL
2006-09-20 05:25 -------- d-------- C:\Program Files\MSN Messenger
2006-09-20 05:24 -------- d-------- C:\Program Files\Windows Media Player
2006-09-20 05:22 -------- dr-h----- C:\Documents and Settings\Tommy Ly\Application Data\yahoo!
2006-09-20 05:22 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Macromedia
2006-09-20 05:00 -------- d-------- C:\Program Files\Nero
2006-09-20 05:00 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-20 05:00 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Ahead
2006-09-20 04:58 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-20 04:58 -------- d-------- C:\Program Files\Logitech
2006-09-20 04:58 -------- d-------- C:\Program Files\Common Files\Logitech
2006-09-20 04:54 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-20 04:51 -------- d-------- C:\Program Files\Creative
2006-09-20 04:48 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Creative
2006-09-20 04:40 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-20 04:40 -------- d-------- C:\Documents and Settings\Tommy Ly\Application Data\Identities
2006-09-20 04:36 -------- d-------- C:\Program Files\xerox
2006-09-20 04:36 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-20 04:35 -------- d-------- C:\Program Files\Internet Explorer
2006-09-20 04:34 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-20 04:34 -------- d-------- C:\Program Files\Outlook Express
2006-09-20 04:34 -------- d-------- C:\Program Files\NetMeeting
2006-09-20 04:34 -------- d-------- C:\Program Files\Movie Maker
2006-09-20 04:34 -------- d-------- C:\Program Files\Common Files\Services
2006-09-20 04:34 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-20 04:33 -------- d-------- C:\Program Files\Messenger
2006-09-20 04:33 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-20 04:33 -------- d-------- C:\Program Files\Common Files\System
2006-09-20 04:32 -------- d-------- C:\Program Files\Windows NT
2006-09-20 04:32 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-20 04:32 -------- d-------- C:\Program Files\MSN
2006-09-19 21:25 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-19 21:24 62 --ahs---- C:\Documents and Settings\Tommy Ly\Application Data\desktop.ini
2006-09-19 21:24 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"=""
"Wrau"="\"C:\\PROGRA~1\\CROSOF~1\\wuauclt.exe\" -vt yazb"
"Uoj"="C:\\Documents and Settings\\Tommy Ly\\Application Data\\?ymbols\\l?[bleep].exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1158755182\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-10-15 14:49:17.43
C:\ComboFix.txt ... 06-10-15 14:49
C:\ComboFix2.txt ... 06-10-15 14:32


-----------------------------------------------------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 2:54:55 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\1158755182\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\CROSOF~1\wuauclt.exe
C:\Documents and Settings\Tommy Ly\Application Data\?ymbols\l?[bleep].exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tommy Ly\Desktop\Anti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {F1B6366A-A5D6-8E09-DBCE-FFDA1BCB6AB7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158755182\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Wrau] "C:\PROGRA~1\CROSOF~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Uoj] C:\Documents and Settings\Tommy Ly\Application Data\?ymbols\l?[bleep].exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#4
Noviciate
Posted 15 October 2006 - 04:33 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
You didn't post the uninstall list I asked for.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware 7.5 from here and save it to your Desktop.
If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

Double click the avgas-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.
  • Updating AVG Anti-Spyware:

    By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either AVG A-S will update or inform you that no update was available.
  • If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click ewido-signatures-full-current.exe to update it.

    Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

    Changing Recommended Actions
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

2) You will need to know how to boot into Safe Mode.
Instructions can be found here.

3) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

4) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R3 - URLSearchHook: (no name) - {F1B6366A-A5D6-8E09-DBCE-FFDA1BCB6AB7} - (no file)

O4 - HKCU\..\Run: [Wrau] "C:\PROGRA~1\CROSOF~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Uoj] C:\Documents and Settings\Tommy Ly\Application Data\?ymbols\l?[bleep].exe

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Boot into Safe Mode.

3) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

4) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

5) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

6) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG Anti-Spyware.
  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that AVG A-S has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When AVG A-S has finished, it will display the message "All actions have been applied".

    Saving a report:
  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.
Close AVG Anti-Spyware.

7) Remove any/all of the following files/folders that you can find:

Folders

C:\PROGRA~1\CROSOF~1
* The tilde(~) in either a file or folder name indicates that this name is longer than six characters and these have been replaced by the tilde for brevity. E.G. C:\PROGRA~1 = C:\Program Files
The first file, or folder, that uses these first six letters gets the suffix ~1, the next ~2 and so on.
You will need to locate and delete the folder that has this file in it: wuauclt.exe.
If AVG A-S gets to the file first, which it may, don't worry about the folder unless you can positively identify it - you don't want to remove a legitimate one!

C:\Documents and Settings\Tommy Ly\Application Data\?ymbols
* This folder will have each "?" in it's name replaced by another character so you will need to be a little careful. In order to identify the right folder to delete, open each one that fits the bill and look for this file: l?[bleep].exe - the same goes for the "?". As long as there is only one folder that contains a file with this name, delete it. The "[bleep]" is the forum software that objects to rude words and edits them out, so you will need to find a file that starts with l something and then something rude - could be interesting!
If there are two, or more, folders that could be the malicious one, leave them alone and get back to me.

As an example:
To delete C:\WINDOWS\system32\foldertogo
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on foldertogo and from the menu that appears, click on 'Delete'

8) Boot into Normal Mode.

Post a new HJT log, the AVG log AND a description of how your PC is running.
  • 0

#5
tommy619
Posted 15 October 2006 - 07:44 PM

tommy619

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
oh sorry his my unstall list but i did everything what u said.. well there wasnt pop up, search is good, and its much smooth now
BUT!!
1.) there wasnt no spyware when i scan it
2.) i search for C:\Documents and Settings\Tommy Ly\Application Data\?ymbols but it cant be found and i use search program and cant be found too
3.) CROSOF~1 was in C:\Qoobox\PROGRA~1\CROSOF~1 but i remove it
just wonderin if my computer is ok now?


[b]INSTALL LIST[u]

µTorrent
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
AOL Uninstaller (Choose which Products to Remove)
AVG Anti-Spyware 7.5
AVG Free Edition
CCleaner (remove only)
Counter-Strike: Condition Zero
Creative System Information
GunZ Mouse Re-Binder 1.16
HijackThis 1.99.1
IrfanView (remove only)
K-Lite Mega Codec Pack 1.53
Logitech QuickCam Software
Logitech® Camera Driver
MAIET entertainment - Gunz
Microsoft Office Standard Edition 2003
mIRC
Nero 7 Demo
NVIDIA Drivers
Sound Blaster Audigy 2 ZS
Ventrilo Client
Winamp (remove only)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
WinRAR archiver
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar

-----------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:21:17 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\1158755182\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tommy Ly\Desktop\Anti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158755182\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#6
tommy619
Posted 15 October 2006 - 07:48 PM

tommy619

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
opps didnt they put that in

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:59:31 AM 10/15/2006

+ Scan result:



Nothing found.


::Report end
  • 0

#7
Noviciate
Posted 16 October 2006 - 12:30 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Some of the malicious files were removed by Combofix which is why you couldn't find them when you looked. The PC looks fine to me except for one little matter - you appear to be relying on the firewall that comes with Service Pack 2. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will. You need to install a better one that will do the job properly and as luck would have it, there are a few free firewalls available:

Zone Alarm: Available here.
Kerio: Available here.
Outpost: Available here.

It is important to note that you should only have one firewall installed at a time, but you can download both to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingc...tutorial60.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Other than the above, you're done. I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Update your anti-virus program,
Disable System Restore,
Boot into Safe Mode,
Scan your computer for viruses.
When you get the all clear, reboot into Normal Mode.
Re-enable System Restore,
Create a Restore Point.
This will give a clean Restore Point should you need it in the future.
A tutorial for System Restore is available here.

The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.
  • 0

#8
tommy619
Posted 16 October 2006 - 02:58 PM

tommy619

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks and i will do that Noviciate
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP