Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT Log

Started by n3wp0rt , Nov 20 2006 04:01 AM

  • This topic is locked This topic is locked

#1
n3wp0rt
Posted 20 November 2006 - 04:01 AM

n3wp0rt

    Member

  • Member
  • PipPip
  • 14 posts
i made the vital mistak of visiting astakiller and have since been infected with many different virii, i ran through the pre-post process as described with little result, so here is my hjt log, please help if you can i have been fiughting this thing for days

Logfile of HijackThis v1.99.1
Scan saved at 4:52:25 AM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\MOUSE32A.DAT
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\n3wp0rt\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpow.dll,startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gob] C:\Program Files\??sks\r?ndll32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162942591796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winyrp32 - C:\WINDOWS\SYSTEM32\winyrp32.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

Advertisements

#2
Crustyoldbloke
Posted 20 November 2006 - 05:17 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello n3wp0rt and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite a mixture of malware and Trojans including 3 infections. Let’s see what we can do.

I note that you are running HijackThis from a Temporary Folder; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the programme into it. It is very important you do this before anything else since backup files can be deleted if they are not within their own folder!

Click My Computer, then C:\ and then Program Files.
In the menu bar, go to File>New>Folder. That will create a folder named New Folder, which you can right-click on and rename to HJT or HijackThis. Now you have C:\Program Files\HijackThis. Cut ‘n’ Paste your HijackThis.exe into it.

Please open Spybot S & D, and turn off Resident Teatimer. Do this by clicking Mode at the top of the screen, choose Advanced Mode then Tools and then Resident and unchecking Teatimer. It will hinder our attempts to clear out some files that need to be removed.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

A. Please open AVG Anti Spyware
  • Please install, and update AVG Anti-Spyware/Ewido
  • Load AVGas/Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Close AVGas/Ewido. Do not run it yet.
B. Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

C. Open the SmitfraudFix Folder, (right click and choose Extract All) then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

D. Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

E. Close ALL open Windows / Programmes / Folders.
  • In Safe Mode, load AVGas/Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas/Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
Close AVGas/Ewido and Reboot in Normal Mode.
______________________________

F. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the Programme and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

G. Please post:
  • c:\rapport.txt
  • AVGas/Ewido log
  • A new HijackThis log (from normal mode).
You may need more than one reply to post the requested logs, otherwise they might get cut off.
  • 0

#3
n3wp0rt
Posted 20 November 2006 - 06:32 AM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
there are 3 user accounts, administrator, n3wp0rt, and ladyjae420.

in coming logs. rapport.txt first, followed by smitfiles.txt, and lastly a new hjt.

SmitFraudFix v2.123

Scan done at 6:44:17.73, Mon 11/20/2006
Run from C:\Documents and Settings\n3wp0rt\Desktop\virus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
n3wp0rt
Posted 20 November 2006 - 06:33 AM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
smitfiles.txt


smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Mon 11/20/2006
The current time is: 4:31:20.39

Running from
C:\Documents and Settings\n3wp0rt\Desktop\virus\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\n3wp0rt\\Desktop\\cIRC\\mirc.exe"="C:\\Documents and Settings\\n3wp0rt\\Desktop\\cIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BPFTP Server\\G6FTPSrv.exe"="C:\\Program Files\\BPFTP Server\\G6FTPSrv.exe:*:Enabled:BPFTP Server for Internet."
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Documents and Settings\\Ladyjae420\\Desktop\\cIRC\\mirc.exe"="C:\\Documents and Settings\\Ladyjae420\\Desktop\\cIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\nfsc.exe"="C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\nfsc.exe:*:Enabled:nfsc"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 2036 'explorer.exe'
Killing PID 2036 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :whistling:
  • 0

#5
n3wp0rt
Posted 20 November 2006 - 06:35 AM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:34:06 AM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\MOUSE32A.DAT
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\n3wp0rt\Desktop\virus\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gob] C:\Program Files\??sks\r?ndll32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162942591796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winyrp32 - C:\WINDOWS\SYSTEM32\winyrp32.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  • 0

#6
n3wp0rt
Posted 20 November 2006 - 06:37 AM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
still getting a hit from AVG resident on

C:\windows\temp\winc.tmp.exe
trojan horse generic2.ISQ





EDIT: as of 9:00am EST that one hit from avg resident has been it, which i quarentined. everything is smooth atm, and a scheualed (i cant spell.) scan by AVGfree came up clean

Edited by n3wp0rt, 20 November 2006 - 08:01 AM.

  • 0

#7
Crustyoldbloke
Posted 20 November 2006 - 08:57 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Thanks you for the logs, but I can't work out why you have chosen to send me a log for Smitfiles. I haven't asked to run that fix, but I did ask you to run AVGas and send the log which you haven't done. Would you please send that log in your reply so I can assess your current position.
  • 0

#8
n3wp0rt
Posted 20 November 2006 - 09:36 AM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
smitfiles.txt was generated by smitrem, in addition to rapport.txt.

apologies about the avg log, here it is.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:21:32 AM 11/20/2006

+ Scan result:



C:\Program Files\Common Files\{30E3BC63-07CF-1033-0908-050218040001}\Activate.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{50E3BC63-07CF-1033-0908-050218040001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{50E3BC63-07CF-1033-0908-050218040001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEEABA0A-FA81-41AD-9FD7-F2E9B2E07843}\RP27\A0002721.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEEABA0A-FA81-41AD-9FD7-F2E9B2E07843}\RP27\A0002722.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEEABA0A-FA81-41AD-9FD7-F2E9B2E07843}\RP27\A0002720.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEEABA0A-FA81-41AD-9FD7-F2E9B2E07843}\RP27\A0002726.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEEABA0A-FA81-41AD-9FD7-F2E9B2E07843}\RP27\A0002723.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEEABA0A-FA81-41AD-9FD7-F2E9B2E07843}\RP27\A0002724.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEEABA0A-FA81-41AD-9FD7-F2E9B2E07843}\RP27\A0002725.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mst17.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvlam.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).


::Report end
  • 0

#9
Crustyoldbloke
Posted 20 November 2006 - 10:01 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Thank you for the log.

Look in your Control Panel’s Add/Remove Programs for:
PuritySCAN By OIN,
OuterInfo,
OIN or similar
Yazzle by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it. , click on it and click remove.

Reboot and delete this folder if found: C:\Program Files\PurityScan\

If it is not listed, download and run this uninstaller: outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
combofix.exe

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [Gob] C:\Program Files\??sks\r?ndll32.exe
O20 - Winlogon Notify: winyrp32 - C:\WINDOWS\SYSTEM32\winyrp32.dll

Now close all windows other than HiJackThis, then click Fix Checked.

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\??sks\r?ndll32.exe
C:\WINDOWS\SYSTEM32\winyrp32.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck AVGas Anti-malware log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK

Under the "General" Tab

Ensure "Normal Startup-load all device drivers and services" is checked.

Click Apply->OK->Follow the prompts to Restart

Post back a fresh HijackThis log (from normal mode) and I will take another look. (2 logs in total please)
  • 0

#10
n3wp0rt
Posted 20 November 2006 - 10:06 AM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
an '888Bar' is now listed that wasnt there previously

Edited by n3wp0rt, 20 November 2006 - 10:07 AM.

  • 0

Advertisements

#11
Crustyoldbloke
Posted 20 November 2006 - 10:21 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Please uninstall it from the Add & Remove Programs.

Thanks
  • 0

#12
n3wp0rt
Posted 20 November 2006 - 10:40 AM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
n3wp0rt - 06-11-20 11:27:37.18 Service Pack 2
ComboFix 06.11.19 - Running from: "C:\Documents and Settings\n3wp0rt\Desktop\virus"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{30E3BC63-07CF-1033-0908-050218040001}
C:\Program Files\Common Files\{50E3BC63-07CF-1033-0908-050218040001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\SKS~1
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\SKS~1\ç?sks


((((((((((((((((((((((((((((((( Files Created from 2006-10-20 to 2006-11-20 ))))))))))))))))))))))))))))))))))


2006-11-20 11:25 <DIR> dr-h----- C:\Documents and Settings\n3wp0rt\Recent
2006-11-20 11:23 <DIR> d-------- C:\Program Files\Yahoo!
2006-11-20 11:23 <DIR> d-------- C:\Program Files\CCleaner
2006-11-20 11:12 <DIR> d-------- C:\!KillBox
2006-11-20 02:08 <DIR> d-------- C:\WINDOWS\CSC
2006-11-20 01:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-20 00:35 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-19 21:07 94,720 --a------ C:\WINDOWS\system32\emjlbxe.dll
2006-11-19 21:07 71,168 --a------ C:\WINDOWS\system32\ksclvll.dll
2006-11-19 01:12 94,208 --a------ C:\WINDOWS\system32\jqibfjf.dll
2006-11-19 01:12 71,680 --a------ C:\WINDOWS\system32\ptcfdcf.dll
2006-11-18 22:36 <DIR> d-------- C:\WINDOWS\pss
2006-11-18 15:41 93,696 --a------ C:\WINDOWS\system32\ierxwan.dll
2006-11-18 15:41 71,168 --a------ C:\WINDOWS\system32\uiseduh.dll
2006-11-18 09:01 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-18 09:00 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\AVG7
2006-11-18 08:59 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-18 08:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-18 08:59 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-18 08:59 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-18 08:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-18 08:59 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-18 08:59 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-18 08:59 <DIR> d-------- C:\Program Files\Grisoft
2006-11-18 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-18 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-18 08:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-18 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-18 08:43 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\Lavasoft
2006-11-18 08:42 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-18 08:31 731,402 --ahs---- C:\WINDOWS\system32\gjllm.bak1
2006-11-18 08:31 110,612 --a------ C:\WINDOWS\system32\jwpdosrj.exe
2006-11-18 08:28 <DIR> d-------- C:\WINDOWS\rwmi
2006-11-18 08:28 <DIR> d-------- C:\Program Files\Common Files\rwmi
2006-11-18 08:25 2 --a------ C:\WINDOWS\system32\wtstr.exe
2006-11-18 08:02 <DIR> d-------- C:\Program Files\Guild Wars
2006-11-16 03:34 <DIR> d-------- C:\Program Files\Serials 2005
2006-11-16 00:58 <DIR> d-------- C:\Program Files\GameSpy Arcade
2006-11-16 00:51 <DIR> d-------- C:\Program Files\Sierra
2006-11-15 16:58 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\Sun
2006-11-13 23:20 <DIR> d-------- C:\Program Files\Electronic Arts
2006-11-11 16:13 <DIR> d-------- C:\WINDOWS\Sun
2006-11-10 03:49 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-09 18:33 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-11-09 18:29 <DIR> d-------- C:\Program Files\Battlefield 2142
2006-11-09 18:26 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2006-11-08 20:15 <DIR> d--hs---- C:\RECYCLER
2006-11-08 13:37 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2006-11-08 13:37 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-11-08 13:37 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2006-11-08 13:37 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-11-08 13:37 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2006-11-08 13:37 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2006-11-08 13:37 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2006-11-08 13:36 <DIR> d-------- C:\Sshock2
2006-11-08 13:36 <DIR> d-------- C:\Documents and Settings\n3wp0rt\WINDOWS
2006-11-08 03:12 <DIR> d-------- C:\Program Files\uTorrent
2006-11-08 03:12 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\uTorrent
2006-11-08 01:51 <DIR> dr--s---- C:\WINDOWS\assembly
2006-11-08 01:51 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-11-08 01:44 62,592 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2006-11-08 01:44 <DIR> d-------- C:\Program Files\Micro Innovations
2006-11-08 01:38 35,840 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2006-11-08 01:38 <DIR> d-------- C:\Program Files\AMD
2006-11-08 01:37 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-08 01:37 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-08 01:37 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-08 01:37 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-08 01:37 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-08 01:37 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-08 01:36 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2006-11-08 01:36 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll
2006-11-08 01:36 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2006-11-08 01:36 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll
2006-11-08 01:36 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2006-11-08 01:36 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-08 01:36 602,880 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2006-11-08 01:36 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-08 01:36 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-08 01:36 51,840 --a------ C:\WINDOWS\system32\drivers\m5289.sys
2006-11-08 01:36 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-08 01:36 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll
2006-11-08 01:36 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2006-11-08 01:36 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll
2006-11-08 01:36 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2006-11-08 01:36 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-11-08 01:36 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll
2006-11-08 01:36 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-08 01:36 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2006-11-08 01:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-08 01:36 380,928 --a------ C:\WINDOWS\SynCor.exe
2006-11-08 01:36 35,587 --a------ C:\WINDOWS\system32\rm5289.exe
2006-11-08 01:36 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2006-11-08 01:36 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2006-11-08 01:36 28,672 --a------ C:\WINDOWS\system32\unM5289.exe
2006-11-08 01:36 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-08 01:36 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-08 01:36 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2006-11-08 01:36 <DIR> d-------- C:\WINDOWS\VirtualEar
2006-11-08 01:36 <DIR> d-------- C:\Program Files\Analog Devices
2006-11-08 01:35 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-11-08 01:35 44,928 --a------ C:\WINDOWS\system32\drivers\AGPKX.SYS
2006-11-08 01:35 35,587 --a------ C:\WINDOWS\system32\rmlan.exe
2006-11-08 01:35 35,587 --a------ C:\WINDOWS\system32\rmagp.exe
2006-11-08 01:35 34,307 --a------ C:\WINDOWS\system32\Install.EXE
2006-11-08 01:35 34,307 --a------ C:\WINDOWS\system32\drivers\Install.EXE
2006-11-08 01:35 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-08 01:35 28,672 --a------ C:\WINDOWS\system32\UnLAN.exe
2006-11-08 01:35 28,672 --a------ C:\WINDOWS\system32\UnAGP.exe
2006-11-08 01:35 28,160 --a------ C:\WINDOWS\system32\drivers\ULILAN.SYS
2006-11-08 01:35 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-08 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-11-07 21:05 <DIR> d-------- C:\incoming
2006-11-07 20:40 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\Macromedia
2006-11-07 20:39 <DIR> d-------- C:\Program Files\WinRAR
2006-11-07 20:39 <DIR> d-------- C:\Program Files\[bleep] NFO Viewer
2006-11-07 20:27 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Shared
2006-11-07 20:27 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Incomplete
2006-11-07 20:27 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\LimeWire
2006-11-07 20:26 <DIR> d-------- C:\Program Files\QuickSFV
2006-11-07 20:26 <DIR> d-------- C:\Program Files\Java
2006-11-07 20:24 <DIR> d-------- C:\Program Files\LimeWire
2006-11-07 20:24 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-07 20:23 <DIR> d-------- C:\Program Files\FlashFXP
2006-11-07 20:23 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\FlashFXP
2006-11-07 20:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2006-11-07 20:19 <DIR> d-------- C:\Program Files\BPFTP Server
2006-11-07 20:18 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2006-11-07 20:18 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2006-11-07 20:18 <DIR> d-------- C:\Program Files\Alcohol Soft
2006-11-07 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-07 18:40 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-07 18:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-07 18:40 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-07 18:37 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-11-07 18:37 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-07 18:36 <DIR> d---s---- C:\Documents and Settings\n3wp0rt\UserData
2006-11-07 18:22 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-07 18:22 242,176 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-07 18:22 242,176 --a------ C:\WINDOWS\system32\drivers\RT2500.sys
2006-11-07 18:22 19,915 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-07 18:22 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-07 18:22 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-07 18:22 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-07 18:22 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-07 18:21 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-07 18:19 <DIR> dr-h----- C:\Documents and Settings\n3wp0rt\SendTo
2006-11-07 18:19 <DIR> dr-h----- C:\Documents and Settings\n3wp0rt\Application Data\.
2006-11-07 18:19 <DIR> dr-h----- C:\Documents and Settings\n3wp0rt\Application Data
2006-11-07 18:19 <DIR> dr------- C:\Documents and Settings\n3wp0rt\Start Menu
2006-11-07 18:19 <DIR> dr------- C:\Documents and Settings\n3wp0rt\My Documents
2006-11-07 18:19 <DIR> dr------- C:\Documents and Settings\n3wp0rt\Favorites
2006-11-07 18:19 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-07 18:19 <DIR> d--h----- C:\Documents and Settings\n3wp0rt\Templates
2006-11-07 18:19 <DIR> d--h----- C:\Documents and Settings\n3wp0rt\PrintHood
2006-11-07 18:19 <DIR> d--h----- C:\Documents and Settings\n3wp0rt\NetHood
2006-11-07 18:19 <DIR> d--h----- C:\Documents and Settings\n3wp0rt\Local Settings
2006-11-07 18:19 <DIR> d---s---- C:\Documents and Settings\n3wp0rt\Cookies
2006-11-07 18:19 <DIR> d---s---- C:\Documents and Settings\n3wp0rt\Application Data\Microsoft
2006-11-07 18:19 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Desktop
2006-11-07 18:19 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\Identities
2006-11-07 18:19 <DIR> d-------- C:\Documents and Settings\n3wp0rt\Application Data\..
2006-11-07 18:19 <DIR> d-------- C:\Documents and Settings\n3wp0rt\..
2006-11-07 18:19 <DIR> d-------- C:\Documents and Settings\n3wp0rt\.
2006-11-07 18:08 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-07 18:08 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-07 18:08 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-07 18:05 0 -rahs---- C:\MSDOS.SYS
2006-11-07 18:05 0 -rahs---- C:\IO.SYS
2006-11-07 18:05 0 --a------ C:\CONFIG.SYS
2006-11-07 18:05 0 --a------ C:\AUTOEXEC.BAT
2006-11-07 18:05 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-07 18:05 <DIR> d-------- C:\Program Files\xerox
2006-11-07 18:05 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-07 18:04 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-07 18:04 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-07 18:04 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-07 18:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-07 18:03 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-07 18:03 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-07 18:03 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-07 18:03 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-07 18:03 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-07 18:03 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-07 18:03 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-07 18:03 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-07 18:03 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-07 18:03 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-07 18:03 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-07 18:03 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-07 18:03 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-07 18:03 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-07 18:03 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-07 18:03 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-07 18:03 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-07 18:03 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-07 18:03 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-07 18:03 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-07 18:03 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-07 18:03 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-07 18:03 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-07 18:03 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-07 18:03 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-07 18:03 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-07 18:03 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-07 18:03 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-07 18:03 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-07 18:03 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-07 18:03 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-07 18:03 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-07 18:03 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-07 18:03 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-07 18:03 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-07 18:03 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-07 18:03 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-07 18:03 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-07 18:03 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-07 18:03 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-07 18:03 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-07 18:03 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-07 18:02 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-07 18:02 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-07 18:02 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-07 18:02 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 18:02 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-07 18:02 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-07 18:02 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-07 18:02 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-07 18:02 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-07 18:02 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-07 18:02 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-07 18:02 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-07 18:02 <DIR> d-------- C:\WINDOWS\Registration
2006-11-07 18:02 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-07 18:02 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-07 18:02 <DIR> d-------- C:\Program Files\Online Services
2006-11-07 18:02 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-07 18:02 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-07 18:02 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-07 18:02 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-07 18:01 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-07 18:01 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-07 18:01 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-07 18:01 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-07 18:01 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-07 18:01 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-07 18:01 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-07 18:01 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-07 18:01 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-07 18:01 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-07 18:01 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-07 18:01 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-07 18:01 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-07 18:01 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-07 18:01 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-07 18:01 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-07 18:01 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-07 18:01 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-07 18:01 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-07 18:01 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-07 18:01 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-07 18:01 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-07 18:01 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-07 18:01 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-07 18:01 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-07 18:01 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-07 18:01 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-07 18:01 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-07 18:01 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-07 18:01 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-07 18:01 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-07 18:01 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-07 18:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-07 18:01 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-07 18:01 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-07 18:01 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-07 18:01 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-07 18:01 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-07 18:01 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-07 18:01 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-07 18:01 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-07 18:01 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-07 18:01 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-07 18:01 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-07 18:01 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-07 18:01 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-07 18:01 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-07 18:01 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-07 18:01 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-07 18:01 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-07 18:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-07 18:01 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-07 18:01 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-07 18:01 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-07 18:01 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-07 18:01 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-07 18:01 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-07 18:01 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-07 18:01 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-07 18:01 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-07 18:01 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-07 18:01 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-07 18:01 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-07 18:01 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-07 18:01 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-07 18:01 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-07 18:01 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-07 18:01 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-07 18:01 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-07 18:01 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-07 18:01 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-07 18:01 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-07 18:01 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-07 18:01 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-07 18:01 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-07 18:01 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-07 18:01 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-07 18:01 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-07 18:01 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-07 18:01 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-07 18:01 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-07 18:01 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-07 18:01 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-07 18:01 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-07 18:01 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-07 18:01 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-07 18:01 <DIR> d-------- C:\Program Files\Windows NT
2006-11-07 18:01 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-07 18:01 <DIR> d-------- C:\Program Files\MSN
2006-11-07 18:01 <DIR> d-------- C:\Program Files\Messenger
2006-11-07 07:55 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-07 07:55 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-07 07:55 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-07 07:55 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-07 07:54 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-07 07:54 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-07 07:54 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-07 07:53 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-07 07:53 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-07 07:53 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-07 07:53 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-07 07:53 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-07 07:53 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-07 07:53 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-07 07:53 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-07 07:53 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-07 07:53 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-07 07:53 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-07 07:53 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-07 07:53 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-07 07:53 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-07 07:53 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-07 07:53 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-07 07:53 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-07 07:53 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-07 07:53 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-07 07:53 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-07 07:53 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-07 07:53 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-07 07:53 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-07 07:53 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-07 07:53 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-07 07:53 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-07 07:53 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-07 07:53 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-07 07:53 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-07 07:53 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-07 07:53 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-07 07:53 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-07 07:53 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-11-07 07:53 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-11-07 07:53 <DIR> d-a------ C:\Program Files\Common Files\..
2006-11-07 07:53 <DIR> d-a------ C:\Program Files\.
2006-11-07 07:53 <DIR> d-a------ C:\Program Files
2006-11-07 07:53 <DIR> d--hs---- C:\WINDOWS\Installer
2006-11-07 07:53 <DIR> d--hs---- C:\Program Files\..
2006-11-07 07:53 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-11-07 07:53 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-07 07:53 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-11-07 07:53 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-07 07:53 <DIR> d-------- C:\Program Files\Common Files\.
2006-11-07 07:53 <DIR> d-------- C:\Program Files\Common Files
2006-11-07 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-11-07 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-07 07:51 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-07 07:51 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-07 07:51 <DIR> d--hs---- C:\System Volume Information
2006-11-07 07:51 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-07 07:51 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-07 07:51 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-07 07:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-07 07:51 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-11-07 07:51 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-11-07 07:51 <DIR> d-------- C:\Documents and Settings
2006-11-07 07:47 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-11-07 07:47 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-11-07 07:47 <DIR> dr------- C:\WINDOWS\Web
2006-11-07 07:47 <DIR> d--hs---- C:\WINDOWS\..
2006-11-07 07:47 <DIR> d--h----- C:\WINDOWS\inf
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\WinSxS
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\twain_32
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Temp
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\wins
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\spool
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\ras
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\npp
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\mui
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\IME
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\ias
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\export
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\config
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\3076
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\2052
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\1054
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\1042
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\1041
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\1037
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\1033
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\1031
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\1028
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\1025
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system32
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system\..
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system\.
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\system
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\security
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Resources
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\repair
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Provisioning
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\PeerNet
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\pchealth
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\mui
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\msapps
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\msagent
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Media
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\java
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\ime
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Help
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\ehome
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Debug
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Cursors
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\Config
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\AppPatch
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\addins
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS\.
2006-11-07 07:47 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Wireless Laser Mouse\\moffice.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000003

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\incoming\\Dual Horizontal\\abstract\\Calm_Moment_WP_by_ludd1te.jpg"
"SubscribedURL"="C:\\incoming\\Dual Horizontal\\abstract\\Calm_Moment_WP_by_ludd1te.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,52,01,00,00,23,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\incoming\\Dual Horizontal\\landscapes\\Sahara_Madness\\Sahara_Madness_Left_Side.png"
"SubscribedURL"="C:\\incoming\\Dual Horizontal\\landscapes\\Sahara_Madness\\Sahara_Madness_Left_Side.png"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,52,01,00,00,78,01,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,78,01,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,01,00,00,40
"RestoredStateInfo"=hex:fe,e1,90,7c,28,dd,07,00,e4,dc,07,00,6c,fb,90,7c,71,fb,\
90,7c,28,dd,07,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\\incoming\\Dual Horizontal\\landscapes\\Sahara_Madness\\Sahara_Madness_Right_Side.png"
"SubscribedURL"="C:\\incoming\\Dual Horizontal\\landscapes\\Sahara_Madness\\Sahara_Madness_Right_Side.png"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ce,01,00,00,47,00,00,00,7c,00,00,00,72,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,c0,03,00,00,35,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,01,00,00,40
"RestoredStateInfo"=hex:e4,dc,07,00,6c,fb,90,7c,71,fb,90,7c,28,dd,07,00,fe,e1,\
90,7c,e8,dd,07,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\\incoming\\Dual Horizontal\\sky\\Twin_Sunrise.jpg"
"SubscribedURL"="C:\\incoming\\Dual Horizontal\\sky\\Twin_Sunrise.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ce,01,00,00,dd,00,00,00,7c,00,00,00,72,00,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,c0,03,00,00,8a,01,00,00,00,09,00,00,60,03,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:96,03,4d,00,3f,68,b7,7c,9a,6a,b7,7c,1a,03,5f,00,96,03,\
4d,00,3f,68,b7,7c

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="C:\\incoming\\Dual Horizontal\\patterns\\Qubiq_5_Modified_White_by_GaintSura.jpg"
"SubscribedURL"="C:\\incoming\\Dual Horizontal\\patterns\\Qubiq_5_Modified_White_by_GaintSura.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,2e,01,00,00,47,00,00,00,7c,00,00,00,72,00,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,01,00,00,00,01,00,00,00,00,0a,00,00,fe,03,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:fe,e1,90,7c,e8,dd,07,00,0c,de,07,00,fe,e1,90,7c,4c,dd,\
07,00,08,dd,07,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,06,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,8e,00,00,00,47,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winyrp32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-20 11:28:18.45
C:\ComboFix.txt ... 06-11-20 11:28
  • 0

#13
n3wp0rt
Posted 20 November 2006 - 10:41 AM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:39:59 AM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
C:\Program Files\Micro Innovations\Wireless Laser Mouse\MOUSE32A.DAT
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\n3wp0rt\Desktop\virus\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Laser Mouse\moffice.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162942591796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winyrp32 - winyrp32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)


here are the logs you requested, ty sir for your time and effort in sorting this out with me.

Edited by n3wp0rt, 20 November 2006 - 10:45 AM.

  • 0

#14
Crustyoldbloke
Posted 20 November 2006 - 11:03 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Thanks for the logs.

ComboFix is showing me a few bad files, we can delete those and make just one minor adjustment to your HJT log. With any luck this will clean this account and then we can move on.

May I just check with you the Administrator Account, is that only visible in safe mode?

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O20 - Winlogon Notify: winyrp32 - winyrp32.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\emjlbxe.dll
C:\WINDOWS\system32\ksclvll.dll
C:\WINDOWS\system32\jqibfjf.dll
C:\WINDOWS\system32\ptcfdcf.dll
C:\WINDOWS\system32\ierxwan.dll
C:\WINDOWS\system32\uiseduh.dll
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\jwpdosrj.exe
C:\WINDOWS\system32\wtstr.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There are a couple of unusual entries which look like folders to me. Could you please do a physical check of them and advise me of any files inside of them, or if they are files rather than folders, in which case the file extension would be useful:

C:\WINDOWS\rwmi
C:\Program Files\Common Files\rwmi

Post back a fresh HijackThis log, from normal mode, and I will take another look.
  • 0

#15
n3wp0rt
Posted 20 November 2006 - 08:06 PM

n3wp0rt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
c:\wondows\rwmi
rwmi.dat
"wu"

c:\program files\common files\rwmi

folder "rwmid"
contains a file called 'class-barrel'


files
rwmia.lck
"rwmih"
rwmil.lck
rwmim.lck
------------------------------------------------------------------------

this tree is also on the root of c:

C:\Qoobox\purity\
folders-

program files
contains a folder SKS~1 and a file "from.txt"

windows
contains a folder SKS~1 and a file callled "from.txT"
SKS~1 here contains another folder "tasks" which is empty

---------------------------------------------------------------------------

Edited by n3wp0rt, 20 November 2006 - 10:26 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP