Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

missing files, possible malware involved


  • Please log in to reply

#1
maze7817

maze7817

    Member

  • Member
  • PipPipPip
  • 139 posts
i was preparing my system for backup & noticed some programs that were adware. not sure what went wrong but here's my HJT log


Logfile of HijackThis v1.99.1
Scan saved at 12:56:59 PM, on 12/13/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\inet20126\services.exe
C:\Program Files\Common Files\{4CC51B32-03E4-1033-0116-020111060001}\Update.exe
C:\WINNT\system32\mshta.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINNT\inet20126\121322954.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20126\services.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20126\services.exe
O4 - HKCU\..\Run: [explorer] C:\WINNT\system32\services\explorer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165361061335
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...534/mcfscan.cab
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
1. Download this file :

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall


====================

You would make life easier if you would let us know what you saw, we're not mind readers! Also what missing files
  • 0

#3
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
2 of the ones i remember deleting were 8888bar & IpWins. also, i think (but not entirely sure) some of my windows files are missing.
========================================

Allen - Thu 12/14/2006 16:08:33.82 Service Pack 4
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Allen\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\tsuninst.exe
C:\WINNT\uninstall_nmon.vbs
C:\Documents and Settings\Default User\Application Data\NetMon
C:\Program Files\network monitor
C:\Program Files\Common Files\{4CC51B32-03E4-1033-0116-020111060001}


((((((((((((((((((((((((((((((( Files Created from 2006-11-14 to 2006-12-14 ))))))))))))))))))))))))))))))))))


2006-12-12 20:03 <DIR> d--h----- C:\WINNT\PIF
2006-12-12 18:31 3,034 --a------ C:\WINNT\web.exe
2006-12-12 18:31 <DIR> d-------- C:\WINNT\system32\services
2006-12-12 18:24 <DIR> d-------- C:\Program Files\Adaptec
2006-12-12 18:16 <DIR> d--hs---- C:\Config.Msi
2006-12-12 17:33 3,072 --a------ C:\WINNT\loader2291899.exe
2006-12-12 17:33 3,072 --a------ C:\WINNT\loader2283347.exe
2006-12-12 17:32 3,072 --a------ C:\WINNT\loader2252573.exe
2006-12-12 04:55 45,056 --a------ C:\WINNT\wpcem.exe
2006-12-12 04:42 3,072 --a------ C:\WINNT\loader2114320994.exe
2006-12-12 04:42 3,072 --a------ C:\WINNT\loader2114313944.exe
2006-12-12 04:41 81,920 --a------ C:\WINNT\system32\Packet.dll
2006-12-12 04:41 8,704 --a------ C:\WINNT\c.exe
2006-12-12 04:41 70,656 --a------ C:\WINNT\mad.exe
2006-12-12 04:41 69,632 --a------ C:\WINNT\system32\upnp.exe
2006-12-12 04:41 61,440 --a------ C:\WINNT\system32\WanPacket.dll
2006-12-12 04:41 53,299 --a------ C:\WINNT\system32\pthreadVC.dll
2006-12-12 04:41 36,864 --a------ C:\WINNT\install_conga.exe
2006-12-12 04:41 32,512 --a------ C:\WINNT\system32\drivers\npf.sys
2006-12-12 04:41 3,072 --a------ C:\WINNT\loader2114299173.exe
2006-12-12 04:41 29,696 --a------ C:\WINNT\system32\rpcc.dll
2006-12-12 04:41 233,472 --a------ C:\WINNT\system32\wpcap.dll
2006-12-12 04:41 13,312 --a------ C:\WINNT\message.exe
2006-12-12 04:41 <DIR> d-------- C:\WINNT\inet20126
2006-12-09 03:25 70,657 --a----t- C:\update93867321.exe
2006-12-09 03:25 3,584 --a------ C:\update7869213925771597.exe
2006-12-09 03:25 3,584 --a------ C:\update7869213925740933.exe
2006-12-09 03:24 70,657 --a----t- C:\update02477105.exe
2006-12-09 03:24 3,584 --a------ C:\update7869213925709798.exe
2006-12-09 03:24 12,800 --a------ C:\eied_s7_c_231bf2.exe
2006-12-05 15:25 465,176 --a------ C:\WINNT\system32\wuapi.dll
2006-12-05 15:25 41,240 --a------ C:\WINNT\system32\wups.dll
2006-12-05 15:25 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2006-12-05 15:25 18,200 --a------ C:\WINNT\system32\wups2.dll
2006-12-05 15:25 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2006-12-05 15:25 127,256 --a------ C:\WINNT\system32\wucltui.dll
2006-12-05 15:24 <DIR> d-------- C:\WINNT\SoftwareDistribution
2006-12-03 20:57 <DIR> d-------- C:\Program Files\Common Files\kimf
2006-12-01 16:38 <DIR> d-------- C:\WINNT\BDOSCAN8
2006-11-26 17:21 <DIR> d-ah----- C:\Program Files\WindowsUpdate
2006-11-26 16:58 <DIR> d-------- C:\WINNT\system32\ie_de
2006-11-26 16:58 <DIR> d-------- C:\WINNT\system32\CertSrv
2006-11-26 16:58 <DIR> d-------- C:\WINNT\ServicePackFiles
2006-11-26 16:49 977,680 --a------ C:\WINNT\system32\vfpodbc.dll
2006-11-26 16:49 92,432 --a------ C:\WINNT\system32\xactsrv.dll
2006-11-26 16:49 90,384 --a------ C:\WINNT\system32\trkwks.dll
2006-11-26 16:49 87,312 --a------ C:\WINNT\system32\TASKMGR.EXE
2006-11-26 16:49 83,888 --a------ C:\WINNT\system32\vga.dll
2006-11-26 16:49 81,168 --a------ C:\WINNT\system32\stobject.dll
2006-11-26 16:49 80,144 --a------ C:\WINNT\system32\telnet.exe
2006-11-26 16:49 8,464 --a------ C:\WINNT\system32\wshirda.dll
2006-11-26 16:49 79,120 --a------ C:\WINNT\system32\winscard.dll
2006-11-26 16:49 74,512 --a------ C:\WINNT\system32\wmicore.dll
2006-11-26 16:49 7,440 --a------ C:\WINNT\system32\svcpack.dll
2006-11-26 16:49 69,904 --a------ C:\WINNT\system32\ws2_32.dll
2006-11-26 16:49 68,368 --a------ C:\WINNT\system32\unimdmat.dll
2006-11-26 16:49 62,736 --a------ C:\WINNT\system32\sstext3d.scr
2006-11-26 16:49 61,712 --a------ C:\WINNT\system32\stisvc.exe
2006-11-26 16:49 59,152 --a------ C:\WINNT\system32\winfax.dll
2006-11-26 16:49 57,616 --a------ C:\WINNT\system32\wlnotify.dll
2006-11-26 16:49 57,104 --a------ C:\WINNT\system32\w32tm.exe
2006-11-26 16:49 55,056 --a------ C:\WINNT\system32\tlntsess.exe
2006-11-26 16:49 51,472 --a------ C:\WINNT\system32\w32time.dll
2006-11-26 16:49 49,776 --------- C:\WINNT\system32\drivers\usbhub20.sys
2006-11-26 16:49 47,888 --a------ C:\WINNT\system32\ssbezier.scr
2006-11-26 16:49 42,768 --a------ C:\WINNT\system32\webhits.dll
2006-11-26 16:49 419,600 --a------ C:\WINNT\system32\ssmaze.scr
2006-11-26 16:49 41,744 --a------ C:\WINNT\system32\tcpmon.dll
2006-11-26 16:49 41,744 --a------ C:\WINNT\system32\sti.dll
2006-11-26 16:49 41,744 --a------ C:\WINNT\system32\ssflwbox.scr
2006-11-26 16:49 403,216 --a------ C:\WINNT\system32\USER32.DLL
2006-11-26 16:49 4,368 --a------ C:\WINNT\system32\winver.exe
2006-11-26 16:49 397,584 --a------ C:\WINNT\system32\txfaux.dll
2006-11-26 16:49 39,696 --a------ C:\WINNT\system32\wsnmp32.dll
2006-11-26 16:49 39,184 --a------ C:\WINNT\system32\winsta.dll
2006-11-26 16:49 389,904 --a------ C:\WINNT\system32\USERENV.DLL
2006-11-26 16:49 38,672 --a------ C:\WINNT\system32\ssmarque.scr
2006-11-26 16:49 375,568 --a------ C:\WINNT\system32\tapi3.dll
2006-11-26 16:49 36,624 --a------ C:\WINNT\system32\ssmyst.scr
2006-11-26 16:49 35,600 --a------ C:\WINNT\system32\storprop.dll
2006-11-26 16:49 33,040 --a------ C:\WINNT\system32\ssstars.scr
2006-11-26 16:49 315,664 --a------ C:\WINNT\system32\usp10.dll
2006-11-26 16:49 31,504 --a------ C:\WINNT\system32\traffic.dll
2006-11-26 16:49 30,749 --a------ C:\WINNT\system32\vbajet32.dll
2006-11-26 16:49 29,968 --a------ C:\WINNT\system32\wpnpinst.exe
2006-11-26 16:49 28,400 --a------ C:\WINNT\system32\wupdinfo.dll
2006-11-26 16:49 270,608 --a------ C:\WINNT\winhlp32.exe
2006-11-26 16:49 27,920 --a------ C:\WINNT\system32\umandlg.dll
2006-11-26 16:49 26,384 --a------ C:\WINNT\system32\utildll.dll
2006-11-26 16:49 246,544 --a------ C:\WINNT\system32\strmdll.dll
2006-11-26 16:49 240,912 --a------ C:\WINNT\system32\wow32.dll
2006-11-26 16:49 24,848 --a------ C:\WINNT\system32\spdwnw2k.exe
2006-11-26 16:49 239,376 --a------ C:\WINNT\system32\winsmon.dll
2006-11-26 16:49 22,800 --a------ C:\WINNT\system32\utilman.exe
2006-11-26 16:49 21,776 --a------ C:\WINNT\system32\wsock32.dll
2006-11-26 16:49 21,776 --------- C:\WINNT\system32\spupdw2k.exe
2006-11-26 16:49 21,264 --a------ C:\WINNT\system32\stimon.exe
2006-11-26 16:49 193,296 --a------ C:\WINNT\winrep.exe
2006-11-26 16:49 19,728 --------- C:\WINNT\system32\drivers\usbehci.sys
2006-11-26 16:49 187,664 --a------ C:\WINNT\system32\thumbvw.dll
2006-11-26 16:49 186,128 --a------ C:\WINNT\system32\tlntsvr.exe
2006-11-26 16:49 181,008 --a------ C:\WINNT\system32\WINLOGON.EXE
2006-11-26 16:49 173,328 --a------ C:\WINNT\system32\tapisrv.dll
2006-11-26 16:49 172,664 --a------ C:\WINNT\system32\XENROLL.DLL
2006-11-26 16:49 17,680 --a------ C:\WINNT\system32\wshtcpip.dll
2006-11-26 16:49 17,680 --a------ C:\WINNT\system32\tftp.exe
2006-11-26 16:49 166,160 --a------ C:\WINNT\system32\WINTRUST.DLL
2006-11-26 16:49 162,064 --a------ C:\WINNT\system32\WLDAP32.DLL
2006-11-26 16:49 16,144 --a------ C:\WINNT\system32\version.dll
2006-11-26 16:49 155,920 --a------ C:\WINNT\system32\wavemsp.dll
2006-11-26 16:49 15,872 --------- C:\WINNT\system32\spupdsvc.exe
2006-11-26 16:49 14,608 --a------ C:\WINNT\system32\uniplat.dll
2006-11-26 16:49 138,288 --------- C:\WINNT\system32\drivers\usbport.sys
2006-11-26 16:49 138,000 --a------ C:\WINNT\system32\ss3dfo.scr
2006-11-26 16:49 13,072 --a------ C:\WINNT\system32\tcpmib.dll
2006-11-26 16:49 126,736 --a------ C:\WINNT\system32\TAPI32.DLL
2006-11-26 16:49 11,536 --a------ C:\WINNT\system32\usbmon.dll
2006-11-26 16:49 102,160 --a------ C:\WINNT\system32\sspipes.scr
2006-11-26 16:49 10,000 --a------ C:\WINNT\system32\wshatm.dll
2006-11-26 16:48 996,112 --a------ C:\WINNT\system32\OLE32.DLL
2006-11-26 16:48 971,024 --a------ C:\WINNT\system32\sfcfiles.dll
2006-11-26 16:48 97,040 --a------ C:\WINNT\system32\rtm.dll
2006-11-26 16:48 95,504 --a------ C:\WINNT\system32\netman.dll
2006-11-26 16:48 95,024 --a------ C:\WINNT\system32\sfc.dll
2006-11-26 16:48 94,720 --------- C:\WINNT\system32\iuctl.dll
2006-11-26 16:48 90,112 --a------ C:\WINNT\system32\odbcint.dll
2006-11-26 16:48 9,216 --------- C:\WINNT\system32\wuauserv.dll
2006-11-26 16:48 89,600 --a------ C:\WINNT\system32\nlhtml.dll
2006-11-26 16:48 85,776 --a------ C:\WINNT\system32\smlogsvc.exe
2006-11-26 16:48 85,776 --a------ C:\WINNT\system32\ntsdexts.dll
2006-11-26 16:48 79,632 --a------ C:\WINNT\system32\ntdskcc.dll
2006-11-26 16:48 77,584 --a------ C:\WINNT\system32\scripto.dll
2006-11-26 16:48 77,072 --a------ C:\WINNT\system32\rsvpsp.dll
2006-11-26 16:48 73,488 --a------ C:\WINNT\regedit.exe
2006-11-26 16:48 71,952 --a------ C:\WINNT\system32\netui0.dll
2006-11-26 16:48 70,928 --a------ C:\WINNT\system32\olethk32.dll
2006-11-26 16:48 7,440 --a------ C:\WINNT\system32\sensapi.dll
2006-11-26 16:48 692,496 --a------ C:\WINNT\system32\OPENGL32.DLL
2006-11-26 16:48 69,392 --a------ C:\WINNT\system32\shim.dll
2006-11-26 16:48 68,368 --a------ C:\WINNT\system32\regsvc.exe
2006-11-26 16:48 67,344 --a------ C:\WINNT\system32\ntdsetup.dll
2006-11-26 16:48 65,601 --a------ C:\WINNT\system32\servdeps.dll
2006-11-26 16:48 64,272 --a------ C:\WINNT\system32\mswsock.dll
2006-11-26 16:48 63,248 --a------ C:\WINNT\system32\RASSCRPT.DLL
2006-11-26 16:48 614,672 --a------ C:\WINNT\system32\mswstr10.dll
2006-11-26 16:48 60,688 --a------ C:\WINNT\system32\RASCHAP.DLL
2006-11-26 16:48 6,928 --a------ C:\WINNT\system32\skdll.dll
2006-11-26 16:48 6,928 --------- C:\WINNT\system32\perfvd.exe
2006-11-26 16:48 57,616 --a------ C:\WINNT\system32\ntdsapi.dll
2006-11-26 16:48 57,104 --a------ C:\WINNT\system32\ocmanage.dll
2006-11-26 16:48 57,104 --a------ C:\WINNT\system32\mydocs.dll
2006-11-26 16:48 55,056 --------- C:\WINNT\system32\authz.dll
2006-11-26 16:48 547,600 --a------ C:\WINNT\system32\netcfgx.dll
2006-11-26 16:48 53,520 --a------ C:\WINNT\system32\odbcji32.dll
2006-11-26 16:48 53,520 --a------ C:\WINNT\system32\ntmsapi.dll
2006-11-26 16:48 53,008 --a------ C:\WINNT\system32\packager.exe
2006-11-26 16:48 52,496 --a------ C:\WINNT\system32\mtxclu.dll
2006-11-26 16:48 52,496 --------- C:\WINNT\system32\wzcdlg.dll
2006-11-26 16:48 514,320 --a------ C:\WINNT\system32\msxml.dll
2006-11-26 16:48 48,912 --a------ C:\WINNT\system32\secur32.dll
2006-11-26 16:48 48,200 --------- C:\WINNT\system32\scrdx86.dll
2006-11-26 16:48 48,200 --------- C:\WINNT\system32\scrdenrl.dll
2006-11-26 16:48 477,456 --a------ C:\WINNT\system32\netshell.dll
2006-11-26 16:48 454,416 --a------ C:\WINNT\system32\rpcrt4.dll
2006-11-26 16:48 45,840 --a------ C:\WINNT\system32\skeys.exe
2006-11-26 16:48 45,840 --------- C:\WINNT\system32\msmqprop.exe
2006-11-26 16:48 446,224 --a------ C:\WINNT\system32\oakley.dll
2006-11-26 16:48 444,176 --a------ C:\WINNT\system32\oieng400.dll
2006-11-26 16:48 44,816 --a------ C:\WINNT\system32\rsm.exe
2006-11-26 16:48 431,888 --a------ C:\WINNT\system32\riched20.dll
2006-11-26 16:48 41,232 --a------ C:\WINNT\system32\odbcconf.exe
2006-11-26 16:48 41,232 --a------ C:\WINNT\system32\odbcconf.dll
2006-11-26 16:48 401,168 --a------ C:\WINNT\system32\ntmssvc.dll
2006-11-26 16:48 40,720 --a------ C:\WINNT\system32\RESUTILS.DLL
2006-11-26 16:48 4,880 --a------ C:\WINNT\system32\NDDEAPIR.EXE
2006-11-26 16:48 4,010,496 --------- C:\WINNT\system32\sp3res.dll
2006-11-26 16:48 39,936 --a------ C:\WINNT\system32\msisip.dll
2006-11-26 16:48 38,160 --a------ C:\WINNT\system32\sens.dll
2006-11-26 16:48 371,984 --a------ C:\WINNT\system32\NETLOGON.DLL
2006-11-26 16:48 37,136 --a------ C:\WINNT\system32\ODBCAD32.exe
2006-11-26 16:48 36,624 --a------ C:\WINNT\system32\RNR20.DLL
2006-11-26 16:48 36,112 --a------ C:\WINNT\system32\regapi.dll
2006-11-26 16:48 35,648 --a------ C:\WINNT\system32\ntio411.sys
2006-11-26 16:48 35,408 --a------ C:\WINNT\system32\ntio412.sys
2006-11-26 16:48 348,432 --a------ C:\WINNT\system32\msxbde40.dll
2006-11-26 16:48 34,816 --------- C:\WINNT\system32\msiregmv.exe
2006-11-26 16:48 34,576 --------- C:\WINNT\system32\wzcsetup.exe
2006-11-26 16:48 34,544 --a------ C:\WINNT\system32\ntio804.sys
2006-11-26 16:48 34,544 --a------ C:\WINNT\system32\ntio404.sys
2006-11-26 16:48 33,824 --a------ C:\WINNT\system32\NTIO.SYS
2006-11-26 16:48 33,552 --a------ C:\WINNT\system32\shmgrate.exe
2006-11-26 16:48 32,016 --a------ C:\WINNT\system32\ntdsatq.dll
2006-11-26 16:48 310,784 --------- C:\WINNT\system32\winhttp.dll
2006-11-26 16:48 29,968 --a------ C:\WINNT\system32\profmap.dll
2006-11-26 16:48 29,968 --a------ C:\WINNT\system32\ntdsbsrv.dll
2006-11-26 16:48 29,968 --------- C:\WINNT\system32\wzcsapi.dll
2006-11-26 16:48 29,456 --a------ C:\WINNT\system32\perfproc.dll
2006-11-26 16:48 285,456 --a------ C:\WINNT\system32\smlogcfg.dll
2006-11-26 16:48 28,432 --a------ C:\WINNT\system32\scrnsave.scr
2006-11-26 16:48 28,432 --a------ C:\WINNT\system32\ntdsbcli.dll
2006-11-26 16:48 270,608 --a------ C:\WINNT\system32\odbcjt32.dll
2006-11-26 16:48 26,896 --a------ C:\WINNT\system32\NETSTAT.EXE
2006-11-26 16:48 26,624 --a------ C:\WINNT\system32\msxmlr.dll
2006-11-26 16:48 254,736 --a------ C:\WINNT\system32\scesrv.dll
2006-11-26 16:48 25,360 --a------ C:\WINNT\system32\rsfsaps.dll
2006-11-26 16:48 25,360 --a------ C:\WINNT\system32\rapilib.dll
2006-11-26 16:48 244,224 --a------ C:\WINNT\system32\qmgr.dll
2006-11-26 16:48 24,848 --a------ C:\WINNT\system32\sqlwid.dll
2006-11-26 16:48 24,848 --a------ C:\WINNT\system32\perfdisk.dll
2006-11-26 16:48 24,848 --a------ C:\WINNT\system32\odbcbcp.dll
2006-11-26 16:48 24,848 --a------ C:\WINNT\system32\ODBC32GT.dll
2006-11-26 16:48 24,848 --a------ C:\WINNT\system32\narrator.exe
2006-11-26 16:48 24,336 --a------ C:\WINNT\system32\rpcns4.dll
2006-11-26 16:48 24,336 --------- C:\WINNT\system32\ftpqfe.exe
2006-11-26 16:48 239,376 --a------ C:\WINNT\system32\rpcss.dll
2006-11-26 16:48 23,312 --a------ C:\WINNT\system32\mtxdm.dll
2006-11-26 16:48 221,456 --a------ C:\WINNT\system32\osk.exe
2006-11-26 16:48 22,800 --a------ C:\WINNT\system32\routeext.dll
2006-11-26 16:48 217,360 --a------ C:\WINNT\system32\ODBC32.dll
2006-11-26 16:48 214,800 --a------ C:\WINNT\system32\objsel.dll
2006-11-26 16:48 214,288 --a------ C:\WINNT\system32\snmpsnap.dll
2006-11-26 16:48 200,976 --a------ C:\WINNT\system32\odbccu32.dll
2006-11-26 16:48 20,752 --a------ C:\WINNT\system32\sclgntfy.dll
2006-11-26 16:48 20,752 --a------ C:\WINNT\system32\odtext32.dll
2006-11-26 16:48 20,752 --a------ C:\WINNT\system32\odpdx32.dll
2006-11-26 16:48 20,752 --a------ C:\WINNT\system32\odfox32.dll
2006-11-26 16:48 20,752 --a------ C:\WINNT\system32\odexl32.dll
2006-11-26 16:48 20,752 --a------ C:\WINNT\system32\oddbse32.dll
2006-11-26 16:48 20,208 --------- C:\WINNT\system32\drivers\msircomm.sys
2006-11-26 16:48 198,928 --a------ C:\WINNT\system32\rasppp.dll
2006-11-26 16:48 198,424 --a------ C:\WINNT\system32\iuengine.dll
2006-11-26 16:48 196,880 --a------ C:\WINNT\system32\odbccr32.dll
2006-11-26 16:48 195,856 --------- C:\WINNT\system32\wzcsvc.dll
2006-11-26 16:48 187,024 --a------ C:\WINNT\system32\spcmdcon.sys
2006-11-26 16:48 18,432 --a------ C:\WINNT\system32\qmgrprxy.dll
2006-11-26 16:48 18,192 --------- C:\WINNT\system32\sp4iis.exe
2006-11-26 16:48 176,912 --a------ C:\WINNT\system32\rsvp.exe
2006-11-26 16:48 173,840 --a------ C:\WINNT\system32\netplwiz.dll
2006-11-26 16:48 173,328 --a------ C:\WINNT\system32\ntmsdba.dll
2006-11-26 16:48 17,680 --a------ C:\WINNT\system32\SNMPAPI.DLL
2006-11-26 16:48 17,168 --a------ C:\WINNT\system32\seclogon.dll
2006-11-26 16:48 17,168 --a------ C:\WINNT\system32\secedit.exe
2006-11-26 16:48 165,136 --a------ C:\WINNT\system32\ntdsutil.exe
2006-11-26 16:48 164,112 --------- C:\WINNT\system32\OLEPRO32.DLL
2006-11-26 16:48 16,144 --a------ C:\WINNT\system32\NDDEAPI.DLL
2006-11-26 16:48 155,920 --a------ C:\WINNT\system32\ODBCTRAC.dll
2006-11-26 16:48 154,896 --a------ C:\WINNT\system32\rasmontr.dll
2006-11-26 16:48 151,824 --a------ C:\WINNT\system32\pdh.dll
2006-11-26 16:48 15,120 --a------ C:\WINNT\system32\sisbkup.dll
2006-11-26 16:48 147,216 --a------ C:\WINNT\system32\dssenh.dll
2006-11-26 16:48 146,192 --a------ C:\WINNT\system32\polstore.dll
2006-11-26 16:48 14,608 --a------ C:\WINNT\system32\RASSAPI.DLL
2006-11-26 16:48 14,096 --a------ C:\WINNT\system32\rsh.exe
2006-11-26 16:48 139,536 --a------ C:\WINNT\system32\regedt32.exe
2006-11-26 16:48 134,928 --a------ C:\WINNT\system32\rsaenh.dll
2006-11-26 16:48 132,368 --a------ C:\WINNT\system32\RSABASE.DLL
2006-11-26 16:48 131,344 --a------ C:\WINNT\system32\netid.dll
2006-11-26 16:48 13,584 --a------ C:\WINNT\system32\powrprof.dll
2006-11-26 16:48 13,072 --a------ C:\WINNT\system32\spiisupd.exe
2006-11-26 16:48 124,184 --a------ C:\WINNT\system32\wuauclt.exe
2006-11-26 16:48 124,176 --a------ C:\WINNT\system32\net1.exe
2006-11-26 16:48 115,472 --a------ C:\WINNT\system32\PSBASE.DLL
2006-11-26 16:48 114,448 --a------ C:\WINNT\system32\scecli.dll
2006-11-26 16:48 113,936 --a------ C:\WINNT\system32\newdev.dll
2006-11-26 16:48 111,888 --a------ C:\WINNT\system32\polagent.dll
2006-11-26 16:48 110,352 --a------ C:\WINNT\system32\mycomput.dll
2006-11-26 16:48 110,080 --a------ C:\WINNT\system32\offfilt.dll
2006-11-26 16:48 11,984 --------- C:\WINNT\system32\drivers\ndisuio.sys
2006-11-26 16:48 11,536 --------- C:\WINNT\system32\sptsupd.exe
2006-11-26 16:48 11,024 --a------ C:\WINNT\system32\REGSVR32.EXE
2006-11-26 16:48 108,816 --a------ C:\WINNT\system32\NETDDE.EXE
2006-11-26 16:48 108,304 --a------ C:\WINNT\system32\rsnotify.exe
2006-11-26 16:48 107,792 --a------ C:\WINNT\system32\sndrec32.exe
2006-11-26 16:48 106,256 --a------ C:\WINNT\system32\oleprn.dll
2006-11-26 16:48 105,744 --a------ C:\WINNT\system32\mtxoci.dll
2006-11-26 16:48 105,232 --a------ C:\WINNT\system32\rend.dll
2006-11-26 16:48 102,672 --a------ C:\WINNT\system32\odbccp32.dll
2006-11-26 16:48 102,672 --a------ C:\WINNT\system32\NTMARTA.DLL
2006-11-26 16:48 100,624 --a------ C:\WINNT\system32\rastls.dll
2006-11-26 16:48 10,288 --------- C:\WINNT\system32\drivers\irenum.sys
2006-11-26 16:48 10,000 --a------ C:\WINNT\system32\runas.exe
2006-11-26 16:48 1,427,216 --a------ C:\WINNT\system32\query.dll
2006-11-26 16:48 1,343,768 --a------ C:\WINNT\system32\wuaueng.dll
2006-11-26 16:48 1,040,656 --a------ C:\WINNT\system32\ntdsa.dll
2006-11-26 16:47 99,088 --a------ C:\WINNT\system32\modemui.dll
2006-11-26 16:47 92,032 --a------ C:\WINNT\system32\KRNL386.EXE
2006-11-26 16:47 88,848 --a------ C:\WINNT\system32\msdtclog.dll
2006-11-26 16:47 847,872 --a------ C:\WINNT\system32\msimsg.dll
2006-11-26 16:47 835,856 --a------ C:\WINNT\system32\mmcndmgr.dll
2006-11-26 16:47 831,760 --a------ C:\WINNT\system32\mswdat10.dll
2006-11-26 16:47 76,560 --a------ C:\WINNT\system32\msw3prt.dll
2006-11-26 16:47 76,048 --a------ C:\WINNT\system32\mdhcp.dll
2006-11-26 16:47 73,488 --a------ C:\WINNT\system32\irmon.dll
2006-11-26 16:47 72,464 --a------ C:\WINNT\system32\isign32.dll
2006-11-26 16:47 707,344 --a------ C:\WINNT\system32\msdtcprx.dll
2006-11-26 16:47 7,440 --a------ C:\WINNT\system32\msswchx.exe
2006-11-26 16:47 69,904 --a------ C:\WINNT\system32\mprddm.dll
2006-11-26 16:47 66,320 --a------ C:\WINNT\system32\LOADPERF.DLL
2006-11-26 16:47 64,512 --a------ C:\WINNT\system32\msiexec.exe
2006-11-26 16:47 603,408 --a------ C:\WINNT\system32\mmc.exe
2006-11-26 16:47 6,928 --a------ C:\WINNT\system32\KBDCA.DLL
2006-11-26 16:47 57,296 --a------ C:\WINNT\system32\drivers\irda.sys
2006-11-26 16:47 56,080 --a------ C:\WINNT\system32\mprui.dll
2006-11-26 16:47 553,232 --a------ C:\WINNT\system32\msrepl40.dll
2006-11-26 16:47 55,056 --a------ C:\WINNT\system32\mpr.dll
2006-11-26 16:47 53,520 --a------ C:\WINNT\system32\msjter40.dll
2006-11-26 16:47 512,272 --a------ C:\WINNT\system32\msexch40.dll
2006-11-26 16:47 49,936 --a------ C:\WINNT\system32\ixsso.dll
2006-11-26 16:47 48,400 --a------ C:\WINNT\system32\loghours.dll
2006-11-26 16:47 47,376 --a------ C:\WINNT\system32\mprdim.dll
2006-11-26 16:47 47,104 --a------ C:\WINNT\system32\MSPRIVS.DLL
2006-11-26 16:47 43,792 --a------ C:\WINNT\system32\magnify.exe
2006-11-26 16:47 422,160 --a------ C:\WINNT\system32\msrd2x40.dll
2006-11-26 16:47 42,809 --a------ C:\WINNT\system32\key01.sys
2006-11-26 16:47 42,537 --a------ C:\WINNT\system32\KEYBOARD.SYS
2006-11-26 16:47 4,368 --a------ C:\WINNT\system32\IPROP.DLL
2006-11-26 16:47 4,126 --a------ C:\WINNT\system32\msdxmlc.dll
2006-11-26 16:47 374,032 --a------ C:\WINNT\system32\JET500.DLL
2006-11-26 16:47 35,088 --a------ C:\WINNT\system32\MSSIGN32.DLL
2006-11-26 16:47 348,432 --a------ C:\WINNT\system32\mspbde40.dll
2006-11-26 16:47 348,432 --a------ C:\WINNT\system32\msjetoledb40.dll
2006-11-26 16:47 334,096 --a------ C:\WINNT\system32\MSGINA.DLL
2006-11-26 16:47 319,760 --a------ C:\WINNT\system32\msexcl40.dll
2006-11-26 16:47 315,664 --a------ C:\WINNT\system32\msrd3x40.dll
2006-11-26 16:47 305,664 --a------ C:\WINNT\system32\msihnd.dll
2006-11-26 16:47 286,773 --a------ C:\WINNT\system32\msvcrt.dll
2006-11-26 16:47 258,320 --a------ C:\WINNT\system32\mstext40.dll
2006-11-26 16:47 25,872 --a------ C:\WINNT\system32\LODCTR.EXE
2006-11-26 16:47 246,032 --a------ C:\WINNT\system32\localsec.dll
2006-11-26 16:47 241,936 --a------ C:\WINNT\system32\msjtes40.dll
2006-11-26 16:47 24,848 --a------ C:\WINNT\system32\msdart32.dll
2006-11-26 16:47 236,304 --a------ C:\WINNT\system32\msclus.dll
2006-11-26 16:47 216,848 --a------ C:\WINNT\system32\mstask.dll
2006-11-26 16:47 213,264 --a------ C:\WINNT\system32\msltus40.dll
2006-11-26 16:47 212,752 --a------ C:\WINNT\system32\kerberos.dll
2006-11-26 16:47 20,240 --a------ C:\WINNT\system32\lpk.dll
2006-11-26 16:47 2,017,792 --a------ C:\WINNT\system32\msi.dll
2006-11-26 16:47 19,728 --a------ C:\WINNT\system32\mimefilt.dll
2006-11-26 16:47 169,232 --a------ C:\WINNT\system32\mobsync.dll
2006-11-26 16:47 159,504 --a------ C:\WINNT\system32\iprtrmgr.dll
2006-11-26 16:47 155,920 --a------ C:\WINNT\system32\msorcl32.dll
2006-11-26 16:47 151,824 --a------ C:\WINNT\system32\msjint40.dll
2006-11-26 16:47 146,192 --a------ C:\WINNT\system32\msdtcui.dll
2006-11-26 16:47 143,872 --a------ C:\WINNT\system32\itircl.dll
2006-11-26 16:47 14,608 --a------ C:\WINNT\system32\msswch.dll
2006-11-26 16:47 130,832 --a------ C:\WINNT\system32\logon.scr
2006-11-26 16:47 13,824 --a------ C:\WINNT\system32\mscpxl32.dLL
2006-11-26 16:47 122,368 --a------ C:\WINNT\system32\itss.dll
2006-11-26 16:47 119,568 --a------ C:\WINNT\system32\mstask.exe
2006-11-26 16:47 116,496 --a------ C:\WINNT\system32\msvfw32.dll
2006-11-26 16:47 111,376 --a------ C:\WINNT\system32\mobsync.exe
2006-11-26 16:47 11,024 --a------ C:\WINNT\system32\msrle32.dll
2006-11-26 16:47 108,816 --a------ C:\WINNT\system32\msafd.dll
2006-11-26 16:47 102,160 --a------ C:\WINNT\system32\mdminst.dll
2006-11-26 16:47 10,000 --a------ C:\WINNT\system32\lz32.dll
2006-11-26 16:47 1,507,600 --a------ C:\WINNT\system32\msjet40.dll
2006-11-26 16:47 1,385,744 --a------ C:\WINNT\system32\MSVBVM60.DLL
2006-11-26 16:47 1,131,280 --a------ C:\WINNT\system32\msdtctm.dll
2006-11-26 16:47 1,015,859 --a------ C:\WINNT\system32\mfc42.dll
2006-11-26 16:47 1,011,764 --a------ C:\WINNT\system32\mfc42u.dll
2006-11-26 16:46 97,040 --a------ C:\WINNT\system32\iasrad.dll
2006-11-26 16:46 96,528 --a------ C:\WINNT\system32\imm32.dll
2006-11-26 16:46 96,016 --a------ C:\WINNT\system32\clbcatex.dll
2006-11-26 16:46 94,992 --a------ C:\WINNT\system32\FAXSVC.EXE
2006-11-26 16:46 92,944 --a------ C:\WINNT\system32\faxadmin.dll
2006-11-26 16:46 92,944 --a------ C:\WINNT\system32\dskquota.dll
2006-11-26 16:46 92,432 --a------ C:\WINNT\system32\dnsrslvr.dll
2006-11-26 16:46 90,384 --a------ C:\WINNT\system32\CRYPTDLG.DLL
2006-11-26 16:46 89,360 --a------ C:\WINNT\system32\comrepl.dll
2006-11-26 16:46 82,704 --a------ C:\WINNT\system32\cmnquery.dll
2006-11-26 16:46 81,978 --a------ C:\WINNT\system32\hlink.dll
2006-11-26 16:46 80,144 --a------ C:\WINNT\system32\faxcom.dll
2006-11-26 16:46 77,584 --------- C:\WINNT\system32\gpresult.exe
2006-11-26 16:46 76,560 --a------ C:\WINNT\system32\hotplug.dll
2006-11-26 16:46 76,048 --a------ C:\WINNT\system32\cryptsvc.dll
2006-11-26 16:46 75,536 --a------ C:\WINNT\system32\iasads.dll
2006-11-26 16:46 74,512 --a------ C:\WINNT\system32\dsauth.dll
2006-11-26 16:46 7,440 --a------ C:\WINNT\system32\control.exe
2006-11-26 16:46 66,832 --a------ C:\WINNT\system32\inetpp.dll
2006-11-26 16:46 625,936 --a------ C:\WINNT\system32\comuid.dll
2006-11-26 16:46 62,224 --a------ C:\WINNT\system32\dfrgfat.exe
2006-11-26 16:46 60,176 --a------ C:\WINNT\system32\iassvcs.dll
2006-11-26 16:46 60,176 --a------ C:\WINNT\system32\iasnap.dll
2006-11-26 16:46 6,416 --------- C:\WINNT\system32\hccoin.dll
2006-11-26 16:46 55,568 --a------ C:\WINNT\system32\esentutl.exe
2006-11-26 16:46 55,568 --a------ C:\WINNT\system32\CLUSAPI.DLL
2006-11-26 16:46 510,224 --a------ C:\WINNT\system32\clbcatq.dll
2006-11-26 16:46 50,620 --a------ C:\WINNT\system32\command.com
2006-11-26 16:46 50,448 --a------ C:\WINNT\system32\fdeploy.dll
2006-11-26 16:46 5,904 --a------ C:\WINNT\system32\dllhst3g.exe
2006-11-26 16:46 498,205 --a------ C:\WINNT\system32\dxmasf.dll
2006-11-26 16:46 479,504 --a------ C:\WINNT\system32\CRYPT32.DLL
2006-11-26 16:46 47,888 --a------ C:\WINNT\system32\EVENTLOG.DLL
2006-11-26 16:46 45,328 --a------ C:\WINNT\system32\cmstp.exe
2006-11-26 16:46 443,664 --a------ C:\WINNT\system32\CRYPTUI.DLL
2006-11-26 16:46 441,616 --a------ C:\WINNT\system32\ipnathlp.dll
2006-11-26 16:46 44,304 --a------ C:\WINNT\system32\cryptdll.dll
2006-11-26 16:46 43,280 --a------ C:\WINNT\system32\dmutil.dll
2006-11-26 16:46 43,280 --a------ C:\WINNT\system32\CRYPTNET.DLL
2006-11-26 16:46 42,768 --a------ C:\WINNT\system32\dfrgsnap.dll
2006-11-26 16:46 41,744 --a------ C:\WINNT\system32\dsfolder.dll
2006-11-26 16:46 380,957 --a------ C:\WINNT\system32\expsrv.dll
2006-11-26 16:46 37,888 --a------ C:\WINNT\system32\hhsetup.dll
2006-11-26 16:46 37,648 --a------ C:\WINNT\system32\colbact.dll
2006-11-26 16:46 36,112 --a------ C:\WINNT\system32\cipher.exe
2006-11-26 16:46 33,040 --a------ C:\WINNT\system32\dbmsspxn.dll
2006-11-26 16:46 33,040 --a------ C:\WINNT\system32\dbmsadsn.dll
2006-11-26 16:46 316,176 --a------ C:\WINNT\system32\dmconfig.dll
2006-11-26 16:46 306,448 --a------ C:\WINNT\system32\dhcpmon.dll
2006-11-26 16:46 305,424 --a------ C:\WINNT\system32\gpedit.dll
2006-11-26 16:46 3,856 --a------ C:\WINNT\system32\COMCAT.DLL
2006-11-26 16:46 299,792 --a------ C:\WINNT\system32\dsprop.dll
2006-11-26 16:46 294,672 --a------ C:\WINNT\system32\filemgmt.dll
2006-11-26 16:46 29,456 --a------ C:\WINNT\system32\INETMIB1.DLL
2006-11-26 16:46 28,944 --a------ C:\WINNT\system32\iasacct.dll
2006-11-26 16:46 28,944 --a------ C:\WINNT\system32\dssec.dll
2006-11-26 16:46 269,584 --a------ C:\WINNT\system32\iassdo.dll
2006-11-26 16:46 265,488 --a------ C:\WINNT\system32\dxmrtp.dll
2006-11-26 16:46 25,872 --a------ C:\WINNT\system32\findstr.exe
2006-11-26 16:46 25,872 --a------ C:\WINNT\system32\conime.exe
2006-11-26 16:46 245,008 --a------ C:\WINNT\system32\icm32.dll
2006-11-26 16:46 243,472 --a------ C:\WINNT\explorer.exe
2006-11-26 16:46 242,960 --a------ C:\WINNT\system32\cscui.dll
2006-11-26 16:46 24,848 --a------ C:\WINNT\system32\ds32gt.dll
2006-11-26 16:46 236,304 --a------ C:\WINNT\system32\CMD.EXE
2006-11-26 16:46 233,744 --a------ C:\WINNT\system32\GDI32.DLL
2006-11-26 16:46 233,232 --a------ C:\WINNT\system32\es.dll
2006-11-26 16:46 221,968 --a------ C:\WINNT\system32\devmgr.dll
2006-11-26 16:46 22,800 --a------ C:\WINNT\system32\dfsshlex.dll
2006-11-26 16:46 22,288 --a------ C:\WINNT\system32\cmutil.dll
2006-11-26 16:46 219,920 --a------ C:\WINNT\system32\confmsp.dll
2006-11-26 16:46 21,776 --a------ C:\WINNT\system32\HTICONS.DLL
2006-11-26 16:46 206,096 --a------ C:\WINNT\system32\infosoft.dll
2006-11-26 16:46 200,976 --a------ C:\WINNT\system32\FONTEXT.DLL
2006-11-26 16:46 20,752 --a------ C:\WINNT\system32\iasperf.dll
2006-11-26 16:46 193,808 --a------ C:\WINNT\system32\cmdial32.dll
2006-11-26 16:46 19,728 --a------ C:\WINNT\system32\hidserv.exe
2006-11-26 16:46 187,152 --a------ C:\WINNT\system32\eudcedit.exe
2006-11-26 16:46 185,616 --a------ C:\WINNT\system32\faxt30.dll
2006-11-26 16:46 18,192 --a------ C:\WINNT\system32\hid.dll
2006-11-26 16:46 174,864 --a------ C:\WINNT\system32\dmdlgs.dll
2006-11-26 16:46 163,600 --a------ C:\WINNT\system32\dmdskmgr.dll
2006-11-26 16:46 163,088 --a------ C:\WINNT\system32\h323msp.dll
2006-11-26 16:46 163,088 --a------ C:\WINNT\system32\dbghelp.dll
2006-11-26 16:46 16,144 --a------ C:\WINNT\system32\diskcopy.dll
2006-11-26 16:46 159,807 --a------ C:\WINNT\system32\cmprops.dll
2006-11-26 16:46 157,968 --a------ C:\WINNT\system32\els.dll
2006-11-26 16:46 157,456 --a------ C:\WINNT\system32\dsquery.dll
2006-11-26 16:46 156,944 --a------ C:\WINNT\system32\ciadmin.dll
2006-11-26 16:46 15,120 --a------ C:\WINNT\system32\faxdrv.dll
2006-11-26 16:46 147,728 --a------ C:\WINNT\system32\dmadmin.exe
2006-11-26 16:46 146,192 --a------ C:\WINNT\system32\dskquoui.dll
2006-11-26 16:46 145,680 --a------ C:\WINNT\system32\DSSBASE.DLL
2006-11-26 16:46 14,096 --a------ C:\WINNT\system32\diskperf.exe
2006-11-26 16:46 138,000 --a------ C:\WINNT\system32\INITPKI.DLL
2006-11-26 16:46 138,000 --a------ C:\WINNT\system32\faxui.dll
2006-11-26 16:46 130,832 --a------ C:\WINNT\system32\CLUSTER.EXE
2006-11-26 16:46 13,072 --a------ C:\WINNT\system32\dmintf.dll
2006-11-26 16:46 13,072 --a------ C:\WINNT\system32\CHKNTFS.EXE
2006-11-26 16:46 122,368 --a------ C:\WINNT\system32\dmdskres.dll
2006-11-26 16:46 122,128 --a------ C:\WINNT\system32\idq.dll
2006-11-26 16:46 12,048 --a------ C:\WINNT\system32\dmserver.dll
2006-11-26 16:46 118,544 --a------ C:\WINNT\system32\gptext.dll
2006-11-26 16:46 113,936 --a------ C:\WINNT\system32\DCOMCNFG.EXE
2006-11-26 16:46 110,864 --a------ C:\WINNT\system32\dsuiext.dll
2006-11-26 16:46 101,136 --a------ C:\WINNT\system32\cscdll.dll
2006-11-26 16:46 100,624 --a------ C:\WINNT\system32\iassam.dll
2006-11-26 16:46 10,752 --a------ C:\WINNT\hh.exe
2006-11-26 16:46 10,512 --a------ C:\WINNT\system32\dmremote.exe
2006-11-26 16:46 1,785,160 --a------ C:\WINNT\system32\dtcsetup.exe
2006-11-26 16:46 1,448,208 --a------ C:\WINNT\system32\comsvcs.dll
2006-11-26 16:46 1,135,376 --a------ C:\WINNT\system32\esent.dll
2006-11-26 16:45 8,976 --a------ C:\WINNT\system32\autolfn.exe
2006-11-26 16:45 78,608 --a------ C:\WINNT\system32\avifil32.dll
2006-11-26 16:45 78,096 --a------ C:\WINNT\system32\aclui.dll
2006-11-26 16:45 75,544 --a------ C:\WINNT\system32\cdm.dll
2006-11-26 16:45 74,810 --a------ C:\WINNT\system32\atl.dll
2006-11-26 16:45 68,880 --a------ C:\WINNT\system32\browser.dll
2006-11-26 16:45 62,736 --a------ C:\WINNT\system32\adsmsext.dll
2006-11-26 16:45 591,120 --a------ C:\WINNT\system32\catsrvut.dll
2006-11-26 16:45 568,592 --a------ C:\WINNT\system32\autofmt.exe
2006-11-26 16:45 422,160 --a------ C:\WINNT\system32\certmgr.dll
2006-11-26 16:45 42,256 --a------ C:\WINNT\system32\BASESRV.DLL
2006-11-26 16:45 402,704 --a------ C:\WINNT\system32\cdonts.dll
2006-11-26 16:45 31,504 --a------ C:\WINNT\system32\atmlib.dll
2006-11-26 16:45 291,888 --a------ C:\WINNT\system32\atmfd.dll
2006-11-26 16:45 23,824 --a------ C:\WINNT\system32\at.exe
2006-11-26 16:45 226,576 --a------ C:\WINNT\system32\avtapi.dll
2006-11-26 16:45 224,016 --a------ C:\WINNT\system32\appmgr.dll
2006-11-26 16:45 201,488 --a------ C:\WINNT\system32\adsnt.dll
2006-11-26 16:45 20,752 --a------ C:\WINNT\system32\batmeter.dll
2006-11-26 16:45 2,531,088 --a------ C:\WINNT\system32\cdosys.dll
2006-11-26 16:45 182,032 --a------ C:\WINNT\system32\activeds.dll
2006-11-26 16:45 166,160 --a------ C:\WINNT\system32\catsrv.dll
2006-11-26 16:45 164,112 --a------ C:\WINNT\system32\adsnds.dll
2006-11-26 16:45 150,800 --a------ C:\WINNT\system32\accwiz.exe
2006-11-26 16:45 143,632 --------- C:\WINNT\system32\ASYCFILT.DLL
2006-11-26 16:45 14,096 --a------ C:\WINNT\system32\atkctrs.dll
2006-11-26 16:45 135,440 --a------ C:\WINNT\system32\certcli.dll
2006-11-26 16:45 133,904 --a------ C:\WINNT\system32\adsldpc.dll
2006-11-26 16:45 127,760 --a------ C:\WINNT\system32\capesnpn.dll
2006-11-26 16:45 125,712 --a------ C:\WINNT\system32\adsldp.dll
2006-11-26 16:45 120,592 --a------ C:\WINNT\system32\appmgmts.dll
2006-11-26 16:45 112,400 --a------ C:\WINNT\system32\adsnw.dll
2006-11-19 23:27 69 --a-s---- C:\WINNT\test.bat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-14 16:11 -------- d-a------ C:\Program Files\Common Files
2006-12-13 12:56 -------- d-------- C:\Program Files\Hijackthis
2006-12-12 18:29 -------- d-------- C:\Program Files\Windows Media Player
2006-12-12 18:22 -------- d--h----- C:\Documents and Settings\Allen\Application Data\yahoo!
2006-12-12 18:17 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-12 18:17 -------- d-------- C:\Program Files\QuickTime
2006-12-12 18:08 -------- d-------- C:\Documents and Settings\Allen\Application Data\Macromedia
2006-12-12 17:52 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-12-12 17:49 -------- d-------- C:\Program Files\AIM
2006-11-26 17:03 -------- d-------- C:\Program Files\Windows NT
2006-11-26 16:58 -------- d-------- C:\Program Files\Outlook Express
2006-11-26 16:58 -------- d-------- C:\Program Files\NetMeeting
2006-11-09 14:59 -------- d-------- C:\Program Files\Internet Explorer
2006-11-03 18:43 -------- d-------- C:\Program Files\Java
2006-11-03 18:40 -------- d-------- C:\Program Files\Common Files\Java
2006-11-03 16:02 -------- d-------- C:\Program Files\Grisoft
2006-09-18 05:02 49 --a------ C:\Documents and Settings\Allen\Application Data\internaldb41.dat
2006-09-18 05:02 337 --a------ C:\Documents and Settings\Allen\Application Data\internaldb1942.dat
2006-09-18 04:59 177152 --a------ C:\Documents and Settings\Allen\Application Data\internaldb4827.dat
2006-09-18 04:58 13046 --a------ C:\Documents and Settings\Allen\Application Data\internaldb5436.dat
2006-09-18 04:58 0 --a------ C:\Documents and Settings\Allen\Application Data\internaldb4604.dat
2006-09-18 03:15 0 --a------ C:\Documents and Settings\Allen\Application Data\internaldb8253.dat
2006-09-18 03:15 0 --a------ C:\Documents and Settings\Allen\Application Data\internaldb3902.dat
2006-09-18 03:15 0 --a------ C:\Documents and Settings\Allen\Application Data\internaldb2391.dat
2006-09-18 03:15 0 --a------ C:\Documents and Settings\Allen\Application Data\internaldb153.dat
2006-09-18 03:14 9216 --a------ C:\Documents and Settings\Allen\Application Data\internaldb8467.dat
2006-09-18 03:14 23 --a------ C:\Documents and Settings\Allen\Application Data\inifile41.ini
2006-09-18 03:14 0 --a------ C:\Documents and Settings\Allen\Application Data\internaldb6334.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ntdll.dll"="C:\\WINNT\\inet20126\\services.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{20D57A66-F7DF-467d-907B-9B7F4A118AB7}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000
"NoRun"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\McAfee.com Update Check (ALLEN-YCZ4CN9JC-Allen).job

Completion time: Thu 2006-12-14 16:12:48.91
C:\ComboFix.txt ... 06-12-14 16:12
  • 0

#4
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:22:37 PM, on 12/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\inet20126\services.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINNT\inet20126\121322954.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20126\services.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165361061335
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...534/mcfscan.cab
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#5
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Download http://downloads.and...Tools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
· Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
===================================

DownLoad http://www.cexx.org/lspfix.htm

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.

=====================================
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe

O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINNT\inet20126\121322954.dll

O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20126\services.exe

O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINNT\system32\rpcc.dll
C:\WINNT\inet20126

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#6
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
SDFix: Version 1.48
****************

Fri 12/15/2006 - 18:01:19.06

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Stage One - Safe Mode

Checking For Trojan Services...

Service Name:


File Path:



Starting Registry Repairs...
Killing PID 112 'smss.exe'
Killing PID 136 'winlogon.exe'

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

C:\WINNT\system32\drivers\etc\hosts.tim
C:\WINNT\system32\rpcc.dll
C:\WINNT\system32\upnp.exe

Backing Up and Removing any Files Found...

Alternate Stream Check:

C:\WINNT\system32
No streams found.
Final Check:

Services:
---------


Files:
------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\Program Files\America Online 8.0\aolphx.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\America Online 8.0\RBM.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\COMIT\cswitch.exe
C:\Program Files\America Online 9.0\AOLphx.exe
C:\Program Files\America Online 9.0\rbm.exe
C:\WINNT\loader285624922.exe
C:\WINNT\system32\services\bak\explorer.exe
C:\CONFIG.SYS
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Allen\Desktop\BIT27.tmp

FINISHED!
  • 0

#7
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:16:06 PM, on 12/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\inet20126\services.exe
c:\program files\internet explorer\iexplore.exe
C:\WINNT\system32\services.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20126\services.exe
O4 - HKCU\..\Run: [WinUpgrade] "C:\WINNT\loader85641515.exe "
O4 - HKCU\..\Run: [WinMedia] C:\WINNT\loader285624922.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165361061335
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...534/mcfscan.cab
O20 - Winlogon Notify: pasksa - C:\WINNT\SYSTEM32\pasksa.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#8
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:46:22 PM, on 12/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\system32\services.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft

Internet Explorer provided by America Online
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [WinUpgrade] "C:\WINNT\loader85641515.exe "
O4 - HKCU\..\Run: [WinMedia] C:\WINNT\loader285624922.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol

toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros.../client/wuweb_s

ite.cab?1165361061335
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner

3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) -

http://gamedownload....GPlugin7USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcaf...can/2,0,0,4534/

mcfscan.cab
O20 - Winlogon Notify: pasksa - C:\WINNT\SYSTEM32\pasksa.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online,

Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks

Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -

Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America

Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#9
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
DownLoad http://www.cexx.org/lspfix.htm

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
==================================
Download http://users.telenet...ools/haxfix.exe

Save it to your desktop.
· Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
· Checkmark "Create a desktop icon"
· Click "Next"
· When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
· Click "Finish"
A red "dos window" (dos box) will open with options:

· Select option 2. Run auto fix by typing 2 and then pressing Enter
If an infection is found, you'll get a message to close all other open windows.
· Close all open windows except the red dos window from haxfix and then press Enter
· The computer will reboot
· After reboot a logfile will open > (c:\haxfix.txt)
Post the contents of that logfile along with a new HijackThis log.
====================================
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\inet20126\services.exe

O4 - HKCU\..\Run: [WinUpgrade] "C:\WINNT\loader85641515.exe "

O4 - HKCU\..\Run: [WinMedia] C:\WINNT\loader285624922.exe

O20 - Winlogon Notify: pasksa - C:\WINNT\SYSTEM32\pasksa.dll

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINNT\inet20126
C:\WINNT\loader85641515.exe
C:\WINNT\loader285624922.exe
C:\WINNT\SYSTEM32\pasksa.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#10
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
HAXFIX logfile - by Marckie

version 4.31
Sat 12/16/2006 11:44:42.30

--- Auto Haxdoorfix ---


searching for files:

no infections found


--- Goldunfix ---


searching for files:

searching for SSODLkeys:
no SSODLkeys found

searching for notifykeys:
pasksa

searching for services:
p81eskse


deleting service p81eskse
[SWSC] DeleteService SUCCESS


.....rebooting the computer.....


searching for ssodlkeys

not needed


searching for notifykeys

notifykey pasksa not found


searching for services

service p81eskse not found


searching for safeboot services

not needed


searching for files

pasksa.dll exists
deleting pasksa.dll
pasksa.dll has been deleted

p81eskse.sys exists
deleting p81eskse.sys
p81eskse.sys has been deleted


checking for other files

No other files found


checking for a3d files

no a3d files found


Finished
  • 0

Advertisements


#11
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Need a new hijack log and a status of the system
  • 0

#12
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:19:22 PM, on 12/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft

Internet Explorer provided by America Online
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol

toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros.../client/wuweb_s

ite.cab?1165361061335
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner

3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) -

http://gamedownload....GPlugin7USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcaf...can/2,0,0,4534/

mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online,

Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks

Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -

Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America

Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#13
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
everything seems to be working fine at the moment. i still need to reinstall a few programs, other than that it seems to be running smoothly
  • 0

#14
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0

#15
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
out of curiosity, what would this do exactly?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP