Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RUNDLL Error

Started by MoNsTeReNeRgY22 , Jan 29 2007 06:04 PM

This topic is locked

#1
MoNsTeReNeRgY22

Posted 29 January 2007 - 06:04 PM

Member 2k

Member
2,539 posts

Well just recently I started recieving this pop up. Please let me know if it is something I should or shouldn'y worry about. If it is, how can I fix it??? :whistling:

#2
don77

Posted 29 January 2007 - 06:19 PM

Malware Expert

Retired Staff
18,526 posts

I closed your other topic please don't start multiple topics

* Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

#3
MoNsTeReNeRgY22

Posted 29 January 2007 - 08:33 PM

Member 2k

Topic Starter
Member
2,539 posts

Logfile of HijackThis v1.99.1
Scan saved at 6:34:53 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\navsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\msmsgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {EF7C999D-43DD-43C3-A25B-2DB1A881664A} - C:\WINDOWS\system32\khfcdaa.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\system32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168675042088
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168675091073
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_18) - http://javadl-esd.su...ll-13-win32.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: khfcdaa - C:\WINDOWS\SYSTEM32\khfcdaa.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: wvurpqr - C:\WINDOWS\SYSTEM32\wvurpqr.dll
O20 - Winlogon Notify: yaywxxw - yaywxxw.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\navsvc.exe

Edited by MoNsTeReNeRgY22, 29 January 2007 - 08:35 PM.

#4
don77

Posted 29 January 2007 - 10:10 PM

Malware Expert

Retired Staff
18,526 posts

yep some nasties to clean up

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Also
1. Download this file - Combo Fix
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log here for me as well

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

#5
MoNsTeReNeRgY22

Posted 30 January 2007 - 04:34 PM

Member 2k

Topic Starter
Member
2,539 posts

VundoFix V6.3.5

Checking Java version...

Sun Java not detected
Scan started at 6:54:31 AM 1/30/2007

Listing files found while scanning....

C:\WINDOWS\system32\khfcdaa.dll
C:\WINDOWS\system32\tuvwuur.dll
C:\WINDOWS\system32\wvurpqr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfcdaa.dll
C:\WINDOWS\system32\khfcdaa.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tuvwuur.dll
C:\WINDOWS\system32\tuvwuur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvurpqr.dll
C:\WINDOWS\system32\wvurpqr.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfcdaa.dll
C:\WINDOWS\system32\khfcdaa.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 2:32:53 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\msmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {EF7C999D-43DD-43C3-A25B-2DB1A881664A} - C:\WINDOWS\system32\khfcdaa.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\system32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168675042088
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168675091073
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_18) - http://javadl-esd.su...ll-13-win32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...951/mcfscan.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: yaywxxw - yaywxxw.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\navsvc.exe (file missing)

"user" - 07-01-30 13:29:38 Service Pack 2
ComboFix 07.01.30 - Running from: "C:\Documents and Settings\user\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))

2007-01-30 06:54 <DIR> d-------- C:\VundoFix Backups
2007-01-29 20:50 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2007-01-29 20:50 51 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-01-29 19:54 <DIR> d-------- C:\DOCUME~1\user\.java
2007-01-29 19:52 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-01-29 19:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-29 19:49 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-29 19:49 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-01-29 18:34 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-29 18:27 22,029 ---hs---- C:\WINDOWS\system32\tuvwuur.dll
2007-01-29 16:17 <DIR> d-------- C:\DOCUME~1\user\Application Data\JetStart
2007-01-29 15:51 22,029 ---hs---- C:\WINDOWS\system32\khfcdaa.dll
2007-01-29 15:30 22,029 ---hs---- C:\WINDOWS\system32\wvurpqr.dll
2007-01-29 07:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-01-28 21:48 <DIR> d-------- C:\DOCUME~1\user\Application Data\Lavasoft
2007-01-28 21:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-28 12:34 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-28 12:34 <DIR> d-------- C:\Fraps
2007-01-28 12:10 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-01-28 11:43 <DIR> d-------- C:\DOCUME~1\user\Application Data\Uniblue
2007-01-27 22:47 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-01-27 22:47 <DIR> d-------- C:\DOCUME~1\user\Application Data\teamspeak2
2007-01-27 13:21 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-01-27 12:56 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\ATI
2007-01-25 22:23 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-01-23 17:19 <DIR> d-ah----- C:\DOCUME~1\ALLUSE~1\Application Data\GTek
2007-01-23 14:23 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-22 17:38 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-01-22 17:38 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-01-22 17:38 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-01-22 17:38 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-01-22 17:38 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-01-21 00:51 1,204,224 --------- C:\WINDOWS\navsvc.exe
2007-01-18 20:17 <DIR> d-------- C:\downloads
2007-01-18 19:40 <DIR> d-------- C:\Program Files\uTorrent
2007-01-18 17:54 36,972 --------- C:\WINDOWS\system32\ActPanel.dll
2007-01-18 17:54 <DIR> d-------- C:\Program Files\JavaSoft
2007-01-18 16:50 <DIR> d-------- C:\DOCUME~1\user\Application Data\AdobeUM
2007-01-17 19:46 <DIR> d-------- C:\DOCUME~1\user\Application Data\uTorrent
2007-01-17 16:32 845,312 --a------ C:\WINDOWS\system32\Smab.dll
2007-01-17 16:32 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-01-17 16:32 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-01-17 16:32 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-01-17 16:32 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-01-17 16:32 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-01-17 16:32 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-01-17 16:32 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-01-17 16:32 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-01-17 16:32 217,073 --a------ C:\WINDOWS\meta4.exe
2007-01-17 16:32 <DIR> d--hs---- C:\WINDOWS\system32\ShellDHCP
2007-01-17 16:25 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-01-17 16:25 <DIR> d-------- C:\Program Files\eRightSoft
2007-01-15 14:18 <DIR> d-------- C:\Program Files\Microsoft Games
2007-01-15 10:49 <DIR> d-------- C:\Program Files\Mario Forever
2007-01-15 09:14 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-15 09:14 <DIR> d-------- C:\Program Files\Viewpoint
2007-01-15 09:14 <DIR> d-------- C:\Program Files\AOD
2007-01-15 09:14 <DIR> d-------- C:\DOCUME~1\user\Application Data\Aim
2007-01-15 09:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Viewpoint
2007-01-15 09:13 <DIR> d-------- C:\Program Files\AIM
2007-01-14 19:09 6,912 --a------ C:\WINDOWS\system32\drivers\JGOGO.sys
2007-01-14 19:09 42,368 --a------ C:\WINDOWS\system32\drivers\jraid.sys
2007-01-14 11:44 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-01-14 11:38 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-14 10:13 <DIR> d-------- C:\WINDOWS\Hewlett-Packard
2007-01-14 09:19 <DIR> d-------- C:\ATI
2007-01-13 21:42 <DIR> d-------- C:\Program Files\pspvideo9
2007-01-13 21:36 <DIR> d-------- C:\Program Files\VideoraiPodConverter
2007-01-13 21:17 77,824 --a------ C:\WINDOWS\system32\MagicTuneUser.exe
2007-01-13 21:17 40,960 --a------ C:\WINDOWS\system32\nvgpio.dll
2007-01-13 21:17 36,864 --a------ C:\WINDOWS\system32\nvapi9x.dll
2007-01-13 21:17 13,396 --a------ C:\WINDOWS\system32\drivers\MTiCtwl.sys
2007-01-13 21:16 <DIR> d-------- C:\Program Files\SEC
2007-01-13 18:28 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab
2007-01-13 14:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-13 14:13 <DIR> d-------- C:\a738b0bb5d41640483b22bbfb3a95b69
2007-01-13 12:57 <DIR> d-------- C:\Program Files\Steam
2007-01-13 11:27 <DIR> d-------- C:\Program Files\Electronic Arts
2007-01-13 11:08 <DIR> d-------- C:\Program Files\EA GAMES
2007-01-13 10:49 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-13 10:45 <DIR> d-------- C:\DOCUME~1\user\Application Data\acccore
2007-01-13 10:44 <DIR> d-------- C:\Program Files\PlayLinc
2007-01-13 10:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-01-13 10:20 <DIR> d-------- C:\Program Files\QuickTime
2007-01-13 10:20 <DIR> d-------- C:\Program Files\iTunes
2007-01-13 10:20 <DIR> d-------- C:\Program Files\iPod
2007-01-13 10:20 <DIR> d-------- C:\Program Files\Apple Software Update
2007-01-13 10:20 <DIR> d-------- C:\DOCUME~1\user\Application Data\Apple Computer
2007-01-13 10:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
2007-01-13 09:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-13 09:58 <DIR> d-------- C:\DOCUME~1\user\Application Data\Adobe
2007-01-13 09:51 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-13 09:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-13 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2007-01-13 09:49 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-13 09:49 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-01-13 09:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-13 09:46 <DIR> dr-h----- C:\MSOCache
2007-01-13 09:26 <DIR> d-------- C:\temp
2007-01-13 09:25 <DIR> d-------- C:\Program Files\Overland
2007-01-13 09:22 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-01-13 09:22 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-01-13 09:22 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-01-13 09:22 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-01-13 09:22 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-01-13 09:22 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-01-13 09:21 <DIR> d-------- C:\Program Files\HP
2007-01-13 08:58 <DIR> d-------- C:\Program Files\Ventrilo
2007-01-13 08:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-13 08:58 <DIR> d-------- C:\DOCUME~1\user\Application Data\Ventrilo
2007-01-13 08:39 <DIR> d---s---- C:\Program Files\Xfire
2007-01-13 08:39 <DIR> d-------- C:\DOCUME~1\user\Application Data\Xfire
2007-01-13 08:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-01-13 08:00 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-13 07:57 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-13 07:57 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-13 07:57 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-13 07:57 <DIR> d-------- C:\Program Files\Webroot
2007-01-13 07:57 <DIR> d-------- C:\DOCUME~1\user\Application Data\Webroot
2007-01-13 07:57 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-01-13 07:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-01-13 07:52 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-13 07:51 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-13 07:51 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-13 07:51 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-13 00:18 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-13 00:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-13 00:17 <DIR> d-------- C:\WINDOWS\system32\en-us
2007-01-13 00:17 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-13 00:07 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-01-13 00:07 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-01-13 00:07 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-01-13 00:04 23,040 --------- C:\WINDOWS\kb913800.exe
2007-01-12 23:59 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-12 23:59 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-12 23:57 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-01-12 23:57 <DIR> d--hs---- C:\DOCUME~1\user\UserData
2007-01-12 23:57 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-12 23:55 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-01-12 23:55 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-12 23:55 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-01-12 23:55 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-01-12 23:55 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-01-12 23:55 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-12 23:55 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-01-12 23:55 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-12 23:55 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-01-12 23:55 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-01-12 23:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-12 23:53 <DIR> d-------- C:\WINDOWS\Cache
2007-01-12 23:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-12 23:52 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-01-12 23:51 385,024 --a------ C:\WINDOWS\system32\JMRaidTool.exe
2007-01-12 23:51 <DIR> d-------- C:\WINDOWS\JM
2007-01-12 23:49 <DIR> d-------- C:\Program Files\Multimedia Card Reader
2007-01-12 23:48 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-12 19:47 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-01-12 19:47 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2007-01-12 19:47 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-01-12 19:47 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-01-12 19:46 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2007-01-12 19:46 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-01-12 19:46 1,396,831 --a------ C:\WINDOWS\system32\AegisE5.dll
2007-01-12 19:46 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2007-01-12 19:39 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-01-12 19:39 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-01-12 19:39 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-09 08:58 <DIR> d--hs---- C:\RECYCLER
2007-01-09 08:52 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-01-09 08:52 <DIR> d-------- C:\DOCUME~1\user\Application Data\ATI
2007-01-09 08:51 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-01-09 08:51 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-09 08:50 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-01-09 08:50 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-01-09 08:50 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-01-09 08:50 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-01-09 08:50 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-01-09 08:50 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-01-09 08:50 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-01-09 08:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-01-09 08:50 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-01-09 08:50 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-01-09 08:50 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-01-09 08:50 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-01-09 08:50 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-09 08:50 <DIR> d-------- C:\Program Files\Ahead
2007-01-09 08:49 <DIR> d-------- C:\Program Files\CyberLink
2007-01-09 08:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2007-01-09 08:48 <DIR> d-------- C:\Program Files\Futuremark
2007-01-09 08:45 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-01-09 08:42 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-01-09 08:42 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-01-09 08:42 <DIR> d-------- C:\Program Files\ATI Technologies
2007-01-09 08:40 369,024 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2007-01-09 08:39 81,408 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-01-09 08:38 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-09 08:38 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-09 08:38 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-09 08:38 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-09 08:38 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-09 08:38 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-09 08:38 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-09 08:38 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-09 08:38 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-01-09 08:38 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-09 08:38 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-09 08:38 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-09 08:38 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-09 08:38 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-09 08:38 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-01-09 08:38 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-01-09 08:37 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2007-01-09 08:37 86,016 -r------- C:\WINDOWS\SoundMan.exe
2007-01-09 08:37 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-01-09 08:37 4,271,616 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2007-01-09 08:37 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2007-01-09 08:37 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2007-01-09 08:37 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2007-01-09 08:37 16,206,848 -r------- C:\WINDOWS\RTHDCPL.exe
2007-01-09 08:37 1,448,960 --a------ C:\WINDOWS\SkyTel.exe
2007-01-09 08:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-09 08:37 <DIR> d-------- C:\Program Files\Realtek
2007-01-09 08:37 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-01-09 08:36 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-09 08:36 <DIR> d-------- C:\Program Files\Intel
2007-01-09 08:32 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-09 08:30 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-01-09 08:30 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-09 08:30 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-01-09 08:28 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-01-09 08:28 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-01-09 08:28 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-01-09 08:28 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-01-09 08:28 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-01-09 08:28 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-01-09 08:28 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-01-09 08:28 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-01-09 08:28 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-01-09 08:28 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-01-09 08:28 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-01-09 08:28 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-01-09 08:28 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-01-09 08:28 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-01-09 08:28 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-01-09 08:28 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-01-09 08:28 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-01-09 08:28 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-09 08:28 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-09 08:28 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-09 08:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-01-09 08:25 0 -rahs---- C:\MSDOS.SYS
2007-01-09 08:25 0 -rahs---- C:\IO.SYS
2007-01-09 08:25 0 --a------ C:\CONFIG.SYS
2007-01-09 08:25 0 --a------ C:\AUTOEXEC.BAT
2007-01-09 08:25 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-01-09 08:25 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-01-09 08:24 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-01-09 08:24 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-01-09 08:24 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-01-09 08:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-09 08:23 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-01-09 08:23 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-01-09 08:23 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-01-09 08:23 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-01-09 08:23 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-01-09 08:23 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-01-09 08:23 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-01-09 08:23 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-01-09 08:23 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-01-09 08:23 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-01-09 08:23 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-01-09 08:23 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-01-09 08:23 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-01-09 08:23 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-09 08:23 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-01-09 08:23 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-01-09 08:23 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-01-09 08:23 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-01-09 08:23 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-01-09 08:23 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-01-09 08:23 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-01-09 08:23 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-01-09 08:23 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-01-09 08:23 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-01-09 08:23 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-01-09 08:23 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-01-09 08:23 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-01-09 08:23 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-01-09 08:23 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-01-09 08:23 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-09 08:23 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-01-09 08:23 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-01-09 08:23 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-01-09 08:23 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-09 08:23 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-01-09 08:23 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-01-09 08:23 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-01-09 08:23 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-09 08:23 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-01-09 08:23 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-01-09 08:23 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-01-09 08:23 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-01-09 08:23 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-01-09 08:23 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-01-09 08:23 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-01-09 08:23 <DIR> d---s---- C:\WINDOWS\Tasks
2007-01-09 08:23 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-01-09 08:23 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-01-09 08:23 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-01-09 08:23 <DIR> d-------- C:\WINDOWS\srchasst
2007-01-09 08:23 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-01-09 08:22 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-09 08:22 <DIR> d-------- C:\WINDOWS\Registration
2007-01-09 08:22 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-09 08:22 <DIR> d-------- C:\Program Files\Online Services
2007-01-09 08:21 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-01-09 08:21 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-01-09 08:21 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-01-09 08:21 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-01-09 08:21 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-01-09 08:21 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-01-09 08:21 85,504 --a------ C:\WINDOWS\system32\mhn.dll
2007-01-09 08:21 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-01-09 08:21 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-01-09 08:21 8,704 --a------ C:\WINDOWS\system32\igdetect.dll
2007-01-09 08:21 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-01-09 08:21 7,093,760 --a------ C:\WINDOWS\system32\space.scr
2007-01-09 08:21 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-01-09 08:21 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-01-09 08:21 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-01-09 08:21 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-01-09 08:21 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-01-09 08:21 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-01-09 08:21 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-01-09 08:21 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-01-09 08:21 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-01-09 08:21 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-01-09 08:21 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-01-09 08:21 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-01-09 08:21 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-01-09 08:21 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-01-09 08:21 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-01-09 08:21 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-01-09 08:21 5,068,800 --a------ C:\WINDOWS\system32\davinci.scr
2007-01-09 08:21 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-01-09 08:21 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-01-09 08:21 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-01-09 08:21 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-01-09 08:21 4,396,544 --a------ C:\WINDOWS\system32\wpgldfsh.scr
2007-01-09 08:21 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-01-09 08:21 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-01-09 08:21 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-01-09 08:21 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-01-09 08:21 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-01-09 08:21 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-01-09 08:21 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-01-09 08:21 3,343,360 --a------ C:\WINDOWS\system32\nature.scr
2007-01-09 08:21 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-01-09 08:21 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-01-09 08:21 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-01-09 08:21 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-01-09 08:21 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-01-09 08:21 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-01-09 08:21 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-09 08:21 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-01-09 08:21 20,576 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-01-09 08:21 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-01-09 08:21 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-01-09 08:21 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-01-09 08:21 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-01-09 08:21 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-01-09 08:21 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-01-09 08:21 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-01-09 08:21 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-01-09 08:21 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-01-09 08:21 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-01-09 08:21 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-01-09 08:21 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-01-09 08:21 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-01-09 08:21 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-01-09 08:21 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-01-09 08:21 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-01-09 08:21 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-01-09 08:21 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-01-09 08:21 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-09 08:21 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-01-09 08:21 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-01-09 08:21 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-01-09 08:21 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-01-09 08:21 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-01-09 08:21 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-09 08:21 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-01-09 08:21 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-01-09 08:21 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-01-09 08:21 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-01-09 08:21 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-01-09 08:21 11,008 --a------ C:\WINDOWS\system32\drivers\mhndrv.sys
2007-01-09 08:21 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-01-09 08:21 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-01-09 08:21 1,742,336 --a------ C:\WINDOWS\system32\mypixdx.scr
2007-01-09 08:21 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-01-09 08:21 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-01-09 08:21 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-01-09 08:21 <DIR> d-------- C:\WINDOWS\system32\Com
2007-01-09 08:21 <DIR> d-------- C:\Program Files\Windows Plus
2007-01-09 08:21 <DIR> d-------- C:\Program Files\Windows NT
2007-01-09 08:21 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-01-09 08:21 <DIR> d-------- C:\Program Files\Movie Maker
2007-01-09 08:21 <DIR> d-------- C:\Program Files\Messenger
2007-01-09 08:20 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-01-09 08:20 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-01-09 08:20 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-09 08:20 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-09 08:20 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-01-09 08:20 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-01-09 00:19 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-01-09 00:19 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-01-09 00:18 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-01-09 00:16 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-01-09 00:16 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-01-09 00:16 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-01-09 00:16 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-01-09 00:16 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-01-09 00:16 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-01-09 00:16 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-01-09 00:16 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-01-09 00:16 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-01-09 00:16 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-01-09 00:16 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-01-09 00:16 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-01-09 00:16 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-01-09 00:16 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-01-09 00:16 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-01-09 00:16 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-01-09 00:16 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-01-09 00:16 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-01-09 00:16 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-01-09 00:16 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-01-09 00:16 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-01-09 00:16 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-01-09 00:16 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-01-09 00:16 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-01-09 00:16 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-01-09 00:16 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-01-09 00:16 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-01-09 00:16 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-01-09 00:16 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-01-09 00:16 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-01-09 00:16 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-01-09 00:16 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-01-09 00:16 <DIR> dr------- C:\Program Files
2007-01-09 00:16 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-01-09 00:16 <DIR> d--hs---- C:\WINDOWS\Installer
2007-01-09 00:16 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-01-09 00:16 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-01-09 00:16 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-01-09 00:16 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-01-09 00:15 <DIR> d--hs---- C:\System Volume Information
2007-01-09 00:15 <DIR> d-------- C:\Documents and Settings
2007-01-09 00:14 <DIR> d-------- C:\UPDATES
2007-01-09 00:13 <DIR> d-------- C:\WINDOWS\THEMES
2007-01-09 00:13 <DIR> d-------- C:\PNPDRIVERS
2007-01-09 00:13 <DIR> d-------- C:\DRIVERS
2007-01-09 00:09 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-01-09 00:09 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-01-09 00:09 <DIR> dr------- C:\WINDOWS\Web
2007-01-09 00:09 <DIR> d--h----- C:\WINDOWS\inf
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\WinSxS
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\twain_32
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\wins
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\spool
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\ras
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\npp
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\mui
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\IME
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\ias
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\export
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\config
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\3076
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\2052
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\1054
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\1042
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\1041
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\1037
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\1033
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\1031
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\1028
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32\1025
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system32
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\system
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\security
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Resources
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\repair
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Provisioning
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\PeerNet
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\pchealth
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\mui
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\msapps
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\msagent
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Media
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\java
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\ime
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Help
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\ehome
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Debug
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Cursors
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\Config
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\AppPatch
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS\addins
2007-01-09 00:09 <DIR> d-------- C:\WINDOWS

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-28 12:45 -------- d---s---- C:\DOCUME~1\user\Application Data\microsoft
2007-01-13 10:45 -------- d-------- C:\DOCUME~1\user\Application Data\macromedia
2007-01-13 08:16 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-01-13 08:16 197648 --a------ C:\WINDOWS\system32\drivers\TmXPFlt.sys
2007-01-13 08:16 1051456 --a------ C:\WINDOWS\system32\drivers\VSAPINT.SYS
2007-01-09 08:34 -------- d-------- C:\DOCUME~1\user\Application Data\identities
2007-01-09 00:16 62 --ahs---- C:\DOCUME~1\user\Application Data\desktop.ini
2006-12-19 05:02 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-12-16 18:50 263168 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-12-16 18:50 1918464 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-16 18:44 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-12-16 18:44 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2006-12-16 18:44 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-12-16 18:44 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-12-16 18:44 102400 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-12-16 18:42 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2006-12-16 18:42 434176 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-12-16 18:35 2676672 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-12-16 18:30 1289472 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-12-16 18:23 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-12-16 18:21 5304320 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-12-16 18:17 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-12-16 18:16 303104 --a------ C:\WINDOWS\system32\atidemgr.dll
2006-12-16 18:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-12-16 18:10 315392 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-11-27 00:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ---------

#6
don77

Posted 30 January 2007 - 07:57 PM

Malware Expert

Retired Staff
18,526 posts

almost there

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens,Click Scan for Vundo button.
* Once the scan is complete, Right Click inside the listbox (white box) and click add more files
* Copy&Paste the entries below into the top 2 boxes

C:\WINDOWS\system32\khfcdaa.dll

* Click Add Files and Click Close Window
* Click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.[/list]

Lets have a look at an online scan as well

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#7
MoNsTeReNeRgY22

Posted 30 January 2007 - 09:01 PM

Member 2k

Topic Starter
Member
2,539 posts

#8
don77

Posted 30 January 2007 - 09:10 PM

Malware Expert

Retired Staff
18,526 posts

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log back here for me please.

IMPORTANT: Do NOT run any other options until you are asked to do so!

#9
MoNsTeReNeRgY22

Posted 30 January 2007 - 10:09 PM

Member 2k

Topic Starter
Member
2,539 posts

Sorry here is the panda scan results of My Computer

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\user@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\user\Cookies\user@adrevolver[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\user\Cookies\user@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\user@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\user\Cookies\user@fastclick[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\user\Cookies\user@gostats[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\user\Cookies\[email protected][3].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\user\Cookies\user@hitbox[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\user\Cookies\user@zedo[1].txt

SmitFraudFix v2.137

Scan done at 20:08:40.14, Tue 01/30/2007
Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

#10
don77

Posted 30 January 2007 - 10:20 PM

Malware Expert

Retired Staff
18,526 posts

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next
Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpySweeper:

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

Next

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: (no name) - {EF7C999D-43DD-43C3-A25B-2DB1A881664A} - C:\WINDOWS\system32\khfcdaa.dll

Next Reboot into SAFE MODE
Search for and delete the File highlighted in BOLD

C:\WINDOWS\system32\khfcdaa.dll

Restart your computer, Post back a fresh log please

#11
MoNsTeReNeRgY22

Posted 30 January 2007 - 10:27 PM

Member 2k

Topic Starter
Member
2,539 posts

In advance thanks for all your help so far. But now I start receiving random pop ups all of the sudden while I am browsing. Like if I click on a link I will get one, or just browsing a page. :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 8:42:08 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\msmsgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\system32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\system32\bntcyfwj.dll",setvm
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168675042088
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168675091073
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_18) - http://javadl-esd.su...ll-13-win32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...951/mcfscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\navsvc.exe (file missing)

Edited by MoNsTeReNeRgY22, 30 January 2007 - 10:44 PM.

#12
don77

Posted 31 January 2007 - 09:08 AM

Malware Expert

Retired Staff
18,526 posts

Getting there,
Please read through the following instructions and make sure you post back all requested info for me please

First
Disable Windows Defender

* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Uncheck Turn on Real Time Protection (recommended)
* After you uncheck this, click on the Save button
* Close Windows Defender

Next
Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpySweeper:

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

Next

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\system32\bntcyfwj.dll",setvm
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe

Next Reboot into SAFE MODE
Search for and delete the Folders highlighted in Blue Files highlighted in BOLD

msmsgr.exe <-- you will need to search for this file using the search function,, Please let me know if you find it or not

Restart your computer, Post back a fresh log please

Next

Please go to Jotti's malware scan
Copy and paste the following file path C:\WINDOWS\navsvc.exe
into the box on the top of the page:
Click on the submit button
Please post the results in your next reply.

In recap I need a fresh HJT log
what Jotti's found on the file

#13
MoNsTeReNeRgY22

Posted 31 January 2007 - 04:11 PM

Member 2k

Topic Starter
Member
2,539 posts

Well I did everything and then botted up in Safe Mode. The only thing that was found was some pf file with msmsgr.exe in it. So i delted it , and then my keyboard woudl't work. So I ran Windows in last known good configuration and now thats good. But before I left I ran a Spy Sweeper scan andit found 2 threats with 4 traces. Virtumonde & Maxifiles. They are both quarintined in Spy Sweeper right now. I am also receiving many pop ups of adult websites, and other sites. And here are the logs you requested. And for the Jotti's scan I turned of my firewall and still gave me that below. I also ran the VirtumundoBegone Tool. I will post the log file I received from that first, followed by Jottils Log File, then a fresh Hijack This Log. I also have an AVG Anti-Spyware 7.5 Log.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:09:17 PM 1/31/2007

+ Scan result:

C:\System Volume Information\_restore{88C8906B-8A01-42E3-9635-0FB596BE073B}\RP62\A0015641.exe -> Backdoor.SdBot.bdt : No action taken.

::Report end

[01/31/2007, 14:53:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\user\Desktop\VirtumundoBeGone.exe" )
[01/31/2007, 14:53:22] - Detected System Information:
[01/31/2007, 14:53:22] - Windows Version: 5.1.2600, Service Pack 2
[01/31/2007, 14:53:22] - Current Username: user (Admin)
[01/31/2007, 14:53:22] - Windows is in NORMAL mode.
[01/31/2007, 14:53:22] - Searching for Browser Helper Objects:
[01/31/2007, 14:53:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/31/2007, 14:53:22] - BHO 2: {1A1491C8-2721-48BD-A2E8-798CC8436065} ()
[01/31/2007, 14:53:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/31/2007, 14:53:22] - Checking for HKLM\...\Winlogon\Notify\mljjh
[01/31/2007, 14:53:22] - Found: HKLM\...\Winlogon\Notify\mljjh - This is probably Virtumundo.
[01/31/2007, 14:53:22] - Assigning {1A1491C8-2721-48BD-A2E8-798CC8436065} MSEvents Object
[01/31/2007, 14:53:22] - BHO list has been changed! Starting over...
[01/31/2007, 14:53:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/31/2007, 14:53:22] - BHO 2: {1A1491C8-2721-48BD-A2E8-798CC8436065} (MSEvents Object)
[01/31/2007, 14:53:22] - ALERT: Found MSEvents Object!
[01/31/2007, 14:53:22] - BHO 3: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[01/31/2007, 14:53:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/31/2007, 14:53:22] - Checking for HKLM\...\Winlogon\Notify\lbupocje
[01/31/2007, 14:53:22] - Key not found: HKLM\...\Winlogon\Notify\lbupocje, continuing.
[01/31/2007, 14:53:22] - Finished Searching Browser Helper Objects
[01/31/2007, 14:53:22] - *** Detected MSEvents Object
[01/31/2007, 14:53:22] - Trying to remove MSEvents Object...
[01/31/2007, 14:53:23] - Terminating Process: IEXPLORE.EXE
[01/31/2007, 14:53:24] - Terminating Process: RUNDLL32.EXE
[01/31/2007, 14:53:24] - Disabling Automatic Shell Restart
[01/31/2007, 14:53:24] - Terminating Process: EXPLORER.EXE
[01/31/2007, 14:53:24] - Suspending the NT Session Manager System Service
[01/31/2007, 14:53:24] - Terminating Windows NT Logon/Logoff Manager
[01/31/2007, 14:53:25] - Re-enabling Automatic Shell Restart
[01/31/2007, 14:53:25] - File to disable: C:\WINDOWS\system32\mljjh.dll
[01/31/2007, 14:53:25] - Renaming C:\WINDOWS\system32\mljjh.dll -> C:\WINDOWS\system32\mljjh.dll.vir
[01/31/2007, 14:53:25] - File successfully renamed!
[01/31/2007, 14:53:25] - Removing HKLM\...\Browser Helper Objects\{1A1491C8-2721-48BD-A2E8-798CC8436065}
[01/31/2007, 14:53:25] - Removing HKCR\CLSID\{1A1491C8-2721-48BD-A2E8-798CC8436065}
[01/31/2007, 14:53:25] - Adding Kill Bit for ActiveX for GUID: {1A1491C8-2721-48BD-A2E8-798CC8436065}
[01/31/2007, 14:53:25] - Deleting ATLEvents/MSEvents Registry entries
[01/31/2007, 14:53:25] - Removing HKLM\...\Winlogon\Notify\mljjh
[01/31/2007, 14:53:25] - Searching for Browser Helper Objects:
[01/31/2007, 14:53:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/31/2007, 14:53:25] - BHO 2: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[01/31/2007, 14:53:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/31/2007, 14:53:25] - Checking for HKLM\...\Winlogon\Notify\lbupocje
[01/31/2007, 14:53:25] - Key not found: HKLM\...\Winlogon\Notify\lbupocje, continuing.
[01/31/2007, 14:53:25] - Finished Searching Browser Helper Objects
[01/31/2007, 14:53:25] - Finishing up...
[01/31/2007, 14:53:25] - A restart is needed.
[01/31/2007, 14:53:37] - Attempting to Restart via STOP error (Blue Screen!)

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Logfile of HijackThis v1.99.1
Scan saved at 2:11:02 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\system32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...tallMgr_v01.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168675042088
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168675091073
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_18) - http://javadl-esd.su...ll-13-win32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...951/mcfscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\navsvc.exe (file missing)

Edited by MoNsTeReNeRgY22, 31 January 2007 - 07:11 PM.

#14
don77

Posted 31 January 2007 - 07:36 PM

Malware Expert

Retired Staff
18,526 posts

Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

Windows Server Management Services (WSMSPSVC)

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

WSMSPSVC

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Post a new HiJackThis log after it reboots and let me know if you received any error messages.

Lets do a little digging here

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.