Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help needed


  • Please log in to reply

#1
The Jester

The Jester

    New Member

  • Member
  • Pip
  • 4 posts
Hi, everyone,
I am having some problems with popup to such an extent that at times they close faster than I can open them
I am leaving the Pandascan and HJT file. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 12:23:55 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
c:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omaha.cox.net/cci/home
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\argwihxs.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - c:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



PANDA FILE

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\argwihxs.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tuvwwww.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\dlpeetkp.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\upsooqkt.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\urqromk.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\vtmmijgi.exe
  • 0

Advertisements


#2
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello The Jester and Welcome to Geeks To Go!

It is likely that you have a variant of the Vundo trojan that hides itself from HijackThis.exe so if we rename HijackThis, the entries should become visible.

Go to the C:\Program Files\HijackThis folder. Right click on the HijackThis.exe file and select "Rename". Rename it geek.exe.

Then run HijackThis again and post a new log please.
  • 0

#3
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello The Jester and Welcome to Geeks To Go!

It is likely that you have a variant of the Vundo trojan that hides itself from HijackThis.exe so if we rename HijackThis, the entries should become visible.

Go to the C:\Program Files\HijackThis folder. Right click on the HijackThis.exe file and select "Rename". Rename it geek.exe.

Then run HijackThis again and post a new log please.
  • 0

#4
The Jester

The Jester

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Just changed the file and now this is the new HJT log
Thanks so much for helping.

Logfile of HijackThis v1.99.1
Scan saved at 2:00:07 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Geek.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omaha.cox.net/cci/home
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {4695C376-3C87-4548-9DE0-47F2277AB2Ac} - C:\WINDOWS\system32\titlpqav.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\tuvwwww.dll (file missing)
O2 - BHO: (no name) - {CD621D03-C354-4EA1-A3FE-F3001BDE39FD} - C:\WINDOWS\system32\fccby.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\argwihxs.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - c:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#5
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello The Jester

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

In your next reply, please include these log(s):

* Vundofix.txt
* HijackThis log (new)


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
  • 0

#6
The Jester

The Jester

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
New HJT New Panda and New Vundo



Logfile of HijackThis v1.99.1
Scan saved at 3:05:57 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Geek.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omaha.cox.net/cci/home
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {4695C376-3C87-4548-9DE0-47F2277AB2Ac} - C:\WINDOWS\system32\titlpqav.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\tuvwwww.dll (file missing)
O2 - BHO: (no name) - {CD621D03-C354-4EA1-A3FE-F3001BDE39FD} - C:\WINDOWS\system32\fccby.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\argwihxs.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - c:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



New Panda file

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\argwihxs.dll
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][1].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Julie\Cookies\[email protected][2].txt
Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\dlpeetkp.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\tuvwwww.dll.bad
Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\upsooqkt.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\urqromk.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\vtmmijgi.exe.bad


VundoFix V6.3.15
No infected files found
  • 0

#7
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello The Jester

Please read "ALL" of the instructions before proceeding:


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.(if present):

O2 - BHO: (no name) - {4695C376-3C87-4548-9DE0-47F2277AB2Ac} - C:\WINDOWS\system32\titlpqav.dll
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\tuvwwww.dll (file missing)
O2 - BHO: (no name) - {CD621D03-C354-4EA1-A3FE-F3001BDE39FD} - C:\WINDOWS\system32\fccby.dll (file missing)
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\argwihxs.dll",setvm
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Now close all windows other than HiJackThis, then click Fix Checked.


Please double-click Killbox.exe to run it.
Select:
  • Delete on Reboot
  • then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\argwihxs.dll



Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Next, Download ComboScan to your Desktop.

* Close all applications and windows.
* Double-click on comboscan.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt

Extra Note: When running ComboScan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags ComboScan as suspicious. Please allow the ComboScan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the Comboscan.txt from the Comboscan


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
  • 0

#8
The Jester

The Jester

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the Log file.
It is running alot better now. I have not encountered any popups as of now
THANK YOU SOOOOO MUCH!!!
I only wish more people could be as good at this as you are.
Im Definitely donating
ComboScan v20070306.20 run by Julie on 2007-03-09 at 22:20:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
35: 2007-03-10 04:20:53 UTC - RP35 - ComboScan Restore Point
34: 2007-03-09 16:11:24 UTC - RP34 - Removed MSXML 4.0 SP2 (KB927978)
33: 2007-03-09 15:18:32 UTC - RP33 - Software Distribution Service 2.0
32: 2007-03-09 06:35:23 UTC - RP32 - Windows Defender Checkpoint
31: 2007-03-09 05:51:57 UTC - RP31 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-02-20 06:08:26 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Julie.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:21:46 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
c:\Program Files\Cox\Applications\App\splash.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Julie\Desktop\comboscan.exe
C:\Julie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omaha.cox.net/cci/home
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - c:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


-- HijackThis Fixed Entries (C:\\backups\) -------------------------------------

backup-20070307-115245-298 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20070307-115440-464 O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
backup-20070307-115440-621 O4 - Global Startup: hp psc 1000 series.lnk = ?
backup-20070307-115440-674 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20070307-115440-685 O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
backup-20070307-115440-860 O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
backup-20070309-221428-146 O2 - BHO: (no name) - {CD621D03-C354-4EA1-A3FE-F3001BDE39FD} - C:\WINDOWS\system32\fccby.dll (file missing)
backup-20070309-221428-226 O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\tuvwwww.dll (file missing)
backup-20070309-221428-356 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20070309-221428-541 O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\argwihxs.dll",setvm
backup-20070309-221428-777 O2 - BHO: (no name) - {4695C376-3C87-4548-9DE0-47F2277AB2Ac} - C:\WINDOWS\system32\titlpqav.dll

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
1R Cdr4_xp - C:\WINDOWS\system32\drivers\cdr4_xp.sys
1R Cdralw2k - C:\WINDOWS\system32\drivers\cdralw2k.sys
1R cdudf_xp - C:\WINDOWS\system32\drivers\Cdudf_xp.sys
2R CSS DVP - C:\WINDOWS\system32\drivers\css-dvp.sys
3R ctljystk (Creative SBLive! Gameport) - C:\WINDOWS\system32\drivers\ctljystk.sys
3R DLH5X (D-Link DL10050 based Adapter NT Driver) - C:\WINDOWS\system32\drivers\DLH5XND5.sys
3S dvd_2K - C:\WINDOWS\system32\drivers\Dvd_2k.sys
3R emu10k (Creative SB Live! (WDM)) - C:\WINDOWS\system32\drivers\emu10k1m.sys
3R emu10k1 (Creative Interface Manager Driver (WDM)) - C:\WINDOWS\system32\drivers\ctlfacem.sys
3S GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
0R GRFILTER (Authentium NDIS Driver) - C:\WINDOWS\system32\drivers\GRFilter.sys
2R GRTdiMon (Authentium TDI Mon) - C:\WINDOWS\system32\drivers\GRTdiMon.sys
3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3R HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3R HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3S mmc_2K - C:\WINDOWS\system32\drivers\Mmc_2k.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
1R P3 (Intel PentiumIII Processor Driver) - C:\WINDOWS\system32\drivers\p3.sys
1R pwd_2k - C:\WINDOWS\system32\drivers\pwd_2K.sys
3R sfman (Creative SoundFont Manager Driver (WDM)) - C:\WINDOWS\system32\drivers\sfmanm.sys
1R UdfReadr_xp - C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R AuthSysSvc (Cox High Speed Internet Security Suite System Service) - c:\Program Files\Cox\Applications\App\syssvcnt.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R dvpapi - "c:\Program Files\Common Files\Command Software\dvpapi.exe"
3S iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"


-- Scheduled Tasks -------------------------------------------------------------

2007-03-09 15:36:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-03-09 13:58:53 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-20 00:23:53 388 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1171952585.job<FRUTAS~1.JOB>


-- Files created between 2007-02-09 and 2007-03-09 -----------------------------

2007-03-09 22:21:41 218112 --a------ C:\Julie.exe
2007-03-09 22:14:48 0 d-------- C:\!KillBox
2007-03-09 12:45:16 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-03-09 11:36:20 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-09 10:57:32 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-09 10:57:23 0 d-------- C:\Program Files\Grisoft
2007-03-09 09:18:37 0 d-------- C:\fe0e5e8f4a71a8cc22acee8a3b0112<FE0E5E~1>
2007-03-09 09:18:08 131604 --a------ C:\WINDOWS\system32\titlpqav.dll
2007-03-09 03:37:52 0 d-------- C:\WINDOWS\pss
2007-03-08 23:50:17 0 d-------- C:\Program Files\Windows Defender<WINDOW~4>
2007-03-08 23:47:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-08 21:36:57 0 d-------- C:\Program Files\Common Files\RuleSpace<RULESP~1>
2007-03-08 21:35:15 0 d-------- C:\Program Files\Common Files\Command Software<COMMAN~1>
2007-03-08 20:28:03 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-07 12:31:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Authentium<AUTHEN~1>
2007-03-07 12:27:25 0 d-------- C:\Program Files\Cox
2007-03-07 12:23:05 106496 -ra------ C:\WINDOWS\system32\atl71.dll
2007-03-07 12:23:05 0 d-------- C:\Program Files\Common Files\Authentium Shared<AUTHEN~1>
2007-03-07 11:52:45 0 d-------- C:\backups
2007-03-07 10:28:53 0 d-------- C:\Documents and Settings\Julie\Application Data\Lavasoft
2007-03-06 06:16:09 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-06 00:08:57 0 d--hs---- C:\WINDOWS\ftpcache
2007-03-05 20:33:10 0 d-------- C:\WINDOWS\Sun
2007-03-05 20:33:10 0 d-------- C:\Documents and Settings\Julie\Application Data\Sun
2007-03-05 20:32:22 0 d-------- C:\Program Files\Java
2007-03-05 20:30:52 0 d-------- C:\Program Files\Common Files\Java
2007-03-05 14:41:06 0 d-------- C:\Documents and Settings\Julie\Application Data\Adobe
2007-03-05 14:39:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-05 14:37:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-04 21:01:40 0 d-------- C:\Documents and Settings\Julie\Application Data\Hewlett-Packard<HEWLET~1>
2007-03-04 13:17:27 16 --a------ C:\WINDOWS\popcinfo.dat
2007-03-03 22:36:41 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2007-03-02 21:47:35 176128 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-02 21:47:35 0 d-------- C:\WINDOWS\nview
2007-03-02 21:47:27 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-02 21:41:38 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-02 21:41:20 0 d-------- C:\NVIDIA
2007-03-02 21:37:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-02-27 15:35:16 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-02-27 15:35:16 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-02-27 15:33:56 8464 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-23 12:18:25 0 d-------- C:\Documents and Settings\Julie\Application Data\Apple Computer<APPLEC~1>
2007-02-23 12:18:11 0 d-------- C:\Program Files\iPod
2007-02-23 12:18:05 0 d-------- C:\Program Files\iTunes
2007-02-23 12:16:54 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-23 12:16:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-23 12:04:55 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-21 21:03:36 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-21 21:03:33 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-21 21:03:30 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-02-21 21:03:19 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-21 21:03:15 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-21 21:03:13 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-21 21:03:10 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-21 21:03:06 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-21 21:03:03 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-02-21 21:03:01 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-02-21 21:02:56 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-02-21 21:02:42 3712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-02-21 21:02:41 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-02-21 21:02:14 51200 --a------ C:\WINDOWS\system32\sfman32.dll
2007-02-21 21:02:14 36480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys
2007-02-21 21:02:07 495616 --a------ C:\WINDOWS\system32\sblfx.dll
2007-02-21 21:02:06 283904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys
2007-02-21 21:02:06 24064 --a------ C:\WINDOWS\system32\devldr32.exe
2007-02-21 21:02:06 256512 --a------ C:\WINDOWS\system32\devcon32.dll
2007-02-21 21:02:06 4096 --a------ C:\WINDOWS\system32\ctwdm32.dll
2007-02-21 21:02:03 6912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys
2007-02-21 21:02:02 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-21 21:02:02 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-21 21:02:00 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-20 19:43:05 0 d-------- C:\Documents and Settings\Julie\Application Data\Roxio
2007-02-20 19:38:10 0 d-------- C:\Program Files\Roxio
2007-02-20 19:36:05 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-02-20 19:36:01 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-20 19:27:12 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~4>
2007-02-20 19:25:45 0 d-------- C:\WINDOWS\ShellNew
2007-02-20 19:25:43 0 d-------- C:\Program Files\Common Files\L&H
2007-02-20 19:04:28 26624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-02-20 19:04:27 7168 --a------ C:\WINDOWS\system32\hccoin.dll
2007-02-20 19:04:14 17024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-02-20 01:01:54 0 d---s---- C:\Documents and Settings\Julie\UserData
2007-02-20 01:01:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-20 00:59:33 0 d-------- C:\Program Files\Yahoo!
2007-02-20 00:52:11 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-02-20 00:38:58 1835008 --ah----- C:\Documents and Settings\Julie\NTUSER.DAT
2007-02-20 00:22:46 35840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-02-20 00:22:00 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-20 00:21:59 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-20 00:21:58 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-20 00:21:00 57344 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2007-02-20 00:21:00 94208 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2007-02-20 00:20:59 167936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2007-02-20 00:20:59 65795 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2007-02-20 00:20:59 61699 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2007-02-20 00:20:59 233528 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2007-02-20 00:20:59 16080 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-02-20 00:20:58 51024 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2007-02-20 00:20:35 21456 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-02-20 00:20:31 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-20 00:20:23 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-20 00:20:19 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-20 00:18:16 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-20 00:17:13 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-20 00:15:52 16618 -----n--- C:\WINDOWS\hpomdl01.dat
2007-02-20 00:15:52 20454 --a------ C:\WINDOWS\hpoins01.dat
2007-02-20 00:11:12 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-20 00:05:33 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-02-20 00:05:23 0 d-------- C:\WINDOWS\Prefetch
2007-02-20 00:05:21 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-02-20 00:05:11 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-02-20 00:00:23 0 d-------- C:\WINDOWS\system32\xircom
2007-02-20 00:00:23 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-19 23:59:50 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-02-19 23:59:41 0 -rahs---- C:\MSDOS.SYS
2007-02-19 23:59:41 0 -rahs---- C:\IO.SYS
2007-02-19 23:59:41 0 --a------ C:\AUTOEXEC.BAT
2007-02-19 23:59:40 0 --a------ C:\CONFIG.SYS
2007-02-19 23:59:18 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-19 23:57:58 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-02-19 23:57:41 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-19 23:57:41 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-02-19 23:57:25 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-19 23:57:00 0 d-------- C:\WINDOWS\system32\DirectX
2007-02-19 23:56:40 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-19 23:56:32 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-19 23:56:31 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-19 23:56:28 0 d---s---- C:\WINDOWS\Tasks
2007-02-19 23:56:28 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-19 23:56:27 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-19 23:56:24 0 d-------- C:\WINDOWS\srchasst
2007-02-19 23:56:23 0 d-------- C:\WINDOWS\system32\Macromed
2007-02-19 23:56:21 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-19 23:56:21 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-19 23:56:21 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-19 23:56:21 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-19 23:56:20 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-19 23:56:20 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-19 23:56:20 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-19 23:56:20 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-19 23:56:20 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-19 23:56:20 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-19 23:56:20 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-02-19 23:56:20 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-02-19 23:56:19 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-19 23:56:16 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-19 23:56:13 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-19 23:56:13 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-19 23:56:13 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-19 23:56:13 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-19 23:56:10 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-02-19 23:56:10 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-02-19 23:56:10 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-19 23:56:09 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-19 23:56:09 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-19 23:56:09 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-19 23:56:09 0 d-------- C:\WINDOWS\system32\Restore
2007-02-19 23:56:09 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-19 23:56:09 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-19 23:56:09 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-19 23:56:08 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-19 23:56:08 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-19 23:56:08 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-19 23:56:08 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-19 23:56:06 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-19 23:56:06 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-19 23:56:05 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-19 23:56:05 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-19 23:56:03 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-19 23:56:03 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-19 23:56:03 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-19 23:56:03 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-19 23:56:03 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-19 23:56:03 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-19 23:56:02 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-19 23:55:11 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-19 23:54:52 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-02-19 23:54:36 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-19 23:54:33 5632 --a------ C:\WINDOWS\system32\write.exe
2007-02-19 23:54:33 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-19 23:54:23 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-19 23:54:23 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-19 23:54:23 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-19 23:54:22 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-19 23:54:22 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-19 23:54:22 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-19 23:54:16 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-19 23:54:16 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-19 23:54:15 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-19 23:54:15 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-19 23:54:15 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-19 23:54:15 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-19 23:54:14 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-19 23:54:14 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-19 23:54:14 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-19 23:54:14 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-19 23:54:14 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-19 23:54:14 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-19 23:54:14 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-19 23:54:14 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-19 23:54:14 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-19 23:54:14 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-19 23:54:14 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-19 23:54:14 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-19 23:54:14 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-19 23:54:13 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-19 23:54:13 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-19 23:54:13 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-19 23:54:12 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-19 23:54:12 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-19 23:54:12 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-19 23:54:12 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-19 23:54:12 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-19 23:54:12 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-19 23:54:12 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-19 23:54:12 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-19 23:53:58 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-19 23:53:58 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-19 23:53:58 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-19 23:53:58 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-19 23:53:58 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-19 23:53:57 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-19 23:53:57 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-19 23:53:57 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-19 23:53:57 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-19 23:53:57 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-19 23:53:57 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-19 23:53:57 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-19 23:53:56 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-19 23:53:56 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-19 23:53:56 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-19 23:53:56 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-19 23:53:56 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-19 23:53:56 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-19 23:53:56 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-19 23:53:56 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-19 23:53:56 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-19 23:53:56 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-19 23:53:55 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-19 23:53:55 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-19 23:53:55 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-19 23:53:55 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-19 23:53:55 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-19 23:53:55 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-19 23:53:55 0 d-------- C:\WINDOWS\system32\MsDtc
2007-02-19 23:53:55 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-19 23:53:55 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-19 23:53:54 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-19 23:53:54 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-19 23:53:54 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-19 23:53:54 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-19 23:53:54 0 d-------- C:\WINDOWS\system32\Com
2007-02-19 23:53:54 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-19 23:53:54 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-19 23:53:53 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-19 23:53:53 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-19 23:53:53 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-19 23:53:53 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-19 23:53:53 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-19 23:53:53 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-19 23:53:47 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-19 23:53:47 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-19 23:53:47 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-19 23:53:47 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-19 23:53:42 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-19 23:53:41 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-19 17:50:22 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-19 17:49:30 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-19 17:49:08 3980288 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-02-19 17:49:08 3454656 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-02-19 17:48:50 26698 --a------ C:\WINDOWS\system32\drivers\DLH5XND5.sys
2007-02-19 17:48:36 42368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-02-19 17:48:29 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-19 17:46:58 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-02-19 17:46:57 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-19 17:46:54 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-19 17:46:53 0 d-a------ C:\Program Files<PROGRA~1>
2007-02-19 17:46:50 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-19 17:46:50 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-19 17:46:50 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-19 17:46:49 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-19 17:46:49 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-19 17:46:47 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-19 17:46:47 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-19 17:46:47 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-19 17:46:47 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-19 17:46:47 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-19 17:46:47 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-19 17:46:47 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-19 17:46:45 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-19 17:46:45 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-19 17:46:45 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-19 17:46:45 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-19 17:46:45 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-19 17:46:44 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-19 17:46:44 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-19 17:46:43 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-19 17:46:43 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-19 17:46:43 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-19 17:46:43 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-19 17:46:43 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-19 17:46:43 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-19 17:46:43 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-19 17:46:43 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-19 17:46:43 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-19 17:46:43 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-19 17:46:43 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-19 17:46:40 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-19 17:46:40 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-19 17:46:40 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-19 17:46:40 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-19 17:46:40 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-19 17:46:39 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-19 17:46:39 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-19 17:46:39 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-19 17:46:39 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-19 17:46:39 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-19 17:46:39 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-19 17:46:38 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-19 17:46:38 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-19 17:46:38 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-19 17:46:38 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-19 17:46:38 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-19 17:46:37 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-19 17:46:37 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-19 17:46:37 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-02-19 17:46:37 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-02-19 17:46:35 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-19 17:46:25 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-19 17:46:09 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-02-19 17:46:09 0 d-------- C:\WINDOWS\system32\CatRoot
2007-02-19 17:45:42 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-02-19 17:45:41 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-19 17:36:27 0 d-------- C:\WINDOWS
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\WinSxS
2007-02-19 17:36:27 0 dr------- C:\WINDOWS\Web
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\twain_32
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\wins
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\wbem
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\usmt
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\spool
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\ShellExt
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\Setup
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\ras
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\oobe
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\npp
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\mui
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\inetsrv
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\IME
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\icsxml
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\ias
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\export
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\drivers
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-02-19 17:36:27 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\dhcp
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\config
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\3076
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\2052
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\1054
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\1042
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\1041
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\1037
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\1033
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\1031
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\1028
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system32\1025
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\system
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\security
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\repair
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\PeerNet
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\pchealth
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\mui
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\msapps
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\msagent
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Media
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\java
2007-02-19 17:36:27 0 d--h----- C:\WINDOWS\inf
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\ime
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Help
2007-02-19 17:36:27 0 dr--s---- C:\WINDOWS\Fonts
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\ehome
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Debug
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Cursors
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\Config
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\AppPatch
2007-02-19 17:36:27 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-03-06 09:16:32 0 d---s---- C:\Documents and Settings\Julie\Application Data\Microsoft<MICROS~1>
2007-02-20 00:54:45 0 d-------- C:\Documents and Settings\Julie\Application Data\Macromedia<MACROM~1>
2007-02-20 00:39:16 0 d-------- C:\Documents and Settings\Julie\Application Data\Identities<IDENTI~1>
2007-02-19 17:46:25 62 --ahs---- C:\Documents and Settings\Julie\Application Data\desktop.ini
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-11 08:31:16 79336 --a------ C:\WINDOWS\system32\wscapi.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"ESP"="c:\\Program Files\\Cox\\Applications\\app\\start.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\hpoddt01.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udmogbjh"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\udmogbjh.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B07CB267-5E6F-441F-9B3C-324EFE70F897}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\



-- End of ComboScan: finished at 2007-03-09 at 22:22:25 ------------------------
  • 0

#9
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello The Jester

Please confirm that you have put the following restrictions / controlled options yourself as an administrator, If not have:


Run hijackthis again and put a check in the following:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".


It is running alot better now. I have not encountered any popups as of now
THANK YOU SOOOOO MUCH!!!

You're Welcome :whistling:

I only wish more people could be as good at this as you are.

Aww, Shucks!

Congratulations, your log's looks clean!

You will need to print out these instructions for a reference or you can
save them by copying and pasting them into notepad and saving the text file to the desktop

Some final items:

Important, we need to flush out all System Restore points.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Edited by Kenny94, 10 March 2007 - 08:49 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP