Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Elite Toolbar and more...apparently


  • Please log in to reply

#1
nate0rz

nate0rz

    New Member

  • Member
  • Pip
  • 8 posts
So I've tried everything to rid myself of some problems my compy is having.

I know for sure that I have the EliteBar w/ Shopping Wizard, Search Extender, and Home Network Assistant (control panel has it spelled Assistent...which obviously means it doesn't belong on my comp). I also have some thing I got recently called "XXX-Files" (Yeah...porn on my desktop...just wonderful).

So I've run ad-aware to get rid of as much stuff as I can without it freezing up on me. I've also run SpyBot S&D and Spyware Blaster.

I just got HijackThis and saved a log...so here it is (I definitely need help and appreciate all of it that I'm given):

Logfile of HijackThis v1.98.2
Scan saved at 12:17:05 PM, on 12/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\SED\SED.exe
C:\WINDOWS\system32\tibs3.exe
C:\WINDOWS\system32\msav32.exe
C:\WINDOWS\system32\yawowy.exe
C:\Documents and Settings\Nate\Application Data\tasa.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Microsoft Office\Office\FINDFAST.EXE
C:\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\winxw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WebSiteViewer\125439.dlr
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\PROGRA~1\eZula\mmod.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
C:\WINDOWS\system32\?hkntfs.exe
C:\Documents and Settings\Nate\My Documents\ANTIVIRUS\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {630B5448-88BA-594C-A5C4-16A53B83F0F9} - C:\WINDOWS\system32\ipsx32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 2\LMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB002" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvtcd32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [ipsx32.exe] C:\WINDOWS\system32\ipsx32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [msav32.exe] C:\WINDOWS\system32\msav32.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Nate\LOCALS~1\Temp\bundle.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [Debw] C:\Documents and Settings\Nate\Application Data\tasa.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Jieugsky] C:\WINDOWS\system32\?hkntfs.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LimeWire 4.2.4.lnk = C:\Program Files\LimeWire\LimeWire 4.2.4\LimeWire.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{683E1805-0F7C-4BFA-AB52-379619E7876D}: NameServer = 205.188.146.146
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
  • 0

Advertisements


#2
nate0rz

nate0rz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I just moved HijackThis...so I thought I might as well include the log...since I don't know if it matters or not.

Logfile of HijackThis v1.98.2
Scan saved at 1:07:30 PM, on 12/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\SED\SED.exe
C:\WINDOWS\system32\tibs3.exe
C:\WINDOWS\system32\msav32.exe
C:\WINDOWS\system32\yawowy.exe
C:\Documents and Settings\Nate\Application Data\tasa.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Microsoft Office\Office\FINDFAST.EXE
C:\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\winxw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WebSiteViewer\125439.dlr
C:\PROGRA~1\eZula\mmod.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
C:\WINDOWS\system32\?hkntfs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivyse.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {630B5448-88BA-594C-A5C4-16A53B83F0F9} - C:\WINDOWS\system32\ipsx32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 2\LMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB002" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvtcd32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [ipsx32.exe] C:\WINDOWS\system32\ipsx32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [msav32.exe] C:\WINDOWS\system32\msav32.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Nate\LOCALS~1\Temp\bundle.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [Debw] C:\Documents and Settings\Nate\Application Data\tasa.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Jieugsky] C:\WINDOWS\system32\?hkntfs.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LimeWire 4.2.4.lnk = C:\Program Files\LimeWire\LimeWire 4.2.4\LimeWire.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{683E1805-0F7C-4BFA-AB52-379619E7876D}: NameServer = 205.188.146.146
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
  • 0

#3
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
You have a new variation of a VX2 infection, identified by these entries:
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

This fix is still a work in progress, but seems to be working well.
1. Download VX2Finder here: http://www.geekstogo...=download&id=37
Run Vx2Finder and click on the Click to find VX2.BetterInternet button.

Click the Make Log button.

Save the log some place convenient like My Documents. Include the contents of the log in your next reply here.

2. Download this ZIP file: http://www.geekstogo...=download&id=36
and unzip the contents to a folder, then open that folder and double click on Find.bat. It will run for a minute, then produce a log (ignore any File not found messages on the screen, it should continue anyway). Please copy and paste that log here as well.

3. Please download DllCompare from here: http://www.geekstogo...=download&id=38

When it has downloaded, run the program and click on the Run Locate.com button. When that has completed, click on the Compare button. When that completed click on the Make Log of What Was Found button. Then post the contents of that log as a reply to this post.

Only if you get an error after pressing Run Locate.com:
copy autoexec.nt from c:\windows\repair\ folder to c:\windows\system32\ folder.

4. Please also open the c:\Windows\System32 folder and see if there's a file there called Guard.tmp visible and report that here as well.
  • 0

#4
nate0rz

nate0rz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
VX2 Log:

Log for VX2.BetterInternet File Finder (msg126)

Files Found---

Additional Files---

Keys Under Notify---
crypt32chain
cryptnet
cscdll
MS-DOS Emulation
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
wlballoon


Guardian Key--- is called:

User Agent String---
{48CE63F5-8D3D-424D-9E80-871220872B2A}


Find It Log:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System32 Directory -------

Volume in drive C is DSK1_VOL1
Volume Serial Number is 784A-3160

Directory of C:\WINDOWS\System32

12/08/2004 11:57 AM 222,543 n0l8la3u1d.dll
12/08/2004 10:43 AM 389,120 ?hkntfs.exe
12/07/2004 10:13 PM 222,543 waock32.dll
12/07/2004 10:13 PM 224,374 enl8l13u1.dll
12/07/2004 10:44 AM 225,823 fp6003jme.dll
12/05/2004 04:04 PM 223,961 mvnul9591.dll
12/04/2004 06:44 PM 224,616 lvn8095ue.dll
12/04/2004 03:17 PM <DIR> dllcache
12/04/2004 10:59 AM 225,655 hvui.dll
12/03/2004 02:07 PM 223,121 m6polg7316.dll
12/03/2004 01:47 PM 225,426 i8jqli1518.dll
12/03/2004 04:31 AM 7,305 htxvs.log
12/02/2004 09:52 PM 224,871 knrnel32.dll
12/02/2004 11:19 AM 224,871 irj8l51u1.dll
12/02/2004 11:13 AM 3,347 suagp.txt
12/02/2004 10:43 AM 224,871 muxbde40.dll
12/01/2004 11:37 PM 224,871 ir20l5fm1.dll
12/01/2004 01:17 PM 7,305 vilxr.dat
11/30/2004 07:15 PM 224,871 rRsmontr.dll
11/30/2004 07:10 PM 224,871 WGDRMdev.dll
11/30/2004 06:33 PM 224,871 pztorec.dll
11/30/2004 02:05 PM 224,871 p08qlal51dq.dll
11/30/2004 01:18 PM 224,998 jt2m07f1e.dll
11/26/2004 10:26 PM 7,305 nlmrn.log
11/26/2004 10:30 AM 56,320 afsih.dll
11/25/2004 09:24 AM 11,574 mfcjj.exe
11/23/2004 10:39 PM 3,347 uivlz.log
11/23/2004 02:02 PM 3,347 esayu.txt
11/22/2004 05:32 PM 3,347 oorlr.log
11/19/2004 12:03 AM 10,990 iejd32.exe
11/17/2004 07:50 PM 29,696 javalt32.exe
11/17/2004 02:23 PM 29,696 atlvv.exe
11/17/2004 01:41 AM 11,591 javaej.exe
11/16/2004 11:12 PM 3,347 hjdts.log
11/15/2004 05:01 AM 11,426 ntsg32.exe
11/14/2004 04:23 PM 11,418 d3zi.exe
11/13/2004 01:10 AM 7,305 kszng.txt
11/11/2004 01:27 PM 11,749 crse.exe
11/09/2004 09:36 PM 11,095 msmi32.exe
11/08/2004 10:25 AM 56,320 ztyrr.dll
11/08/2004 12:32 AM 56,320 ljxks.dll
11/05/2004 07:04 AM 11,059 ipci.exe
11/03/2004 03:42 PM 10,972 winxw.exe
11/03/2004 04:33 AM 56,320 dnrno.dll
11/01/2004 11:32 PM 56,320 oioep.dll
11/01/2004 11:05 AM 56,320 eozkp.dll
09/10/2004 11:46 PM <DIR> Microsoft
45 File(s) 4,976,289 bytes
2 Dir(s) 165,437,763,584 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is DSK1_VOL1
Volume Serial Number is 784A-3160

Directory of C:\WINDOWS\System32

12/08/2004 05:25 PM 21,117 FFASTLOG.TXT
12/08/2004 10:43 AM 389,120 ?hkntfs.exe
12/04/2004 03:17 PM <DIR> dllcache
12/03/2004 04:31 AM 7,305 htxvs.log
12/02/2004 11:13 AM 3,347 suagp.txt
12/01/2004 01:17 PM 7,305 vilxr.dat
11/26/2004 10:26 PM 7,305 nlmrn.log
11/26/2004 10:30 AM 56,320 afsih.dll
11/25/2004 09:24 AM 11,574 mfcjj.exe
11/23/2004 10:39 PM 3,347 uivlz.log
11/23/2004 02:02 PM 3,347 esayu.txt
11/22/2004 05:32 PM 3,347 oorlr.log
11/19/2004 12:03 AM 10,990 iejd32.exe
11/17/2004 07:50 PM 29,696 javalt32.exe
11/17/2004 02:23 PM 29,696 atlvv.exe
11/17/2004 01:41 AM 11,591 javaej.exe
11/16/2004 11:12 PM 3,347 hjdts.log
11/15/2004 05:01 AM 11,426 ntsg32.exe
11/14/2004 04:23 PM 11,418 d3zi.exe
11/13/2004 01:10 AM 7,305 kszng.txt
11/11/2004 01:27 PM 11,749 crse.exe
11/09/2004 09:36 PM 11,095 msmi32.exe
11/08/2004 10:25 AM 56,320 ztyrr.dll
11/08/2004 12:32 AM 56,320 ljxks.dll
11/05/2004 07:04 AM 11,059 ipci.exe
11/03/2004 03:42 PM 10,972 winxw.exe
11/03/2004 04:33 AM 56,320 dnrno.dll
11/01/2004 11:32 PM 56,320 oioep.dll
11/01/2004 11:05 AM 56,320 eozkp.dll
09/10/2004 10:07 PM 488 WindowsLogon.manifest
09/10/2004 10:07 PM 488 logonui.exe.manifest
09/10/2004 10:07 PM 749 sapi.cpl.manifest
09/10/2004 10:07 PM 749 cdplayer.exe.manifest
09/10/2004 10:07 PM 749 wuaucpl.cpl.manifest
09/10/2004 10:07 PM 749 ncpa.cpl.manifest
09/10/2004 10:07 PM 749 nwc.cpl.manifest
35 File(s) 960,099 bytes
1 Dir(s) 165,437,755,392 bytes free

---------- Files Named "Guard" -------------

Volume in drive C is DSK1_VOL1
Volume Serial Number is 784A-3160

Directory of C:\WINDOWS\System32

12/08/2004 12:05 PM 224,374 guard.tmp
1 File(s) 224,374 bytes
0 Dir(s) 165,437,755,392 bytes free

--------- Temp Files in System32 Directory --------

Volume in drive C is DSK1_VOL1
Volume Serial Number is 784A-3160

Directory of C:\WINDOWS\System32

12/08/2004 12:05 PM 224,374 guard.tmp
08/18/2001 07:00 AM 2,577 CONFIG.TMP
12/23/1998 01:16 AM 73,728 SETB3.tmp
12/23/1998 01:16 AM 52,224 SET19.tmp
4 File(s) 352,903 bytes
0 Dir(s) 165,437,755,392 bytes free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{48CE63F5-8D3D-424D-9E80-871220872B2A}"=""


------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enl8l13u1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


---------------- Xfind Results -----------------

C:\WINDOWS\System32\ENL8L1~1.DLL +++ File read error

-------------- Locate.com Results ---------------


C:\WINDOWS\SYSTEM32\
afsih.dll Fri Nov 26 2004 10:30:52a A.SH. 56,320 55.00 K
atlvv.exe Wed Nov 17 2004 2:23:44p A.SH. 29,696 29.00 K
crse.exe Thu Nov 11 2004 1:27:46p A.SH. 11,749 11.47 K
d3zi.exe Sun Nov 14 2004 4:23:44p A.SH. 11,418 11.15 K
enl8l1~1.dll Tue Dec 7 2004 10:13:42p ..S.R 224,374 219.11 K
esayu.txt Tue Nov 23 2004 2:02:34p A.SH. 3,347 3.27 K
ffastlog.txt Wed Dec 8 2004 5:25:24p A..H. 21,117 20.62 K
fp6003~1.dll Tue Dec 7 2004 10:44:42a ..S.R 225,823 220.53 K
hjdts.log Tue Nov 16 2004 11:12:36p A.SH. 3,347 3.27 K
htxvs.log Fri Dec 3 2004 4:31:46a A.SH. 7,305 7.13 K
hvui.dll Sat Dec 4 2004 10:59:50a ..S.R 225,655 220.36 K
i8jqli~1.dll Fri Dec 3 2004 1:47:54p ..S.R 225,426 220.14 K
iejd32.exe Fri Nov 19 2004 12:03:36a A.SH. 10,990 10.73 K
ir20l5~1.dll Wed Dec 1 2004 11:37:30p ..S.R 224,871 219.60 K
irj8l5~1.dll Thu Dec 2 2004 11:20:00a ..S.R 224,871 219.60 K
javaej.exe Wed Nov 17 2004 1:41:02a A.SH. 11,591 11.32 K
javalt32.exe Wed Nov 17 2004 7:50:02p A.SH. 29,696 29.00 K
jt2m07~1.dll Tue Nov 30 2004 1:18:50p ..S.R 224,998 219.72 K
knrnel32.dll Thu Dec 2 2004 9:52:20p ..S.R 224,871 219.60 K
kszng.txt Sat Nov 13 2004 1:10:38a A.SH. 7,305 7.13 K
ljxks.dll Mon Nov 8 2004 12:32:32a A.SH. 56,320 55.00 K
lvn809~1.dll Sat Dec 4 2004 6:44:30p ..S.R 224,616 219.35 K
m6polg~1.dll Fri Dec 3 2004 2:07:20p ..S.R 223,121 217.89 K
mfcjj.exe Thu Nov 25 2004 9:24:52a A.SH. 11,574 11.30 K
msmi32.exe Tue Nov 9 2004 9:36:24p A.SH. 11,095 10.83 K
muxbde40.dll Thu Dec 2 2004 10:43:42a ..S.R 224,871 219.60 K
mvnul9~1.dll Sun Dec 5 2004 4:04:32p ..S.R 223,961 218.71 K
n0l8la~1.dll Wed Dec 8 2004 11:57:04a ..S.R 222,543 217.32 K
nlmrn.log Fri Nov 26 2004 10:26:44p A.SH. 7,305 7.13 K
ntsg32.exe Mon Nov 15 2004 5:01:20a A.SH. 11,426 11.16 K
oorlr.log Mon Nov 22 2004 5:32:54p A.SH. 3,347 3.27 K
p08qla~1.dll Tue Nov 30 2004 2:05:50p ..S.R 224,871 219.60 K
pztorec.dll Tue Nov 30 2004 6:33:14p ..S.R 224,871 219.60 K
rrsmontr.dll Tue Nov 30 2004 7:15:52p ..S.R 224,871 219.60 K
suagp.txt Thu Dec 2 2004 11:13:50a A.SH. 3,347 3.27 K
uivlz.log Tue Nov 23 2004 10:39:48p A.SH. 3,347 3.27 K
vilxr.dat Wed Dec 1 2004 1:17:56p A.SH. 7,305 7.13 K
waock32.dll Tue Dec 7 2004 10:13:42p ..S.R 222,543 217.32 K
wgdrmdev.dll Tue Nov 30 2004 7:10:06p ..S.R 224,871 219.60 K
ztyrr.dll Mon Nov 8 2004 10:25:02a A.SH. 56,320 55.00 K
hkntfs~1.exe Wed Dec 8 2004 10:43:32a ..SHR 389,120 380.00 K

41 items found: 41 files, 0 directories.
Total of file sizes: 4,806,415 bytes 4.58 M



DLL Compare Log:

* DLLCompare Log version(1.0.0.97)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\afsih.dll Fri Nov 26 2004 10:30:52a A.SH. 56,320 55.00 K
C:\WINDOWS\SYSTEM32\dnrno.dll Wed Nov 3 2004 4:33:20a A.SH. 56,320 55.00 K
C:\WINDOWS\SYSTEM32\enl8l1~1.dll Tue Dec 7 2004 10:13:42p ..S.R 224,374 219.11 K
C:\WINDOWS\SYSTEM32\eozkp.dll Mon Nov 1 2004 11:05:36a A.SH. 56,320 55.00 K
C:\WINDOWS\SYSTEM32\fp6003~1.dll Tue Dec 7 2004 10:44:42a ..S.R 225,823 220.53 K
C:\WINDOWS\SYSTEM32\hvui.dll Sat Dec 4 2004 10:59:50a ..S.R 225,655 220.36 K
C:\WINDOWS\SYSTEM32\i8jqli~1.dll Fri Dec 3 2004 1:47:54p ..S.R 225,426 220.14 K
C:\WINDOWS\SYSTEM32\ir20l5~1.dll Wed Dec 1 2004 11:37:30p ..S.R 224,871 219.60 K
C:\WINDOWS\SYSTEM32\irj8l5~1.dll Thu Dec 2 2004 11:20:00a ..S.R 224,871 219.60 K
C:\WINDOWS\SYSTEM32\jt2m07~1.dll Tue Nov 30 2004 1:18:50p ..S.R 224,998 219.72 K
C:\WINDOWS\SYSTEM32\knrnel32.dll Thu Dec 2 2004 9:52:20p ..S.R 224,871 219.60 K
C:\WINDOWS\SYSTEM32\ljxks.dll Mon Nov 8 2004 12:32:32a A.SH. 56,320 55.00 K
C:\WINDOWS\SYSTEM32\lvn809~1.dll Sat Dec 4 2004 6:44:30p ..S.R 224,616 219.35 K
C:\WINDOWS\SYSTEM32\m6polg~1.dll Fri Dec 3 2004 2:07:20p ..S.R 223,121 217.89 K
C:\WINDOWS\SYSTEM32\muxbde40.dll Thu Dec 2 2004 10:43:42a ..S.R 224,871 219.60 K
C:\WINDOWS\SYSTEM32\mvnul9~1.dll Sun Dec 5 2004 4:04:32p ..S.R 223,961 218.71 K
C:\WINDOWS\SYSTEM32\n0l8la~1.dll Wed Dec 8 2004 11:57:04a ..S.R 222,543 217.32 K
C:\WINDOWS\SYSTEM32\oioep.dll Mon Nov 1 2004 11:32:12p A.SH. 56,320 55.00 K
C:\WINDOWS\SYSTEM32\p08qla~1.dll Tue Nov 30 2004 2:05:50p ..S.R 224,871 219.60 K
C:\WINDOWS\SYSTEM32\pztorec.dll Tue Nov 30 2004 6:33:14p ..S.R 224,871 219.60 K
C:\WINDOWS\SYSTEM32\rrsmontr.dll Tue Nov 30 2004 7:15:52p ..S.R 224,871 219.60 K
C:\WINDOWS\SYSTEM32\waock32.dll Tue Dec 7 2004 10:13:42p ..S.R 222,543 217.32 K
C:\WINDOWS\SYSTEM32\wgdrmdev.dll Tue Nov 30 2004 7:10:06p ..S.R 224,871 219.60 K
C:\WINDOWS\SYSTEM32\ztyrr.dll Mon Nov 8 2004 10:25:02a A.SH. 56,320 55.00 K
________________________________________________

1,390 items found: 1,390 files (24 H/S), 0 directories.
Total of file sizes: 306,131,805 bytes 291.95 M

Administrator Account = True

--------------------End log---------------------


Guard.tmp:
Yes, it's in C:\windows\system32 folder.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP