Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RunDLL loves to quit

Started by Victor Creed , Jan 10 2005 05:07 PM

  • This topic is locked This topic is locked

#1
Victor Creed
Posted 10 January 2005 - 05:07 PM

Victor Creed

    Member

  • Member
  • PipPip
  • 84 posts
:tazz: I read the pre cursor to the forum I went thru and did most of those goodies (still workin on them). I recieve RUNDLL and Windowsexplorer.exe errors ONLY when I don't have my laptop plugged into a socket. s*** lags up then the blue screen shows up and it's back to restart... so I'll put up my HJT log. Also I have tons of pops ups even tho I have ran numerous programs... who do I dispose of these lastly.

HJT Log:
Logfile of HijackThis v1.99.0
Scan saved at 2:07:31 PM, on 1/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\gkikok.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ceevc11n.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Draxysoft\Wallpaper Sequencer - Free\walser.exe
C:\WINDOWS\system32\caslock.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\User\My Documents\HJT\HijackThis.exe
C:\Documents and Settings\User\My Documents\spywareblastersetup.exe
C:\DOCUME~1\User\LOCALS~1\Temp\is-GI8HI.tmp\is-MG43U.tmp
C:\WINDOWS\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ircspy.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmhg32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [rs5g34U] ceevc11n.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [2753522] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\2753522.cpl
O4 - HKCU\..\Run: [66266] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66266.cpl
O4 - HKCU\..\Run: [131660] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131660.cpl
O4 - HKCU\..\Run: [66228] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66228.cpl
O4 - HKCU\..\Run: [66288] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66288.cpl
O4 - HKCU\..\Run: [197258] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197258.cpl
O4 - HKCU\..\Run: [262684] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262684.cpl
O4 - HKCU\..\Run: [262792] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262792.cpl
O4 - HKCU\..\Run: [66024] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66024.cpl
O4 - HKCU\..\Run: [131448] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131448.cpl
O4 - HKCU\..\Run: [66152] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66152.cpl
O4 - HKCU\..\Run: [197100] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197100.cpl
O4 - HKCU\..\Run: [131780] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131780.cpl
O4 - HKCU\..\Run: [66036] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66036.cpl
O4 - HKCU\..\Run: [131376] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131376.cpl
O4 - HKCU\..\Run: [66050] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66050.cpl
O4 - HKCU\..\Run: [131732] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131732.cpl
O4 - HKCU\..\Run: [66004] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66004.cpl
O4 - HKCU\..\Run: [66088] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66088.cpl
O4 - HKCU\..\Run: [66250] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66250.cpl
O4 - HKCU\..\Run: [66318] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66318.cpl
O4 - HKCU\..\Run: [66220] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66220.cpl
O4 - HKCU\..\Run: [66290] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66290.cpl
O4 - HKCU\..\Run: [131546] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131546.cpl
O4 - HKCU\..\Run: [66174] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66174.cpl
O4 - HKCU\..\Run: [327988] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\327988.cpl
O4 - HKCU\..\Run: [66240] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66240.cpl
O4 - HKCU\..\Run: [66108] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66108.cpl
O4 - HKCU\..\Run: [196882] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196882.cpl
O4 - HKCU\..\Run: [197022] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197022.cpl
O4 - HKCU\..\Run: [66204] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66204.cpl
O4 - HKCU\..\Run: [66306] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66306.cpl
O4 - HKCU\..\Run: [197234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197234.cpl
O4 - HKCU\..\Run: [131578] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131578.cpl
O4 - HKCU\..\Run: [197286] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197286.cpl
O4 - HKCU\..\Run: [66292] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66292.cpl
O4 - HKCU\..\Run: [131458] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131458.cpl
O4 - HKCU\..\Run: [66234] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66234.cpl
O4 - HKCU\..\Run: [131752] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131752.cpl
O4 - HKCU\..\Run: [66180] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66180.cpl
O4 - HKCU\..\Run: [197042] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197042.cpl
O4 - HKCU\..\Run: [66134] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66134.cpl
O4 - HKCU\..\Run: [66302] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66302.cpl
O4 - HKCU\..\Run: [66158] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66158.cpl
O4 - HKCU\..\Run: [66104] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66104.cpl
O4 - HKCU\..\Run: [66242] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66242.cpl
O4 - HKCU\..\Run: [131688] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131688.cpl
O4 - HKCU\..\Run: [197186] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197186.cpl
O4 - HKCU\..\Run: [197200] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197200.cpl
O4 - HKCU\..\Run: [197272] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197272.cpl
O4 - HKCU\..\Run: [131466] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131466.cpl
O4 - HKCU\..\Run: [131556] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131556.cpl
O4 - HKCU\..\Run: [131470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131470.cpl
O4 - HKCU\..\Run: [131348] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131348.cpl
O4 - HKCU\..\Run: [196898] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196898.cpl
O4 - HKCU\..\Run: [131760] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131760.cpl
O4 - HKCU\..\Run: [66388] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66388.cpl
O4 - HKCU\..\Run: [262468] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262468.cpl
O4 - HKCU\..\Run: [131608] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131608.cpl
O4 - HKCU\..\Run: [262598] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262598.cpl
O4 - HKCU\..\Run: [197396] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\197396.cpl
O4 - HKCU\..\Run: [196864] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\196864.cpl
O4 - HKCU\..\Run: [262470] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\262470.cpl
O4 - HKCU\..\Run: [131740] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131740.cpl
O4 - HKCU\..\Run: [66118] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66118.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\131422.cpl
O4 - HKCU\..\Run: [66014] rundll32.exe shell32.dll,Control_RunDLL C:\WINDOWS\66014.cpl
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer - Free\walser.exe start
O4 - HKCU\..\Run: [aBumRQY3V] caslock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ircspy.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.ircspy.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
Victor Creed
Posted 10 January 2005 - 08:58 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Also in the pop ups I'm getting I don't know if this helps but they are all for spyware eliminators.
  • 0

#3
Victor Creed
Posted 12 January 2005 - 03:37 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Yikes up'see daisy
  • 0

#4
Victor Creed
Posted 12 January 2005 - 04:23 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Here is the log from Fixit

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32

01/12/2005 01:58 PM 552 TBPS.ini
01/12/2005 01:52 PM 226,087 CI60SUI.DLL
01/12/2005 01:51 PM 224,357 gpn2l35o1.dll
01/12/2005 12:25 PM 226,087 azasle371h.dll
01/12/2005 12:25 PM 224,495 g8lm0i31e8.dll
01/12/2005 12:19 PM 224,357 mticda.dll
01/12/2005 12:19 PM 225,471 azas0i97e8.dll
01/12/2005 12:01 PM 224,357 if41_qcx.dll
01/12/2005 12:01 PM 224,508 dnnm0151e.dll
01/12/2005 11:58 AM 224,357 woags48b.dll
01/12/2005 11:58 AM 225,574 ktj2l71o1.dll
01/12/2005 11:51 AM 224,357 aprsvc.dll
01/12/2005 11:51 AM 225,638 en82l1lo1.dll
01/12/2005 11:48 AM 224,528 dnpm0171e.dll
01/12/2005 11:43 AM 224,357 wopasf.dll
01/11/2005 11:25 PM 224,357 ennml1511.dll
01/11/2005 11:22 PM 224,161 m4lsle371h.dll
01/10/2005 10:06 PM 225,955 s4rsle971h.dll
01/10/2005 09:23 PM 224,161 h40qled51h0.dll
01/10/2005 09:01 PM 224,161 k480lelm1hqa.dll
01/10/2005 08:48 PM 224,161 j26m0cj1efo.dll
01/10/2005 08:38 PM 223,153 d40mled11h0.dll
01/10/2005 12:20 PM 224,803 n0n6la5s1d.dll
01/10/2005 12:14 PM 223,153 iietcomm.dll
01/10/2005 12:14 PM 224,273 f02mlaf11d2.dll
01/10/2005 12:12 PM 223,153 axl.dll
01/10/2005 12:12 PM 224,492 mvlol9331.dll
01/10/2005 12:09 PM 223,153 nxlanui2.dll
01/10/2005 12:09 PM 223,242 lv8009lme.dll
01/10/2005 12:03 PM 223,153 vsdex.dll
01/10/2005 12:03 PM 223,556 fp0403dqe.dll
01/10/2005 11:32 AM 225,042 mv88l9lu1.dll
01/10/2005 11:29 AM 223,153 lciff13n.dll
01/10/2005 11:29 AM 224,828 azaol9531.dll
01/10/2005 11:26 AM 223,153 aistream.dll
01/10/2005 11:26 AM 224,917 p46slej71ho.dll
01/10/2005 11:24 AM 224,323 k0pmla711d.dll
01/10/2005 11:21 AM 223,153 kmdhela3.dll
01/10/2005 11:21 AM 223,601 k8440ihqe84e0.dll
01/10/2005 12:41 AM 223,153 eaent.dll
01/10/2005 12:35 AM 223,647 l4l6le3s1h.dll
01/09/2005 09:53 PM 223,153 hr4805hue.dll
01/09/2005 03:53 PM 223,153 ir4ml5h11.dll
01/09/2005 08:32 AM 224,242 gplml3311.dll
01/07/2005 12:19 PM 223,153 swlgntfy.dll
01/07/2005 12:16 PM 224,807 n4n6le5s1h.dll
01/07/2005 12:12 PM 223,153 vaa.dll
01/07/2005 12:09 PM 223,153 k4620ejoehoc0.dll
01/07/2005 12:07 PM 223,153 flsdrv.dll
01/07/2005 12:05 PM 223,153 mvnol9531.dll
01/07/2005 12:00 PM 223,153 kddbr.dll
01/07/2005 12:00 PM 223,572 lvj4091qe.dll
01/07/2005 11:50 AM 223,153 kmd101.dll
01/07/2005 11:50 AM 223,855 j20s0cd7ef0.dll
01/07/2005 11:46 AM 223,153 lcrhelp.dll
01/07/2005 11:46 AM 223,333 l08m0al1edq.dll
01/07/2005 11:42 AM 223,153 wndmtpdr.dll
01/07/2005 11:42 AM 223,386 fpl2033oe.dll
01/07/2005 11:35 AM 225,181 cQtsrvut.dll
01/07/2005 11:29 AM 223,153 doprpres.dll
01/07/2005 10:11 AM 225,181 csfview.dll
01/06/2005 08:20 PM 223,153 uhrcoina.dll
01/06/2005 07:31 PM 223,153 krdfi.dll
01/06/2005 07:22 PM 223,153 CZ60SUI.DLL
01/06/2005 07:22 PM 225,168 jrj0251mg.dll
01/06/2005 07:09 PM 223,240 jt8007lme.dll
01/06/2005 07:06 PM 223,442 lv8209loe.dll
01/06/2005 12:35 PM 223,153 s8rs0i97e8.dll
01/05/2005 12:08 PM 223,153 lpfil13n.DLL
01/02/2005 12:07 PM 226,077 k8js0i17e8.dll
12/26/2004 09:50 PM 224,700 cZtsrv.dll
12/25/2004 11:04 PM 225,047 icetres.dll
12/25/2004 07:37 PM 222,831 via64k.dll
12/25/2004 09:23 AM 222,968 fusperf.dll
12/24/2004 10:20 PM 222,831 anmparse.dll
12/24/2004 06:38 PM 226,148 nyevtmsg.dll
12/24/2004 12:17 PM 222,501 xwsp1res.dll
12/24/2004 01:14 AM 226,148 szgtab.dll
12/23/2004 06:54 PM 222,501 org.dll
12/23/2004 06:09 PM 226,148 muctfp.dll
12/22/2004 10:50 PM 224,402 emcapi.dll
12/22/2004 10:07 PM 224,745 kudnecAT.dll
12/22/2004 08:50 PM 224,402 nrtevent.dll
12/22/2004 08:07 PM 223,471 rpm.dll
12/20/2004 06:31 PM 223,158 FHStudioDLL.dll
12/20/2004 05:42 PM 223,242 k4800elmehqa0.dll
12/20/2004 01:26 PM 223,158 hvetmon.dll
12/20/2004 12:26 PM 223,158 hucoin.dll
12/19/2004 09:11 PM 223,158 mfnsspc.dll
12/19/2004 04:25 PM 223,158 dldskres.dll
12/17/2004 10:58 PM 223,280 mvn4l95q1.dll
12/16/2004 02:15 PM 223,280 closys.dll
12/15/2004 04:20 PM 222,987 mvjul9191.dll
12/13/2004 11:56 PM 224,403 akifile.dll
12/13/2004 11:32 PM 223,122 pgtorsvc.dll
12/13/2004 11:22 PM 223,861 ksdgkl.dll
12/13/2004 04:51 PM 223,122 muisam11.dll
12/13/2004 12:33 PM 223,861 ceyptext.dll
12/13/2004 12:20 PM 223,122 kodusl.dll
12/13/2004 11:54 AM 225,775 srimgvw.dll
12/12/2004 10:37 PM 222,745 dzsec.dll
12/12/2004 10:31 PM 225,775 jLvacypt.dll
12/12/2004 06:22 PM 223,900 drcompos.dll
12/12/2004 04:47 PM 223,232 aylsp.dll
12/12/2004 04:39 PM 223,900 aaupd.dll
12/12/2004 04:24 PM 223,232 ujerenv.dll
11/26/2004 08:14 PM <DIR> Microsoft
09/21/2004 10:15 PM <DIR> dllcache
07/24/2004 09:35 PM 848 KGyGaAvL.sys
107 File(s) 23,514,544 bytes
2 Dir(s) 2,687,012,864 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32

09/21/2004 10:15 PM <DIR> dllcache
07/24/2004 09:35 PM 848 KGyGaAvL.sys
09/30/2001 11:30 PM 488 logonui.exe.manifest
09/30/2001 11:30 PM 488 WindowsLogon.manifest
09/30/2001 11:30 PM 749 wuaucpl.cpl.manifest
09/30/2001 11:30 PM 749 cdplayer.exe.manifest
09/30/2001 11:30 PM 749 nwc.cpl.manifest
09/30/2001 11:30 PM 749 ncpa.cpl.manifest
09/30/2001 11:30 PM 749 sapi.cpl.manifest
8 File(s) 5,569 bytes
1 Dir(s) 2,686,996,480 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32


------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{FF9803A1-F905-43E6-BC06-98BEEE3FDE38}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServicesOnce]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\azasle371h.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
aaupd.dll Sun Dec 12 2004 4:39:58p ..S.R 223,900 218.65 K
aistream.dll Mon Jan 10 2005 11:26:16a ..S.R 223,153 217.92 K
akifile.dll Mon Dec 13 2004 11:56:24p ..S.R 224,403 219.14 K
anmparse.dll Fri Dec 24 2004 10:20:02p ..S.R 222,831 217.61 K
aprsvc.dll Wed Jan 12 2005 11:51:36a ..S.R 224,357 219.10 K
axl.dll Mon Jan 10 2005 12:12:34p ..S.R 223,153 217.92 K
aylsp.dll Sun Dec 12 2004 4:47:16p ..S.R 223,232 218.00 K
azaol9~1.dll Mon Jan 10 2005 11:29:28a ..S.R 224,828 219.56 K
azas0i~1.dll Wed Jan 12 2005 12:19:58p ..S.R 225,471 220.18 K
azasle~1.dll Wed Jan 12 2005 12:25:38p ..S.R 226,087 220.79 K
ceyptext.dll Mon Dec 13 2004 12:33:18p ..S.R 223,861 218.61 K
ci60sui.dll Wed Jan 12 2005 1:52:52p ..S.R 226,087 220.79 K
closys.dll Thu Dec 16 2004 2:15:34p ..S.R 223,280 218.05 K
cqtsrvut.dll Fri Jan 7 2005 11:35:52a ..S.R 225,181 219.90 K
csfview.dll Fri Jan 7 2005 10:11:58a ..S.R 225,181 219.90 K
cz60sui.dll Thu Jan 6 2005 7:22:30p ..S.R 223,153 217.92 K
cztsrv.dll Sun Dec 26 2004 9:50:50p ..S.R 224,700 219.43 K
d40mle~1.dll Mon Jan 10 2005 8:38:56p ..S.R 223,153 217.92 K
dldskres.dll Sun Dec 19 2004 4:25:48p ..S.R 223,158 217.93 K
dnnm01~1.dll Wed Jan 12 2005 12:01:50p ..S.R 224,508 219.25 K
dnpm01~1.dll Wed Jan 12 2005 11:48:02a ..S.R 224,528 219.27 K
doprpres.dll Fri Jan 7 2005 11:29:18a ..S.R 223,153 217.92 K
drcompos.dll Sun Dec 12 2004 6:22:46p ..S.R 223,900 218.65 K
dzsec.dll Sun Dec 12 2004 10:37:36p ..S.R 222,745 217.52 K
eaent.dll Mon Jan 10 2005 12:41:30a ..S.R 223,153 217.92 K
emcapi.dll Wed Dec 22 2004 10:50:40p ..S.R 224,402 219.14 K
en82l1~1.dll Wed Jan 12 2005 11:51:36a ..S.R 225,638 220.35 K
ennml1~1.dll Tue Jan 11 2005 11:25:46p ..S.R 224,357 219.10 K
f02mla~1.dll Mon Jan 10 2005 12:14:40p ..S.R 224,273 219.02 K
fhstud~1.dll Mon Dec 20 2004 6:31:28p ..S.R 223,158 217.93 K
flsdrv.dll Fri Jan 7 2005 12:07:32p ..S.R 223,153 217.92 K
fp0403~1.dll Mon Jan 10 2005 12:03:46p ..S.R 223,556 218.32 K
fpl203~1.dll Fri Jan 7 2005 11:42:46a ..S.R 223,386 218.15 K
fusperf.dll Sat Dec 25 2004 9:23:14a ..S.R 222,968 217.74 K
g8lm0i~1.dll Wed Jan 12 2005 12:25:34p ..S.R 224,495 219.23 K
gplml3~1.dll Sun Jan 9 2005 8:32:48a ..S.R 224,242 218.98 K
gpn2l3~1.dll Wed Jan 12 2005 1:51:02p ..S.R 224,357 219.10 K
h40qle~1.dll Mon Jan 10 2005 9:23:56p ..S.R 224,161 218.91 K
hr4805~1.dll Sun Jan 9 2005 9:53:40p ..S.R 223,153 217.92 K
hucoin.dll Mon Dec 20 2004 12:27:00p ..S.R 223,158 217.93 K
hvetmon.dll Mon Dec 20 2004 1:26:46p ..S.R 223,158 217.93 K
icetres.dll Sat Dec 25 2004 11:04:58p ..S.R 225,047 219.77 K
if41_qcx.dll Wed Jan 12 2005 12:01:50p ..S.R 224,357 219.10 K
iietcomm.dll Mon Jan 10 2005 12:14:40p ..S.R 223,153 217.92 K
ir4ml5~1.dll Sun Jan 9 2005 3:53:24p ..S.R 223,153 217.92 K
j20s0c~1.dll Fri Jan 7 2005 11:50:14a ..S.R 223,855 218.61 K
j26m0c~1.dll Mon Jan 10 2005 8:48:26p ..S.R 224,161 218.91 K
jlvacypt.dll Sun Dec 12 2004 10:31:16p ..S.R 225,775 220.48 K
jrj025~1.dll Thu Jan 6 2005 7:22:30p ..S.R 225,168 219.89 K
jt8007~1.dll Thu Jan 6 2005 7:09:48p ..S.R 223,240 218.01 K
k0pmla~1.dll Mon Jan 10 2005 11:24:32a ..S.R 224,323 219.06 K
k4620e~1.dll Fri Jan 7 2005 12:09:36p ..S.R 223,153 217.92 K
k4800e~1.dll Mon Dec 20 2004 5:42:02p ..S.R 223,242 218.01 K
k480le~1.dll Mon Jan 10 2005 9:01:42p ..S.R 224,161 218.91 K
k8440i~1.dll Mon Jan 10 2005 11:21:22a ..S.R 223,601 218.36 K
k8js0i~1.dll Sun Jan 2 2005 12:07:14p ..S.R 226,077 220.78 K
kddbr.dll Fri Jan 7 2005 12:00:50p ..S.R 223,153 217.92 K
kmd101.dll Fri Jan 7 2005 11:50:14a ..S.R 223,153 217.92 K
kmdhela3.dll Mon Jan 10 2005 11:21:22a ..S.R 223,153 217.92 K
kodusl.dll Mon Dec 13 2004 12:20:50p ..S.R 223,122 217.89 K
krdfi.dll Thu Jan 6 2005 7:31:58p ..S.R 223,153 217.92 K
ksdgkl.dll Mon Dec 13 2004 11:22:10p ..S.R 223,861 218.61 K
ktj2l7~1.dll Wed Jan 12 2005 11:58:40a ..S.R 225,574 220.29 K
kudnecat.dll Wed Dec 22 2004 10:07:40p ..S.R 224,745 219.48 K
l08m0a~1.dll Fri Jan 7 2005 11:46:32a ..S.R 223,333 218.10 K
l4l6le~1.dll Mon Jan 10 2005 12:35:42a ..S.R 223,647 218.40 K
lciff13n.dll Mon Jan 10 2005 11:29:28a ..S.R 223,153 217.92 K
lcrhelp.dll Fri Jan 7 2005 11:46:32a ..S.R 223,153 217.92 K
lpfil13n.dll Wed Jan 5 2005 12:08:08p ..S.R 223,153 217.92 K
lv8009~1.dll Mon Jan 10 2005 12:09:38p ..S.R 223,242 218.01 K
lv8209~1.dll Thu Jan 6 2005 7:06:42p ..S.R 223,442 218.20 K
lvj409~1.dll Fri Jan 7 2005 12:00:50p ..S.R 223,572 218.33 K
m4lsle~1.dll Tue Jan 11 2005 11:22:20p ..S.R 224,161 218.91 K
mfnsspc.dll Sun Dec 19 2004 9:11:20p ..S.R 223,158 217.93 K
mticda.dll Wed Jan 12 2005 12:19:58p ..S.R 224,357 219.10 K
muctfp.dll Thu Dec 23 2004 6:09:10p ..S.R 226,148 220.85 K
muisam11.dll Mon Dec 13 2004 4:51:34p ..S.R 223,122 217.89 K
mv88l9~1.dll Mon Jan 10 2005 11:33:00a ..S.R 225,042 219.77 K
mvjul9~1.dll Wed Dec 15 2004 4:20:04p ..S.R 222,987 217.76 K
mvlol9~1.dll Mon Jan 10 2005 12:12:34p ..S.R 224,492 219.23 K
mvn4l9~1.dll Fri Dec 17 2004 10:58:46p ..S.R 223,280 218.05 K
mvnol9~1.dll Fri Jan 7 2005 12:05:50p ..S.R 223,153 217.92 K
n0n6la~1.dll Mon Jan 10 2005 12:20:26p ..S.R 224,803 219.53 K
n4n6le~1.dll Fri Jan 7 2005 12:16:02p ..S.R 224,807 219.54 K
nrtevent.dll Wed Dec 22 2004 8:50:52p ..S.R 224,402 219.14 K
nxlanui2.dll Mon Jan 10 2005 12:09:38p ..S.R 223,153 217.92 K
nyevtmsg.dll Fri Dec 24 2004 6:38:08p ..S.R 226,148 220.85 K
org.dll Thu Dec 23 2004 6:54:38p ..S.R 222,501 217.29 K
p46sle~1.dll Mon Jan 10 2005 11:26:16a ..S.R 224,917 219.64 K
pgtorsvc.dll Mon Dec 13 2004 11:32:10p ..S.R 223,122 217.89 K
rpm.dll Wed Dec 22 2004 8:07:28p ..S.R 223,471 218.23 K
s4rsle~1.dll Mon Jan 10 2005 10:06:56p ..S.R 225,955 220.66 K
s8rs0i~1.dll Thu Jan 6 2005 12:35:22p ..S.R 223,153 217.92 K
srimgvw.dll Mon Dec 13 2004 11:54:36a ..S.R 225,775 220.48 K
swlgntfy.dll Fri Jan 7 2005 12:19:40p ..S.R 223,153 217.92 K
szgtab.dll Fri Dec 24 2004 1:14:24a ..S.R 226,148 220.85 K
tbps.ini Wed Jan 12 2005 1:58:08p ..S.R 552 0.54 K
uhrcoina.dll Thu Jan 6 2005 8:21:00p ..S.R 223,153 217.92 K
ujerenv.dll Sun Dec 12 2004 4:24:24p ..S.R 223,232 218.00 K
vaa.dll Fri Jan 7 2005 12:12:46p ..S.R 223,153 217.92 K
via64k.dll Sat Dec 25 2004 7:37:50p ..S.R 222,831 217.61 K
vsdex.dll Mon Jan 10 2005 12:03:46p ..S.R 223,153 217.92 K
wndmtpdr.dll Fri Jan 7 2005 11:42:46a ..S.R 223,153 217.92 K
woags48b.dll Wed Jan 12 2005 11:58:40a ..S.R 224,357 219.10 K
wopasf.dll Wed Jan 12 2005 11:43:12a ..S.R 224,357 219.10 K
xwsp1res.dll Fri Dec 24 2004 12:17:36p ..S.R 222,501 217.29 K

106 items found: 106 files, 0 directories.
Total of file sizes: 23,513,696 bytes 22.42 M

-------- Strings.exe Qoologic Results --------

C:\WINDOWS\system32\aqzqmq.exe: updates.qoologic.com
C:\WINDOWS\system32\naoaua.dll: updates.qoologic.com
C:\WINDOWS\system32\qpypzp.dll: updates.qoologic.com

--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\Beauties Of VirtuaGirls.com.SCR: .aspack
C:\WINDOWS\system32\Beauties Of VirtuaGirls.com.SCR: .aspack
C:\WINDOWS\system32\gkikok.exe: .aspack
C:\WINDOWS\system32\IJL15.dll: .aspack
C:\WINDOWS\system32\Incinerator.dll: .aspack
C:\WINDOWS\system32\kvavyv.dat: .aspack
C:\WINDOWS\system32\ntdll.dll: .aspack
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\inunpn.exe: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kalvsys"="C:\\windows\\system32\\kalvmhg32.exe"
"Narrator"="C:\\WINDOWS\\system32\\gkikok.exe"
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"WinTools"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"TBPS"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"AutoLoaderrFuG1OJXOLaK"="\"C:\\WINDOWS\\system32\\mpeur32.exe\" "
"rs5g34U"="mpeur32.exe"



  • 0

#5
Victor Creed
Posted 13 January 2005 - 09:13 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
back up
  • 0

#6
Victor Creed
Posted 14 January 2005 - 04:19 AM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
:tazz: Also my system is boggin down
  • 0

#7
admin
Posted 14 January 2005 - 09:22 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Since it's been a couple days, can we see a new Find_It log? Also, DO NOT reboot until directed to do so. Rebooting just recreates and modifies the malicious files.
  • 0

#8
Victor Creed
Posted 14 January 2005 - 01:55 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Btw it's getting bogged down when I'm plugged in to AC and when I'm not plugged in well today or well right NOW in class I couldn't even start up my Laptop. I needed to pull out the power pack and plug it in to get it to start. It would just stay black and the power status light and the HD is working light flash and it turns off... so here you go.


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32

01/14/2005 11:35 AM 553 TBPS.ini
01/12/2005 04:21 PM 224,357 irlsl5371.dll
01/12/2005 02:49 PM 226,087 h00q0ad5ed0.dll
01/12/2005 12:25 PM 224,495 g8lm0i31e8.dll
01/12/2005 12:19 PM 224,357 mticda.dll
01/12/2005 12:19 PM 225,471 azas0i97e8.dll
01/12/2005 12:01 PM 224,357 if41_qcx.dll
01/12/2005 12:01 PM 224,508 dnnm0151e.dll
01/12/2005 11:58 AM 224,357 woags48b.dll
01/12/2005 11:58 AM 225,574 ktj2l71o1.dll
01/12/2005 11:51 AM 224,357 aprsvc.dll
01/12/2005 11:51 AM 225,638 en82l1lo1.dll
01/12/2005 11:48 AM 224,528 dnpm0171e.dll
01/12/2005 11:43 AM 224,357 wopasf.dll
01/11/2005 11:25 PM 224,357 ennml1511.dll
01/11/2005 11:22 PM 224,161 m4lsle371h.dll
01/10/2005 10:06 PM 225,955 s4rsle971h.dll
01/10/2005 09:23 PM 224,161 h40qled51h0.dll
01/10/2005 09:01 PM 224,161 k480lelm1hqa.dll
01/10/2005 08:48 PM 224,161 j26m0cj1efo.dll
01/10/2005 08:38 PM 223,153 d40mled11h0.dll
01/10/2005 12:20 PM 224,803 n0n6la5s1d.dll
01/10/2005 12:14 PM 223,153 iietcomm.dll
01/10/2005 12:14 PM 224,273 f02mlaf11d2.dll
01/10/2005 12:12 PM 223,153 axl.dll
01/10/2005 12:12 PM 224,492 mvlol9331.dll
01/10/2005 12:09 PM 223,153 nxlanui2.dll
01/10/2005 12:09 PM 223,242 lv8009lme.dll
01/10/2005 12:03 PM 223,153 vsdex.dll
01/10/2005 12:03 PM 223,556 fp0403dqe.dll
01/10/2005 11:32 AM 225,042 mv88l9lu1.dll
01/10/2005 11:29 AM 223,153 lciff13n.dll
01/10/2005 11:29 AM 224,828 azaol9531.dll
01/10/2005 11:26 AM 223,153 aistream.dll
01/10/2005 11:26 AM 224,917 p46slej71ho.dll
01/10/2005 11:24 AM 224,323 k0pmla711d.dll
01/10/2005 11:21 AM 223,153 kmdhela3.dll
01/10/2005 11:21 AM 223,601 k8440ihqe84e0.dll
01/10/2005 12:41 AM 223,153 eaent.dll
01/10/2005 12:35 AM 223,647 l4l6le3s1h.dll
01/09/2005 09:53 PM 223,153 hr4805hue.dll
01/09/2005 08:32 AM 224,242 gplml3311.dll
01/07/2005 12:19 PM 223,153 swlgntfy.dll
01/07/2005 12:16 PM 224,807 n4n6le5s1h.dll
01/07/2005 12:12 PM 223,153 vaa.dll
01/07/2005 12:09 PM 223,153 k4620ejoehoc0.dll
01/07/2005 12:07 PM 223,153 flsdrv.dll
01/07/2005 12:05 PM 223,153 mvnol9531.dll
01/07/2005 12:00 PM 223,153 kddbr.dll
01/07/2005 12:00 PM 223,572 lvj4091qe.dll
01/07/2005 11:50 AM 223,153 kmd101.dll
01/07/2005 11:50 AM 223,855 j20s0cd7ef0.dll
01/07/2005 11:46 AM 223,153 lcrhelp.dll
01/07/2005 11:46 AM 223,333 l08m0al1edq.dll
01/07/2005 11:42 AM 223,153 wndmtpdr.dll
01/07/2005 11:42 AM 223,386 fpl2033oe.dll
01/07/2005 11:35 AM 225,181 cQtsrvut.dll
01/07/2005 11:29 AM 223,153 doprpres.dll
01/07/2005 10:11 AM 225,181 csfview.dll
01/06/2005 08:20 PM 223,153 uhrcoina.dll
01/06/2005 07:31 PM 223,153 krdfi.dll
01/06/2005 07:22 PM 223,153 CZ60SUI.DLL
01/06/2005 07:22 PM 225,168 jrj0251mg.dll
01/06/2005 07:09 PM 223,240 jt8007lme.dll
01/06/2005 07:06 PM 223,442 lv8209loe.dll
01/06/2005 12:35 PM 223,153 s8rs0i97e8.dll
01/05/2005 12:08 PM 223,153 lpfil13n.DLL
01/02/2005 12:07 PM 226,077 k8js0i17e8.dll
12/26/2004 09:50 PM 224,700 cZtsrv.dll
12/25/2004 11:04 PM 225,047 icetres.dll
12/25/2004 07:37 PM 222,831 via64k.dll
12/25/2004 09:23 AM 222,968 fusperf.dll
12/24/2004 10:20 PM 222,831 anmparse.dll
12/24/2004 06:38 PM 226,148 nyevtmsg.dll
12/24/2004 12:17 PM 222,501 xwsp1res.dll
12/24/2004 01:14 AM 226,148 szgtab.dll
12/23/2004 06:54 PM 222,501 org.dll
12/23/2004 06:09 PM 226,148 muctfp.dll
12/22/2004 10:50 PM 224,402 emcapi.dll
12/22/2004 10:07 PM 224,745 kudnecAT.dll
12/22/2004 08:50 PM 224,402 nrtevent.dll
12/22/2004 08:07 PM 223,471 rpm.dll
12/20/2004 06:31 PM 223,158 FHStudioDLL.dll
12/20/2004 01:26 PM 223,158 hvetmon.dll
12/20/2004 12:26 PM 223,158 hucoin.dll
12/19/2004 09:11 PM 223,158 mfnsspc.dll
12/19/2004 04:25 PM 223,158 dldskres.dll
12/17/2004 10:58 PM 223,280 mvn4l95q1.dll
12/16/2004 02:15 PM 223,280 closys.dll
12/15/2004 04:20 PM 222,987 mvjul9191.dll
12/13/2004 11:56 PM 224,403 akifile.dll
12/13/2004 11:32 PM 223,122 pgtorsvc.dll
12/13/2004 11:22 PM 223,861 ksdgkl.dll
12/13/2004 04:51 PM 223,122 muisam11.dll
12/13/2004 12:33 PM 223,861 ceyptext.dll
12/13/2004 12:20 PM 223,122 kodusl.dll
12/13/2004 11:54 AM 225,775 srimgvw.dll
12/12/2004 10:37 PM 222,745 dzsec.dll
12/12/2004 10:31 PM 225,775 jLvacypt.dll
12/12/2004 06:22 PM 223,900 drcompos.dll
12/12/2004 04:47 PM 223,232 aylsp.dll
12/12/2004 04:39 PM 223,900 aaupd.dll
12/12/2004 04:24 PM 223,232 ujerenv.dll
11/26/2004 08:14 PM <DIR> Microsoft
09/21/2004 10:15 PM <DIR> dllcache
07/24/2004 09:35 PM 848 KGyGaAvL.sys
104 File(s) 22,842,063 bytes
2 Dir(s) 2,854,060,032 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32

09/21/2004 10:15 PM <DIR> dllcache
07/24/2004 09:35 PM 848 KGyGaAvL.sys
09/30/2001 11:30 PM 488 logonui.exe.manifest
09/30/2001 11:30 PM 488 WindowsLogon.manifest
09/30/2001 11:30 PM 749 wuaucpl.cpl.manifest
09/30/2001 11:30 PM 749 cdplayer.exe.manifest
09/30/2001 11:30 PM 749 nwc.cpl.manifest
09/30/2001 11:30 PM 749 ncpa.cpl.manifest
09/30/2001 11:30 PM 749 sapi.cpl.manifest
8 File(s) 5,569 bytes
1 Dir(s) 2,854,060,032 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32


------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{FF9803A1-F905-43E6-BC06-98BEEE3FDE38}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
aaupd.dll Sun Dec 12 2004 4:39:58p ..S.R 223,900 218.65 K
aistream.dll Mon Jan 10 2005 11:26:16a ..S.R 223,153 217.92 K
akifile.dll Mon Dec 13 2004 11:56:24p ..S.R 224,403 219.14 K
anmparse.dll Fri Dec 24 2004 10:20:02p ..S.R 222,831 217.61 K
aprsvc.dll Wed Jan 12 2005 11:51:36a ..S.R 224,357 219.10 K
axl.dll Mon Jan 10 2005 12:12:34p ..S.R 223,153 217.92 K
aylsp.dll Sun Dec 12 2004 4:47:16p ..S.R 223,232 218.00 K
azaol9~1.dll Mon Jan 10 2005 11:29:28a ..S.R 224,828 219.56 K
azas0i~1.dll Wed Jan 12 2005 12:19:58p ..S.R 225,471 220.18 K
ceyptext.dll Mon Dec 13 2004 12:33:18p ..S.R 223,861 218.61 K
closys.dll Thu Dec 16 2004 2:15:34p ..S.R 223,280 218.05 K
cqtsrvut.dll Fri Jan 7 2005 11:35:52a ..S.R 225,181 219.90 K
csfview.dll Fri Jan 7 2005 10:11:58a ..S.R 225,181 219.90 K
cz60sui.dll Thu Jan 6 2005 7:22:30p ..S.R 223,153 217.92 K
cztsrv.dll Sun Dec 26 2004 9:50:50p ..S.R 224,700 219.43 K
d40mle~1.dll Mon Jan 10 2005 8:38:56p ..S.R 223,153 217.92 K
dldskres.dll Sun Dec 19 2004 4:25:48p ..S.R 223,158 217.93 K
dnnm01~1.dll Wed Jan 12 2005 12:01:50p ..S.R 224,508 219.25 K
dnpm01~1.dll Wed Jan 12 2005 11:48:02a ..S.R 224,528 219.27 K
doprpres.dll Fri Jan 7 2005 11:29:18a ..S.R 223,153 217.92 K
drcompos.dll Sun Dec 12 2004 6:22:46p ..S.R 223,900 218.65 K
dzsec.dll Sun Dec 12 2004 10:37:36p ..S.R 222,745 217.52 K
eaent.dll Mon Jan 10 2005 12:41:30a ..S.R 223,153 217.92 K
emcapi.dll Wed Dec 22 2004 10:50:40p ..S.R 224,402 219.14 K
en82l1~1.dll Wed Jan 12 2005 11:51:36a ..S.R 225,638 220.35 K
ennml1~1.dll Tue Jan 11 2005 11:25:46p ..S.R 224,357 219.10 K
f02mla~1.dll Mon Jan 10 2005 12:14:40p ..S.R 224,273 219.02 K
fhstud~1.dll Mon Dec 20 2004 6:31:28p ..S.R 223,158 217.93 K
flsdrv.dll Fri Jan 7 2005 12:07:32p ..S.R 223,153 217.92 K
fp0403~1.dll Mon Jan 10 2005 12:03:46p ..S.R 223,556 218.32 K
fpl203~1.dll Fri Jan 7 2005 11:42:46a ..S.R 223,386 218.15 K
fusperf.dll Sat Dec 25 2004 9:23:14a ..S.R 222,968 217.74 K
g8lm0i~1.dll Wed Jan 12 2005 12:25:34p ..S.R 224,495 219.23 K
gplml3~1.dll Sun Jan 9 2005 8:32:48a ..S.R 224,242 218.98 K
h00q0a~1.dll Wed Jan 12 2005 2:50:00p ..S.R 226,087 220.79 K
h40qle~1.dll Mon Jan 10 2005 9:23:56p ..S.R 224,161 218.91 K
hr4805~1.dll Sun Jan 9 2005 9:53:40p ..S.R 223,153 217.92 K
hucoin.dll Mon Dec 20 2004 12:27:00p ..S.R 223,158 217.93 K
hvetmon.dll Mon Dec 20 2004 1:26:46p ..S.R 223,158 217.93 K
icetres.dll Sat Dec 25 2004 11:04:58p ..S.R 225,047 219.77 K
if41_qcx.dll Wed Jan 12 2005 12:01:50p ..S.R 224,357 219.10 K
iietcomm.dll Mon Jan 10 2005 12:14:40p ..S.R 223,153 217.92 K
irlsl5~1.dll Wed Jan 12 2005 4:21:02p ..S.R 224,357 219.10 K
j20s0c~1.dll Fri Jan 7 2005 11:50:14a ..S.R 223,855 218.61 K
j26m0c~1.dll Mon Jan 10 2005 8:48:26p ..S.R 224,161 218.91 K
jlvacypt.dll Sun Dec 12 2004 10:31:16p ..S.R 225,775 220.48 K
jrj025~1.dll Thu Jan 6 2005 7:22:30p ..S.R 225,168 219.89 K
jt8007~1.dll Thu Jan 6 2005 7:09:48p ..S.R 223,240 218.01 K
k0pmla~1.dll Mon Jan 10 2005 11:24:32a ..S.R 224,323 219.06 K
k4620e~1.dll Fri Jan 7 2005 12:09:36p ..S.R 223,153 217.92 K
k480le~1.dll Mon Jan 10 2005 9:01:42p ..S.R 224,161 218.91 K
k8440i~1.dll Mon Jan 10 2005 11:21:22a ..S.R 223,601 218.36 K
k8js0i~1.dll Sun Jan 2 2005 12:07:14p ..S.R 226,077 220.78 K
kddbr.dll Fri Jan 7 2005 12:00:50p ..S.R 223,153 217.92 K
kmd101.dll Fri Jan 7 2005 11:50:14a ..S.R 223,153 217.92 K
kmdhela3.dll Mon Jan 10 2005 11:21:22a ..S.R 223,153 217.92 K
kodusl.dll Mon Dec 13 2004 12:20:50p ..S.R 223,122 217.89 K
krdfi.dll Thu Jan 6 2005 7:31:58p ..S.R 223,153 217.92 K
ksdgkl.dll Mon Dec 13 2004 11:22:10p ..S.R 223,861 218.61 K
ktj2l7~1.dll Wed Jan 12 2005 11:58:40a ..S.R 225,574 220.29 K
kudnecat.dll Wed Dec 22 2004 10:07:40p ..S.R 224,745 219.48 K
l08m0a~1.dll Fri Jan 7 2005 11:46:32a ..S.R 223,333 218.10 K
l4l6le~1.dll Mon Jan 10 2005 12:35:42a ..S.R 223,647 218.40 K
lciff13n.dll Mon Jan 10 2005 11:29:28a ..S.R 223,153 217.92 K
lcrhelp.dll Fri Jan 7 2005 11:46:32a ..S.R 223,153 217.92 K
lpfil13n.dll Wed Jan 5 2005 12:08:08p ..S.R 223,153 217.92 K
lv8009~1.dll Mon Jan 10 2005 12:09:38p ..S.R 223,242 218.01 K
lv8209~1.dll Thu Jan 6 2005 7:06:42p ..S.R 223,442 218.20 K
lvj409~1.dll Fri Jan 7 2005 12:00:50p ..S.R 223,572 218.33 K
m4lsle~1.dll Tue Jan 11 2005 11:22:20p ..S.R 224,161 218.91 K
mfnsspc.dll Sun Dec 19 2004 9:11:20p ..S.R 223,158 217.93 K
mticda.dll Wed Jan 12 2005 12:19:58p ..S.R 224,357 219.10 K
muctfp.dll Thu Dec 23 2004 6:09:10p ..S.R 226,148 220.85 K
muisam11.dll Mon Dec 13 2004 4:51:34p ..S.R 223,122 217.89 K
mv88l9~1.dll Mon Jan 10 2005 11:33:00a ..S.R 225,042 219.77 K
mvjul9~1.dll Wed Dec 15 2004 4:20:04p ..S.R 222,987 217.76 K
mvlol9~1.dll Mon Jan 10 2005 12:12:34p ..S.R 224,492 219.23 K
mvn4l9~1.dll Fri Dec 17 2004 10:58:46p ..S.R 223,280 218.05 K
mvnol9~1.dll Fri Jan 7 2005 12:05:50p ..S.R 223,153 217.92 K
n0n6la~1.dll Mon Jan 10 2005 12:20:26p ..S.R 224,803 219.53 K
n4n6le~1.dll Fri Jan 7 2005 12:16:02p ..S.R 224,807 219.54 K
nrtevent.dll Wed Dec 22 2004 8:50:52p ..S.R 224,402 219.14 K
nxlanui2.dll Mon Jan 10 2005 12:09:38p ..S.R 223,153 217.92 K
nyevtmsg.dll Fri Dec 24 2004 6:38:08p ..S.R 226,148 220.85 K
org.dll Thu Dec 23 2004 6:54:38p ..S.R 222,501 217.29 K
p46sle~1.dll Mon Jan 10 2005 11:26:16a ..S.R 224,917 219.64 K
pgtorsvc.dll Mon Dec 13 2004 11:32:10p ..S.R 223,122 217.89 K
rpm.dll Wed Dec 22 2004 8:07:28p ..S.R 223,471 218.23 K
s4rsle~1.dll Mon Jan 10 2005 10:06:56p ..S.R 225,955 220.66 K
s8rs0i~1.dll Thu Jan 6 2005 12:35:22p ..S.R 223,153 217.92 K
srimgvw.dll Mon Dec 13 2004 11:54:36a ..S.R 225,775 220.48 K
swlgntfy.dll Fri Jan 7 2005 12:19:40p ..S.R 223,153 217.92 K
szgtab.dll Fri Dec 24 2004 1:14:24a ..S.R 226,148 220.85 K
tbps.ini Fri Jan 14 2005 11:35:32a ..S.R 553 0.54 K
uhrcoina.dll Thu Jan 6 2005 8:21:00p ..S.R 223,153 217.92 K
ujerenv.dll Sun Dec 12 2004 4:24:24p ..S.R 223,232 218.00 K
vaa.dll Fri Jan 7 2005 12:12:46p ..S.R 223,153 217.92 K
via64k.dll Sat Dec 25 2004 7:37:50p ..S.R 222,831 217.61 K
vsdex.dll Mon Jan 10 2005 12:03:46p ..S.R 223,153 217.92 K
wndmtpdr.dll Fri Jan 7 2005 11:42:46a ..S.R 223,153 217.92 K
woags48b.dll Wed Jan 12 2005 11:58:40a ..S.R 224,357 219.10 K
wopasf.dll Wed Jan 12 2005 11:43:12a ..S.R 224,357 219.10 K
xwsp1res.dll Fri Dec 24 2004 12:17:36p ..S.R 222,501 217.29 K

103 items found: 103 files, 0 directories.
Total of file sizes: 22,841,215 bytes 21.78 M

-------- Strings.exe Qoologic Results --------

C:\WINDOWS\system32\aqzqmq.exe: updates.qoologic.com
C:\WINDOWS\system32\naoaua.dll: updates.qoologic.com
C:\WINDOWS\system32\qpypzp.dll: updates.qoologic.com

--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\Beauties Of VirtuaGirls.com.SCR: .aspack
C:\WINDOWS\system32\Beauties Of VirtuaGirls.com.SCR: .aspack
C:\WINDOWS\system32\gkikok.exe: .aspack
C:\WINDOWS\system32\IJL15.dll: .aspack
C:\WINDOWS\system32\Incinerator.dll: .aspack
C:\WINDOWS\system32\kvavyv.dat: .aspack
C:\WINDOWS\system32\ntdll.dll: .aspack
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\inunpn.exe: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kalvsys"="C:\\windows\\system32\\kalvmhg32.exe"
"Narrator"="C:\\WINDOWS\\system32\\gkikok.exe"
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"WinTools"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"TBPS"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"AutoLoaderrFuG1OJXOLaK"="\"C:\\WINDOWS\\system32\\mpeur32.exe\" "
"rs5g34U"="mpeur32.exe"


 :tazz:
  • 0

#9
Victor Creed
Posted 14 January 2005 - 02:10 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Also I got some critical files from some program or place or etc called IBIS. I can't seem to delete it. Any suggestions? 6 of them
  • 0

#10
Victor Creed
Posted 14 January 2005 - 06:17 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Move'em up.
  • 0

Advertisements

#11
Victor Creed
Posted 15 January 2005 - 11:52 AM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Back up we go.
  • 0

#12
Victor Creed
Posted 15 January 2005 - 11:38 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Now my system freezes occasionally that I have to turn it off with the power button
  • 0

#13
coachwife6
Posted 17 January 2005 - 09:09 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hey Victor. Each time you reboot, it changes everything. I know you have no choice in the matter. I should be around to check your log today and we can work through this. But once we start the fix, you can't reboot. Can we see another log?
  • 0

#14
Victor Creed
Posted 17 January 2005 - 01:54 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Here is my new log for Monday the 17th :tazz:


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32

01/17/2005 11:32 AM 554 TBPS.ini
01/12/2005 04:21 PM 224,357 irlsl5371.dll
01/12/2005 02:49 PM 226,087 h00q0ad5ed0.dll
01/12/2005 12:25 PM 224,495 g8lm0i31e8.dll
01/12/2005 12:19 PM 224,357 mticda.dll
01/12/2005 12:19 PM 225,471 azas0i97e8.dll
01/12/2005 12:01 PM 224,357 if41_qcx.dll
01/12/2005 12:01 PM 224,508 dnnm0151e.dll
01/12/2005 11:58 AM 224,357 woags48b.dll
01/12/2005 11:58 AM 225,574 ktj2l71o1.dll
01/12/2005 11:51 AM 224,357 aprsvc.dll
01/12/2005 11:51 AM 225,638 en82l1lo1.dll
01/12/2005 11:48 AM 224,528 dnpm0171e.dll
01/12/2005 11:43 AM 224,357 wopasf.dll
01/11/2005 11:25 PM 224,357 ennml1511.dll
01/11/2005 11:22 PM 224,161 m4lsle371h.dll
01/10/2005 10:06 PM 225,955 s4rsle971h.dll
01/10/2005 09:23 PM 224,161 h40qled51h0.dll
01/10/2005 09:01 PM 224,161 k480lelm1hqa.dll
01/10/2005 08:48 PM 224,161 j26m0cj1efo.dll
01/10/2005 08:38 PM 223,153 d40mled11h0.dll
01/10/2005 12:20 PM 224,803 n0n6la5s1d.dll
01/10/2005 12:14 PM 223,153 iietcomm.dll
01/10/2005 12:14 PM 224,273 f02mlaf11d2.dll
01/10/2005 12:12 PM 223,153 axl.dll
01/10/2005 12:12 PM 224,492 mvlol9331.dll
01/10/2005 12:09 PM 223,153 nxlanui2.dll
01/10/2005 12:09 PM 223,242 lv8009lme.dll
01/10/2005 12:03 PM 223,153 vsdex.dll
01/10/2005 12:03 PM 223,556 fp0403dqe.dll
01/10/2005 11:32 AM 225,042 mv88l9lu1.dll
01/10/2005 11:29 AM 223,153 lciff13n.dll
01/10/2005 11:29 AM 224,828 azaol9531.dll
01/10/2005 11:26 AM 223,153 aistream.dll
01/10/2005 11:26 AM 224,917 p46slej71ho.dll
01/10/2005 11:24 AM 224,323 k0pmla711d.dll
01/10/2005 11:21 AM 223,153 kmdhela3.dll
01/10/2005 11:21 AM 223,601 k8440ihqe84e0.dll
01/10/2005 12:41 AM 223,153 eaent.dll
01/10/2005 12:35 AM 223,647 l4l6le3s1h.dll
01/09/2005 09:53 PM 223,153 hr4805hue.dll
01/09/2005 08:32 AM 224,242 gplml3311.dll
01/07/2005 12:19 PM 223,153 swlgntfy.dll
01/07/2005 12:16 PM 224,807 n4n6le5s1h.dll
01/07/2005 12:12 PM 223,153 vaa.dll
01/07/2005 12:09 PM 223,153 k4620ejoehoc0.dll
01/07/2005 12:07 PM 223,153 flsdrv.dll
01/07/2005 12:05 PM 223,153 mvnol9531.dll
01/07/2005 12:00 PM 223,153 kddbr.dll
01/07/2005 12:00 PM 223,572 lvj4091qe.dll
01/07/2005 11:50 AM 223,153 kmd101.dll
01/07/2005 11:50 AM 223,855 j20s0cd7ef0.dll
01/07/2005 11:46 AM 223,153 lcrhelp.dll
01/07/2005 11:46 AM 223,333 l08m0al1edq.dll
01/07/2005 11:42 AM 223,153 wndmtpdr.dll
01/07/2005 11:42 AM 223,386 fpl2033oe.dll
01/07/2005 11:35 AM 225,181 cQtsrvut.dll
01/07/2005 11:29 AM 223,153 doprpres.dll
01/07/2005 10:11 AM 225,181 csfview.dll
01/06/2005 08:20 PM 223,153 uhrcoina.dll
01/06/2005 07:31 PM 223,153 krdfi.dll
01/06/2005 07:22 PM 223,153 CZ60SUI.DLL
01/06/2005 07:22 PM 225,168 jrj0251mg.dll
01/06/2005 07:09 PM 223,240 jt8007lme.dll
01/06/2005 07:06 PM 223,442 lv8209loe.dll
01/06/2005 12:35 PM 223,153 s8rs0i97e8.dll
01/05/2005 12:08 PM 223,153 lpfil13n.DLL
01/02/2005 12:07 PM 226,077 k8js0i17e8.dll
12/26/2004 09:50 PM 224,700 cZtsrv.dll
12/25/2004 11:04 PM 225,047 icetres.dll
12/25/2004 07:37 PM 222,831 via64k.dll
12/25/2004 09:23 AM 222,968 fusperf.dll
12/24/2004 10:20 PM 222,831 anmparse.dll
12/24/2004 06:38 PM 226,148 nyevtmsg.dll
12/24/2004 12:17 PM 222,501 xwsp1res.dll
12/24/2004 01:14 AM 226,148 szgtab.dll
12/23/2004 06:54 PM 222,501 org.dll
12/23/2004 06:09 PM 226,148 muctfp.dll
12/22/2004 10:50 PM 224,402 emcapi.dll
12/22/2004 10:07 PM 224,745 kudnecAT.dll
12/22/2004 08:50 PM 224,402 nrtevent.dll
12/22/2004 08:07 PM 223,471 rpm.dll
12/20/2004 06:31 PM 223,158 FHStudioDLL.dll
12/20/2004 01:26 PM 223,158 hvetmon.dll
12/20/2004 12:26 PM 223,158 hucoin.dll
12/19/2004 09:11 PM 223,158 mfnsspc.dll
12/19/2004 04:25 PM 223,158 dldskres.dll
12/17/2004 10:58 PM 223,280 mvn4l95q1.dll
12/16/2004 02:15 PM 223,280 closys.dll
12/15/2004 04:20 PM 222,987 mvjul9191.dll
12/13/2004 11:56 PM 224,403 akifile.dll
12/13/2004 11:32 PM 223,122 pgtorsvc.dll
12/13/2004 11:22 PM 223,861 ksdgkl.dll
12/13/2004 04:51 PM 223,122 muisam11.dll
12/13/2004 12:33 PM 223,861 ceyptext.dll
12/13/2004 12:20 PM 223,122 kodusl.dll
12/13/2004 11:54 AM 225,775 srimgvw.dll
12/12/2004 10:37 PM 222,745 dzsec.dll
12/12/2004 10:31 PM 225,775 jLvacypt.dll
12/12/2004 06:22 PM 223,900 drcompos.dll
12/12/2004 04:47 PM 223,232 aylsp.dll
12/12/2004 04:39 PM 223,900 aaupd.dll
12/12/2004 04:24 PM 223,232 ujerenv.dll
11/26/2004 08:14 PM <DIR> Microsoft
09/21/2004 10:15 PM <DIR> dllcache
07/24/2004 09:35 PM 848 KGyGaAvL.sys
104 File(s) 22,842,064 bytes
2 Dir(s) 1,196,953,600 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32

09/21/2004 10:15 PM <DIR> dllcache
07/24/2004 09:35 PM 848 KGyGaAvL.sys
09/30/2001 11:30 PM 488 logonui.exe.manifest
09/30/2001 11:30 PM 488 WindowsLogon.manifest
09/30/2001 11:30 PM 749 wuaucpl.cpl.manifest
09/30/2001 11:30 PM 749 cdplayer.exe.manifest
09/30/2001 11:30 PM 749 nwc.cpl.manifest
09/30/2001 11:30 PM 749 ncpa.cpl.manifest
09/30/2001 11:30 PM 749 sapi.cpl.manifest
8 File(s) 5,569 bytes
1 Dir(s) 1,196,953,600 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C is MI6
Volume Serial Number is 2C7E-7243

Directory of C:\WINDOWS\System32


------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{FF9803A1-F905-43E6-BC06-98BEEE3FDE38}"=""
"iebar"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
aaupd.dll Sun Dec 12 2004 4:39:58p ..S.R 223,900 218.65 K
aistream.dll Mon Jan 10 2005 11:26:16a ..S.R 223,153 217.92 K
akifile.dll Mon Dec 13 2004 11:56:24p ..S.R 224,403 219.14 K
anmparse.dll Fri Dec 24 2004 10:20:02p ..S.R 222,831 217.61 K
aprsvc.dll Wed Jan 12 2005 11:51:36a ..S.R 224,357 219.10 K
axl.dll Mon Jan 10 2005 12:12:34p ..S.R 223,153 217.92 K
aylsp.dll Sun Dec 12 2004 4:47:16p ..S.R 223,232 218.00 K
azaol9~1.dll Mon Jan 10 2005 11:29:28a ..S.R 224,828 219.56 K
azas0i~1.dll Wed Jan 12 2005 12:19:58p ..S.R 225,471 220.18 K
ceyptext.dll Mon Dec 13 2004 12:33:18p ..S.R 223,861 218.61 K
closys.dll Thu Dec 16 2004 2:15:34p ..S.R 223,280 218.05 K
cqtsrvut.dll Fri Jan 7 2005 11:35:52a ..S.R 225,181 219.90 K
csfview.dll Fri Jan 7 2005 10:11:58a ..S.R 225,181 219.90 K
cz60sui.dll Thu Jan 6 2005 7:22:30p ..S.R 223,153 217.92 K
cztsrv.dll Sun Dec 26 2004 9:50:50p ..S.R 224,700 219.43 K
d40mle~1.dll Mon Jan 10 2005 8:38:56p ..S.R 223,153 217.92 K
dldskres.dll Sun Dec 19 2004 4:25:48p ..S.R 223,158 217.93 K
dnnm01~1.dll Wed Jan 12 2005 12:01:50p ..S.R 224,508 219.25 K
dnpm01~1.dll Wed Jan 12 2005 11:48:02a ..S.R 224,528 219.27 K
doprpres.dll Fri Jan 7 2005 11:29:18a ..S.R 223,153 217.92 K
drcompos.dll Sun Dec 12 2004 6:22:46p ..S.R 223,900 218.65 K
dzsec.dll Sun Dec 12 2004 10:37:36p ..S.R 222,745 217.52 K
eaent.dll Mon Jan 10 2005 12:41:30a ..S.R 223,153 217.92 K
emcapi.dll Wed Dec 22 2004 10:50:40p ..S.R 224,402 219.14 K
en82l1~1.dll Wed Jan 12 2005 11:51:36a ..S.R 225,638 220.35 K
ennml1~1.dll Tue Jan 11 2005 11:25:46p ..S.R 224,357 219.10 K
f02mla~1.dll Mon Jan 10 2005 12:14:40p ..S.R 224,273 219.02 K
fhstud~1.dll Mon Dec 20 2004 6:31:28p ..S.R 223,158 217.93 K
flsdrv.dll Fri Jan 7 2005 12:07:32p ..S.R 223,153 217.92 K
fp0403~1.dll Mon Jan 10 2005 12:03:46p ..S.R 223,556 218.32 K
fpl203~1.dll Fri Jan 7 2005 11:42:46a ..S.R 223,386 218.15 K
fusperf.dll Sat Dec 25 2004 9:23:14a ..S.R 222,968 217.74 K
g8lm0i~1.dll Wed Jan 12 2005 12:25:34p ..S.R 224,495 219.23 K
gplml3~1.dll Sun Jan 9 2005 8:32:48a ..S.R 224,242 218.98 K
h00q0a~1.dll Wed Jan 12 2005 2:50:00p ..S.R 226,087 220.79 K
h40qle~1.dll Mon Jan 10 2005 9:23:56p ..S.R 224,161 218.91 K
hr4805~1.dll Sun Jan 9 2005 9:53:40p ..S.R 223,153 217.92 K
hucoin.dll Mon Dec 20 2004 12:27:00p ..S.R 223,158 217.93 K
hvetmon.dll Mon Dec 20 2004 1:26:46p ..S.R 223,158 217.93 K
icetres.dll Sat Dec 25 2004 11:04:58p ..S.R 225,047 219.77 K
if41_qcx.dll Wed Jan 12 2005 12:01:50p ..S.R 224,357 219.10 K
iietcomm.dll Mon Jan 10 2005 12:14:40p ..S.R 223,153 217.92 K
irlsl5~1.dll Wed Jan 12 2005 4:21:02p ..S.R 224,357 219.10 K
j20s0c~1.dll Fri Jan 7 2005 11:50:14a ..S.R 223,855 218.61 K
j26m0c~1.dll Mon Jan 10 2005 8:48:26p ..S.R 224,161 218.91 K
jlvacypt.dll Sun Dec 12 2004 10:31:16p ..S.R 225,775 220.48 K
jrj025~1.dll Thu Jan 6 2005 7:22:30p ..S.R 225,168 219.89 K
jt8007~1.dll Thu Jan 6 2005 7:09:48p ..S.R 223,240 218.01 K
k0pmla~1.dll Mon Jan 10 2005 11:24:32a ..S.R 224,323 219.06 K
k4620e~1.dll Fri Jan 7 2005 12:09:36p ..S.R 223,153 217.92 K
k480le~1.dll Mon Jan 10 2005 9:01:42p ..S.R 224,161 218.91 K
k8440i~1.dll Mon Jan 10 2005 11:21:22a ..S.R 223,601 218.36 K
k8js0i~1.dll Sun Jan 2 2005 12:07:14p ..S.R 226,077 220.78 K
kddbr.dll Fri Jan 7 2005 12:00:50p ..S.R 223,153 217.92 K
kmd101.dll Fri Jan 7 2005 11:50:14a ..S.R 223,153 217.92 K
kmdhela3.dll Mon Jan 10 2005 11:21:22a ..S.R 223,153 217.92 K
kodusl.dll Mon Dec 13 2004 12:20:50p ..S.R 223,122 217.89 K
krdfi.dll Thu Jan 6 2005 7:31:58p ..S.R 223,153 217.92 K
ksdgkl.dll Mon Dec 13 2004 11:22:10p ..S.R 223,861 218.61 K
ktj2l7~1.dll Wed Jan 12 2005 11:58:40a ..S.R 225,574 220.29 K
kudnecat.dll Wed Dec 22 2004 10:07:40p ..S.R 224,745 219.48 K
l08m0a~1.dll Fri Jan 7 2005 11:46:32a ..S.R 223,333 218.10 K
l4l6le~1.dll Mon Jan 10 2005 12:35:42a ..S.R 223,647 218.40 K
lciff13n.dll Mon Jan 10 2005 11:29:28a ..S.R 223,153 217.92 K
lcrhelp.dll Fri Jan 7 2005 11:46:32a ..S.R 223,153 217.92 K
lpfil13n.dll Wed Jan 5 2005 12:08:08p ..S.R 223,153 217.92 K
lv8009~1.dll Mon Jan 10 2005 12:09:38p ..S.R 223,242 218.01 K
lv8209~1.dll Thu Jan 6 2005 7:06:42p ..S.R 223,442 218.20 K
lvj409~1.dll Fri Jan 7 2005 12:00:50p ..S.R 223,572 218.33 K
m4lsle~1.dll Tue Jan 11 2005 11:22:20p ..S.R 224,161 218.91 K
mfnsspc.dll Sun Dec 19 2004 9:11:20p ..S.R 223,158 217.93 K
mticda.dll Wed Jan 12 2005 12:19:58p ..S.R 224,357 219.10 K
muctfp.dll Thu Dec 23 2004 6:09:10p ..S.R 226,148 220.85 K
muisam11.dll Mon Dec 13 2004 4:51:34p ..S.R 223,122 217.89 K
mv88l9~1.dll Mon Jan 10 2005 11:33:00a ..S.R 225,042 219.77 K
mvjul9~1.dll Wed Dec 15 2004 4:20:04p ..S.R 222,987 217.76 K
mvlol9~1.dll Mon Jan 10 2005 12:12:34p ..S.R 224,492 219.23 K
mvn4l9~1.dll Fri Dec 17 2004 10:58:46p ..S.R 223,280 218.05 K
mvnol9~1.dll Fri Jan 7 2005 12:05:50p ..S.R 223,153 217.92 K
n0n6la~1.dll Mon Jan 10 2005 12:20:26p ..S.R 224,803 219.53 K
n4n6le~1.dll Fri Jan 7 2005 12:16:02p ..S.R 224,807 219.54 K
nrtevent.dll Wed Dec 22 2004 8:50:52p ..S.R 224,402 219.14 K
nxlanui2.dll Mon Jan 10 2005 12:09:38p ..S.R 223,153 217.92 K
nyevtmsg.dll Fri Dec 24 2004 6:38:08p ..S.R 226,148 220.85 K
org.dll Thu Dec 23 2004 6:54:38p ..S.R 222,501 217.29 K
p46sle~1.dll Mon Jan 10 2005 11:26:16a ..S.R 224,917 219.64 K
pgtorsvc.dll Mon Dec 13 2004 11:32:10p ..S.R 223,122 217.89 K
rpm.dll Wed Dec 22 2004 8:07:28p ..S.R 223,471 218.23 K
s4rsle~1.dll Mon Jan 10 2005 10:06:56p ..S.R 225,955 220.66 K
s8rs0i~1.dll Thu Jan 6 2005 12:35:22p ..S.R 223,153 217.92 K
srimgvw.dll Mon Dec 13 2004 11:54:36a ..S.R 225,775 220.48 K
swlgntfy.dll Fri Jan 7 2005 12:19:40p ..S.R 223,153 217.92 K
szgtab.dll Fri Dec 24 2004 1:14:24a ..S.R 226,148 220.85 K
tbps.ini Mon Jan 17 2005 11:32:30a ..S.R 554 0.54 K
uhrcoina.dll Thu Jan 6 2005 8:21:00p ..S.R 223,153 217.92 K
ujerenv.dll Sun Dec 12 2004 4:24:24p ..S.R 223,232 218.00 K
vaa.dll Fri Jan 7 2005 12:12:46p ..S.R 223,153 217.92 K
via64k.dll Sat Dec 25 2004 7:37:50p ..S.R 222,831 217.61 K
vsdex.dll Mon Jan 10 2005 12:03:46p ..S.R 223,153 217.92 K
wndmtpdr.dll Fri Jan 7 2005 11:42:46a ..S.R 223,153 217.92 K
woags48b.dll Wed Jan 12 2005 11:58:40a ..S.R 224,357 219.10 K
wopasf.dll Wed Jan 12 2005 11:43:12a ..S.R 224,357 219.10 K
xwsp1res.dll Fri Dec 24 2004 12:17:36p ..S.R 222,501 217.29 K

103 items found: 103 files, 0 directories.
Total of file sizes: 22,841,216 bytes 21.78 M

-------- Strings.exe Qoologic Results --------

C:\WINDOWS\system32\aqzqmq.exe: updates.qoologic.com
C:\WINDOWS\system32\naoaua.dll: updates.qoologic.com
C:\WINDOWS\system32\qpypzp.dll: updates.qoologic.com

--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\Beauties Of VirtuaGirls.com.SCR: .aspack
C:\WINDOWS\system32\Beauties Of VirtuaGirls.com.SCR: .aspack
C:\WINDOWS\system32\gkikok.exe: .aspack
C:\WINDOWS\system32\IJL15.dll: .aspack
C:\WINDOWS\system32\Incinerator.dll: .aspack
C:\WINDOWS\system32\kvavyv.dat: .aspack
C:\WINDOWS\system32\ntdll.dll: .aspack
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\inunpn.exe: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kalvsys"="C:\\windows\\system32\\kalvmhg32.exe"
"Narrator"="C:\\WINDOWS\\system32\\gkikok.exe"
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"WinTools"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"TBPS"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"



  • 0

#15
Victor Creed
Posted 17 January 2005 - 01:56 PM

Victor Creed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
I also occasionally get the Dr. Postmortem err and the unmonitor one. Plus like I said I have pop ups coming up sometimes as fast as every minute, and lastly my system is bogged down.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP