Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With,smitfraud-zlob-spyware Detection Alert-nebularzlop.aq-toolbar888 And I Hope Thats All.


  • This topic is locked This topic is locked
48 replies to this topic

#1 webergr13

webergr13

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 17 November 2006 - 09:41 AM

I am infected with Smitfraud -Toolbar888 -Zlob -Zlop.AQ -Nebular -Spyware Detection Alert and i hope thats all.
Logfile of HijackThis v1.99.1
Scan saved at 8:37:43 AM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{40076320-0AE9-1033-0104-060405120001}\Update.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gary Weber\My Documents\Programs\Anti keeloger\aklogNT+.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ZipGenius 6\zipgenius.exe
C:\DOCUME~1\GARYWE~1\LOCALS~1\Temp\ZGTemp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)
O2 - BHO: (no name) - {372D02AB-B2BE-6628-E650-04171E6F1107} - C:\WINDOWS\system32\qudjclc.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\yayxyxw.dll
O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ekacpx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ekacpx.dll,sznnwub
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtip.dll,startup
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163100287734
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\SYSTEM32\winzlo32.dll
O20 - Winlogon Notify: yayxyxw - C:\WINDOWS\SYSTEM32\yayxyxw.dll
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

BC AdBot (Login to Remove)

 


#2 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 17 November 2006 - 11:41 AM

Hello webergr13, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#3 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 17 November 2006 - 12:59 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1
You have Windows Defender running on your machine and that is good. However, Windows Defender real-time protection can interfere with the changes you will make on your system, so please follow these instructions to temporarily disable Windows Defender real-time protection:
1. Open Windows Defender.
2. Click Tools, and then click General Settings.
3. Scroll down and uncheck the checkbox labelled "Turn on real-time protection (recommended)".
4. Click Save.
5. Close Windows Defender.

You can re-enable Windows Defender real-time protection once your system is clean.

Step #2
You have a SmitFraud infection. Download SmitFraudFix by S!Ri to get rid of it.
Download SmitfraudFix.zip

Once downloaded, extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd.
Select option #1 - Search by typing 1 and press Enter; a text file will appear which lists infected files (if present).
Please copy/paste the entire contents of that report into your next reply.

NOTE: Process.exe is detected by some antivirus programs (AntiVir, Dr.WEB, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Step #3
You are infected with Vundo. Download VundoFix.exe to your Desktop to get rid of it.
Download VundoFix.exe

Once downloaded, double-click VundoFix.exe to run it.
Now please perform these instructions:
1. Click the button labelled "Scan for Vundo".
2. Once it's done scanning, click the button labelled "Remove Vundo".
3. Click the Yes button at the prompt asking you if you want to remove the files.
NOTE: Once you click Yes, your Desktop will go blank as it starts removing Vundo.
4. When completed, it will prompt that it will reboot your computer. Click OK.

NOTE: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the button labelled "Scan for Vundo"" when VundoFix appears upon rebooting.

Post the entire contents of C:\vundofix.txt in your next reply.

Step #4
Please download Combofix and save it to your Desktop.
Download combofix.exe

Once downloaded, double-click combofix.exe and follow the on-screen prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

NOTE: Do not mouseclick Combofix's window whilst it's running. That may cause it to stall!

Step #5
I need to see another HijackThis log, but you need to extract (unzip) HijackThis first (otherwise the backups made when items are fixed won't be secure). The easiest way to accomplish this is to reinstall and delete any copies of HijackThis.zip you have saved.

Please download the self-extracting version of HijackThis and save HijackThis_sfx to your Desktop.
Download HijackThis v.1.99.1

Once it is downloaded, double-click on the hijackthis_sfx.exe file and click the Unzip button. Then close the WinZip Self-Extractor window. Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it.
Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

When the HijackThis window opens, click on the button labelled "Do a system scan and save a logfile". HijackThis will perform a system scan, and when the scan is complete, Notepad will open up containing the scan results. The HijackThis log will be automatically saved to the HijackThis folder. Copy the entire contents of the new HijackThis log and post them here.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#4 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 November 2006 - 09:06 AM

Hi htv8, I appreciate your help.this is my 1st. time so hope i am doing it right.

#5 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 November 2006 - 09:20 AM

SmitFraudFix v2.122

Scan done at 7:08:22.29, Sun 11/19/2006
Run from C:\Documents and Settings\Gary Weber\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Gary Weber


C:\Documents and Settings\Gary Weber\Application Data


Start Menu


C:\DOCUME~1\GARYWE~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End

#6 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 November 2006 - 09:22 AM

SmitFraudFix v2.122

Scan done at 7:08:22.29, Sun 11/19/2006
Run from C:\Documents and Settings\Gary Weber\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Gary Weber


C:\Documents and Settings\Gary Weber\Application Data


Start Menu


C:\DOCUME~1\GARYWE~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End

#7 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 November 2006 - 09:24 AM

Hope i am doing this right.
Gary Weber - 06-11-19 7:38:51.43 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Gary Weber\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{40076320-0AE9-1033-0104-060405120001}


((((((((((((((((((((((((((((((( Files Created from 2006-10-19 to 2006-11-19 ))))))))))))))))))))))))))))))))))


2006-11-17 06:02 692,276 --a------ C:\WINDOWS\system32\sstqq.dll
2006-11-17 05:45 692,276 --a------ C:\WINDOWS\system32\pmkjh.dll
2006-11-17 05:40 692,276 --a------ C:\WINDOWS\system32\vtsts.dll
2006-11-17 05:34 692,276 --a------ C:\WINDOWS\system32\jkhhh.dll
2006-11-17 05:31 692,276 --a------ C:\WINDOWS\system32\awvtu.dll
2006-11-16 14:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-16 14:13 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-16 14:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-16 14:13 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-16 10:50 94,208 --a------ C:\WINDOWS\system32\ekacpx.dll
2006-11-16 10:50 71,168 --a------ C:\WINDOWS\system32\qudjclc.dll
2006-11-16 08:13 40,973 --------- C:\WINDOWS\system32\yayxyxw.dll
2006-11-14 11:48 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-12 13:03 34,308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-11-12 08:13 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2006-11-12 06:58 98,358 --a------ C:\WINDOWS\dla.exe
2006-11-12 06:58 87,136 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys
2006-11-12 06:58 61,498 --a------ C:\WINDOWS\system32\tfswapi.dll
2006-11-12 06:58 5,627 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys
2006-11-12 06:58 40,544 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys
2006-11-12 06:58 23,545 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys
2006-11-12 06:31 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-11-12 06:30 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-11-12 06:30 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-12 06:30 376,832 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2006-11-12 06:30 22,528 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-11-12 06:30 212,992 -ra------ C:\WINDOWS\system32\LVUI2.dll
2006-11-12 06:30 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2006-11-12 06:30 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-11-12 06:30 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-11-12 06:30 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-11-12 06:30 142,848 -ra------ C:\WINDOWS\system32\drivers\lvmjpeg.sys
2006-11-12 06:30 14,080 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2006-11-12 06:30 110,592 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2006-11-12 06:30 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-11-12 06:30 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-11-12 06:30 1,464 -ra------ C:\WINDOWS\system32\Repository.reg
2006-11-12 06:30 1,054,848 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys
2006-11-12 06:27 233,536 -ra------ C:\WINDOWS\system32\InstExec.exe
2006-11-12 06:27 233,536 -ra------ C:\WINDOWS\Instexec.exe
2006-11-12 06:26 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-11-12 06:26 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-11-12 06:26 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-11-12 06:26 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-11-12 06:26 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-11-12 06:26 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-11-12 06:26 57,344 --a------ C:\WINDOWS\system32\ElkCtlPS.dll
2006-11-12 06:26 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-11-12 06:26 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-11-12 06:26 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-11-12 06:26 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2006-11-12 06:26 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-11-12 06:26 39,936 --a------ C:\WINDOWS\system32\VxLibRes.dll
2006-11-12 06:26 327,680 --a------ C:\WINDOWS\system32\CamCplRes.dll
2006-11-12 06:26 262,144 --a------ C:\WINDOWS\system32\ElkCtrl.exe
2006-11-12 06:26 155,648 --a------ C:\WINDOWS\system32\VxLib.dll
2006-11-12 06:26 147,456 --a------ C:\WINDOWS\system32\VLib.dll
2006-11-12 06:26 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2006-11-12 06:26 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-11-12 06:26 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2006-11-12 06:12 69,120 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2006-11-12 06:12 61,056 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2006-11-12 05:35 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2006-11-12 05:35 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-11 17:47 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-11 17:12 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-11 17:10 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-11 17:10 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-10 05:28 0 --a------ C:\WINDOWS\system32\Ultra.dll
2006-11-09 18:11 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-09 18:11 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-09 18:11 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-09 18:11 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-09 18:11 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-09 18:11 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-09 18:11 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-09 18:11 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-09 15:26 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-09 15:26 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-09 14:30 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-09 14:30 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-09 14:30 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-09 14:29 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-09 14:29 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-09 14:29 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-09 14:29 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-09 14:29 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-09 14:29 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-09 14:29 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-09 14:29 11,264 --a------ C:\WINDOWS\INRES.DLL
2006-11-09 14:01 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-09 13:30 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-09 13:25 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-11-09 13:14 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-11-09 13:13 860,352 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-11-09 13:13 77,824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-11-09 13:13 61,440 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-11-09 13:13 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-11-09 13:13 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-11-09 13:13 5,124,096 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-11-09 13:13 405,504 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-11-09 13:13 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2006-11-09 13:13 40,960 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-11-09 13:13 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-11-09 13:13 282,624 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-11-09 13:13 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-11-09 13:13 258,048 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-11-09 13:13 256,512 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-11-09 13:13 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2006-11-09 13:13 2,636,096 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-11-09 13:13 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-11-09 13:13 151,552 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-11-09 13:13 114,688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-11-09 13:13 1,502,208 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-08 15:28 90,112 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-11-08 15:28 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-08 15:28 680,704 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2006-11-08 15:28 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-08 15:28 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-08 15:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-08 15:28 32,218 --a------ C:\WINDOWS\system32\HSFCI008.dll
2006-11-08 15:28 212,224 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2006-11-08 15:28 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-11-08 15:28 11,043 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-08 15:28 1,042,432 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2006-11-08 15:27 4,272 -ra------ C:\WINDOWS\system32\drivers\bvrp_pci.sys
2006-11-08 15:23 36,864 --a------ C:\WINDOWS\system32\e100bmsg.dll
2006-11-08 15:23 24,064 --a------ C:\WINDOWS\system32\IntelNic.dll
2006-11-08 15:23 162,816 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2006-11-08 15:23 126,976 --a------ C:\WINDOWS\system32\Prounstl.exe
2006-11-08 15:22 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-08 15:18 0 -rahs---- C:\MSDOS.SYS
2006-11-08 15:18 0 -rahs---- C:\IO.SYS
2006-11-08 15:18 0 --a------ C:\CONFIG.SYS
2006-11-08 15:18 0 --a------ C:\AUTOEXEC.BAT
2006-11-08 15:17 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-08 15:16 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-08 15:16 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-08 15:16 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-08 15:16 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-08 15:15 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-08 15:15 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-08 15:15 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-08 15:15 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-08 15:15 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-08 15:15 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-08 15:15 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-08 15:15 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-08 15:15 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-08 15:15 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-08 15:15 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-08 15:15 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-08 15:15 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-08 15:15 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-08 15:15 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-08 15:15 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-08 15:15 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-08 15:15 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-08 15:15 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-08 15:15 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-08 15:15 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-08 15:15 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-08 15:15 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-08 15:15 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-08 15:15 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-08 15:15 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-08 15:15 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-08 15:15 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-08 15:15 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-08 15:15 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-08 15:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-08 15:15 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-08 15:15 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-08 15:15 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-08 15:15 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-08 15:15 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-08 15:15 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-08 15:15 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-08 15:15 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-08 15:15 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-08 15:15 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-08 15:14 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-08 15:14 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-08 15:14 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-08 15:14 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-08 15:14 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-08 15:14 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-08 15:14 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-08 15:14 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-08 15:14 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-08 15:14 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-08 15:14 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-08 15:14 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-08 15:14 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-08 15:14 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-08 15:14 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-08 15:14 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-08 15:14 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-08 15:14 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-08 15:14 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-08 15:14 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-08 15:14 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-08 15:14 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-08 15:14 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-08 15:14 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-08 15:14 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-08 15:14 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-08 15:14 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-08 15:14 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-08 15:14 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-08 15:14 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-08 15:14 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-08 15:14 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-08 15:14 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-08 15:14 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-08 15:14 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-08 15:14 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-08 15:14 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-08 15:14 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-08 15:14 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-08 15:14 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-08 15:14 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-08 15:14 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-08 15:14 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-08 15:14 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-08 15:14 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-08 15:14 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-08 15:14 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-08 15:14 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-08 15:14 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-08 15:14 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-08 15:14 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-08 15:14 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-08 15:14 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-08 15:14 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-08 15:14 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-08 15:14 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-08 15:14 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-08 15:14 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-08 15:14 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-08 15:14 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-08 15:14 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-08 15:14 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-08 15:14 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-08 15:14 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-08 15:14 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-08 15:14 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-08 15:14 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-08 15:14 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-08 15:14 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-08 15:14 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-08 15:14 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-08 15:14 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-08 15:14 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-08 15:14 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-08 15:14 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-08 15:14 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-08 15:14 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-08 15:14 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-08 15:14 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-08 15:14 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-08 15:14 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-08 15:14 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-08 15:13 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-08 15:13 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-08 09:12 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-08 09:12 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-08 09:11 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-08 09:11 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-11-08 09:10 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-08 09:10 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-08 09:10 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-08 09:10 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-08 09:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-08 09:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-08 09:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-08 09:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-08 09:10 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-08 09:10 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-08 09:10 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-08 09:10 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-08 09:10 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-08 09:10 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-08 09:10 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-08 09:10 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-08 09:09 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-08 09:09 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-08 09:09 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-08 09:09 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-08 09:09 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 10:10 80,912 --a------ C:\WINDOWS\system32\sherlock2.exe
2006-10-28 12:10 16,384 --a------ C:\WINDOWS\system32\ac3config.exe
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-19 07:39 -------- d-------- C:\Program Files\Common Files
2006-11-19 07:05 3634 --a------ C:\Documents and Settings\Gary Weber\Application Data\mainhst.zgh
2006-11-19 05:17 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\WeatherBug
2006-11-18 15:59 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\AVG7
2006-11-18 12:19 -------- d-------- C:\Program Files\SPYWAREfighter
2006-11-18 12:17 -------- d-------- C:\Program Files\Common Files\Application
2006-11-18 09:18 -------- d-------- C:\Program Files\RegistryFix
2006-11-18 08:13 -------- d-------- C:\Program Files\PokerFunClub
2006-11-18 07:33 -------- d-------- C:\Program Files\RegClean
2006-11-17 11:35 -------- d-------- C:\Program Files\TruePoker
2006-11-17 10:39 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-17 08:07 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-17 08:07 -------- d-------- C:\Program Files\Internet Explorer
2006-11-16 16:41 -------- d-------- C:\Program Files\Spyware Doctor
2006-11-16 14:50 -------- d-------- C:\Program Files\PCBugDoctor
2006-11-16 12:34 -------- d-------- C:\Program Files\XoftSpy
2006-11-15 05:00 -------- d-------- C:\Program Files\ScanSpyware v3.8.0.1
2006-11-14 17:11 -------- d-------- C:\Program Files\QuickTime
2006-11-14 17:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-14 16:22 -------- d-------- C:\Program Files\DivX
2006-11-14 15:21 -------- d-------- C:\Program Files\XP Codec Pack
2006-11-13 16:18 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Apple Computer
2006-11-13 08:47 -------- d-------- C:\Program Files\SoundSpectrum
2006-11-13 08:35 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Morpheus
2006-11-13 07:27 -------- d-------- C:\Program Files\Java
2006-11-12 12:50 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\ZipGenius
2006-11-12 08:35 -------- d-------- C:\Program Files\Yahoo!
2006-11-12 07:48 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\LimeWire
2006-11-12 07:21 -------- d-------- C:\Program Files\ZipGenius 6
2006-11-12 07:19 -------- d-------- C:\Program Files\Filzip
2006-11-12 07:17 -------- d-------- C:\Program Files\Windows Defender
2006-11-12 07:05 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Sonic
2006-11-12 07:03 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Leadertech
2006-11-12 06:59 -------- d-------- C:\Program Files\Common Files\Sonic
2006-11-12 06:58 -------- d-------- C:\Program Files\Sonic
2006-11-12 06:40 -------- d-------- C:\Program Files\LimeWire
2006-11-12 06:39 -------- d-------- C:\Program Files\Common Files\Java
2006-11-12 06:34 -------- d-------- C:\Program Files\CCleaner
2006-11-12 06:27 -------- d-------- C:\Program Files\Common Files\Logitech
2006-11-12 06:17 -------- d-------- C:\Program Files\KODAK
2006-11-12 06:17 -------- d-------- C:\Program Files\Common Files\Kodak
2006-11-12 06:13 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Comodo
2006-11-12 06:03 -------- d-------- C:\Program Files\Dell AIO Printer A940
2006-11-11 17:38 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Real
2006-11-11 17:36 -------- d-------- C:\Program Files\Common Files\xing shared
2006-11-11 17:36 -------- d-------- C:\Program Files\Common Files\Real
2006-11-11 17:15 -------- d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2006-11-11 17:14 -------- d-------- C:\Program Files\FaxTools
2006-11-11 17:07 -------- d-------- C:\Program Files\ScanSpyware v3.8.0.4
2006-11-11 17:07 -------- d-------- C:\Program Files\LimeWire(2)
2006-11-11 17:06 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-11 17:06 -------- d-------- C:\Program Files\Ahead
2006-11-11 17:06 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Ahead
2006-11-11 07:50 -------- d-------- C:\Program Files\Logitech
2006-11-11 07:44 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Help
2006-11-11 06:15 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Yahoo!
2006-11-10 14:47 -------- d---s---- C:\Documents and Settings\Gary Weber\Application Data\Microsoft
2006-11-10 12:15 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\G-Force
2006-11-10 11:23 -------- d-------- C:\Program Files\VideoLAN
2006-11-10 11:13 -------- d-------- C:\Program Files\Real
2006-11-10 10:21 -------- d-------- C:\Program Files\Lavasoft
2006-11-10 10:21 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Lavasoft
2006-11-10 08:42 -------- d-------- C:\Program Files\AWS
2006-11-10 06:44 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Macromedia
2006-11-10 06:23 -------- d-------- C:\Program Files\JavaSoft
2006-11-10 05:57 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Sun
2006-11-10 05:48 -------- d-------- C:\Program Files\Comodo
2006-11-10 05:33 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-09 18:11 -------- d-------- C:\Program Files\Grisoft
2006-11-09 14:29 -------- d-------- C:\Program Files\Creative
2006-11-09 14:20 -------- d-------- C:\Program Files\Windows Media Player
2006-11-09 13:45 -------- d-------- C:\Program Files\Outlook Express
2006-11-09 13:45 -------- d-------- C:\Program Files\Common Files\System
2006-11-09 13:43 -------- d-------- C:\Program Files\Messenger
2006-11-09 13:14 -------- d-------- C:\Program Files\ATI Technologies
2006-11-08 15:28 -------- d-------- C:\Program Files\CONEXANT
2006-11-08 15:24 -------- d-------- C:\Program Files\Intel
2006-11-08 15:21 -------- d--h----- C:\Program Files\Uninstall Information
2006-11-08 15:21 -------- d-------- C:\Documents and Settings\Gary Weber\Application Data\Identities
2006-11-08 15:18 -------- d-------- C:\Program Files\xerox
2006-11-08 15:18 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-08 15:16 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-08 15:16 -------- d-------- C:\Program Files\Online Services
2006-11-08 15:16 -------- d-------- C:\Program Files\NetMeeting
2006-11-08 15:16 -------- d-------- C:\Program Files\Common Files\Services
2006-11-08 15:16 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-11-08 15:15 -------- d-------- C:\Program Files\Movie Maker
2006-11-08 15:14 -------- d-------- C:\Program Files\Windows NT
2006-11-08 15:14 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-08 15:14 -------- d-------- C:\Program Files\MSN
2006-11-08 09:10 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-08 09:10 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-08 09:09 62 --ahs---- C:\Documents and Settings\Gary Weber\Application Data\desktop.ini
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 10:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 10:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 10:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 10:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 10:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 10:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"P17Helper"="Rundll32 P17.dll,P17Helper"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Comodo Firewall"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ekacpx.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ekacpx.dll,sznnwub"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvwoz.dll,startup"
"spywarefighterguard"="C:\\Program Files\\SPYWAREfighter\\spftray.exe"
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"featherweed"="{ab340860-fd81-4a65-b345-82eb77a66b5e}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxyxw

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-19 7:40:23.87
C:\ComboFix.txt ... 06-11-19 07:40

#8 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 November 2006 - 09:25 AM

Please e-mail me if i an SCREWING up.

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.9

Scan started at 7:13:35 AM 11/19/2006

Listing files found while scanning....

C:\WINDOWS\system32\winzlo32.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\winzlo32.dll
C:\WINDOWS\system32\winzlo32.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.9

Scan started at 7:27:13 AM 11/19/2006

Listing files found while scanning....

No infected files were found.

#9 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 19 November 2006 - 09:31 AM

Sorry about that here is the last report
Logfile of HijackThis v1.99.1
Scan saved at 7:51:30 AM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Documents and Settings\Gary Weber\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)
O2 - BHO: (no name) - {372D02AB-B2BE-6628-E650-04171E6F1107} - C:\WINDOWS\system32\qudjclc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\yayxyxw.dll
O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ekacpx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ekacpx.dll,sznnwub
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwoz.dll,startup
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163100287734
O20 - Winlogon Notify: yayxyxw - C:\WINDOWS\SYSTEM32\yayxyxw.dll
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

#10 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 19 November 2006 - 06:40 PM

Make sure to work through the steps in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding.

Step #1
Have you followed my instructions on how to temporarily disable Windows Defender? Windows Defender real-time protection can interfere with the changes you will make on your system, so please follow these instructions to temporarily disable Windows Defender real-time protection:
1. Open Windows Defender.
2. Click Tools, and then click General Settings.
3. Scroll down and uncheck the checkbox labelled "Turn on real-time protection (recommended)".
4. Click Save.
5. Close Windows Defender.

You can re-enable Windows Defender real-time protection once your system is clean.

Step #2
You are running HijackThis from the Desktop. Because HijackThis is both for analysis and repair it is essential that it runs from within its own folder: HijackThis makes backups of the repairs in case there is a need for reversal of the procedure and you are probably more apt to delete the backups if HijackThis is running from the Desktop. Please move HijackThis.exe into its own directory on the C: drive by following these steps:
1. Navigate to the C: drive using Windows Explorer or My Computer.
2. Right-click in the folder window and select New > Folder.
3. Name the folder to "HijackThis" (without the quotation marks).
4. Move HijackThis.exe from the Desktop into the newly created directory.
NOTE: HijackThis.exe is now located in C:\HijackThis.

Step #3
Please provide me an uninstall list by performing these instructions:
1. Navigate to C:\HijackThis using My Computer or Windows Explorer.
2. Double-click HijackThis.exe to open HijackThis.
3. Click once on the Config... button.
4. Go to the Misc Tools section by clicking on the Misc Tools button on top of the screen.
5. Click on the button labelled "Open Uninstall Manager...". You'll see a list of currently installed programs.
6. Click on the button labelled "Save list..." and specify where you would like to save the uninstall list.

When you press the Save button, Notepad will open up with the contents of that file. Copy and paste the contents of that Notepad file as a reply to this topic.

Step #4
Open HijackThis again by double-clicking the HijackThis.exe file and when the HijackThis window opens, click on the button labelled "Do a system scan and save a logfile". HijackThis will perform a system scan, and when the scan is complete, Notepad will open up containing the scan results. The HijackThis log will be automatically saved to the HijackThis folder. Copy the entire contents of the new HijackThis log and post them here.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#11 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 20 November 2006 - 09:58 AM

Thanks for being so fast.
ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free Edition
CCleaner (remove only)
Comodo Firewall
Conexant D850 56K V.9x DFVc Modem
Dell AIO Printer A940
FaxTools
Filzip 3.06
G-Force
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Kodak EasyShare software
LimeWire PRO 4.12.3
Logitech Camera Driver
Logitech QuickCam Software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MSXML 4.0 SP2 (KB927978)
PCBugDoctor version 1.0.0.4
Poker Fun Club (AvatarPack1)
Poker Fun Club (AvatarPack2)
Poker Fun Club (High res)
QuickTime
RealPlayer
RegistryFix v5.5
ScanSpyware v3.8.0.1
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
SPYWAREfighter
TruePoker
TruePoker (High Res)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VideoLAN VLC media player 0.8.5
WeatherBug
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Registry Repair Pro
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
XoftSpy
XP Codec Pack
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZipGenius 6 (6.0.3.1130)

#12 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 20 November 2006 - 10:32 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:29:05 AM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Gary Weber\My Documents\Programs\Anti keeloger\aklogNT+.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ZipGenius 6\zipgenius.exe
C:\DOCUME~1\GARYWE~1\LOCALS~1\Temp\ZGTemp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)
O2 - BHO: (no name) - {372D02AB-B2BE-6628-E650-04171E6F1107} - C:\WINDOWS\system32\qudjclc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\yayxyxw.dll
O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ekacpx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ekacpx.dll,sznnwub
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163100287734
O20 - Winlogon Notify: yayxyxw - C:\WINDOWS\SYSTEM32\yayxyxw.dll
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

#13 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:31 PM

Posted 21 November 2006 - 09:48 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1
You still have Windows Defender real-time protection enabled. Have you followed my instructions on how to temporarily disable Windows Defender? Windows Defender real-time protection can interfere with the changes you will make on your system, so please follow these instructions to temporarily disable Windows Defender real-time protection:
1. Open Windows Defender.
2. Click Tools, and then click General Settings.
3. Scroll down and uncheck the checkbox labelled "Turn on real-time protection (recommended)".
4. Click Save.
5. Close Windows Defender.

It is essential that you temporarily disable Windows Defender real-time protection before we continue. If you need more information or any help with this, please let me know. If there's anything that you don't understand, ask your question(s) before proceeding. Keep in mind: there are no stupid questions. :thumbsup:

You can re-enable Windows Defender real-time protection once your system is clean.

Step #2
Go to Start > Run. In the Run: field type appwiz.cpl and press the OK button. Uninstall the following programs (if they are listed):
J2SE Runtime Environment 5.0 Update 3
PCBugDoctor version 1.0.0.4 <-- contains adware
ScanSpyware v3.8.0.1 <-- suspect/rogue anti-spyware program (see The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites)

XoftSpy has been delisted from The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites. Since the program was on it I recommend to uninstall it as well and use programs from the trustworthy list which can be viewed on the same page.

SPYWAREfighter is listed on The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites as not appropriate to include in the list. I strongly recommend you to uninstall it as well and use programs from the trustworthy list which can be viewed on the same page.

I also stronly recommend you to uninstall WeatherBug, although that choice is yours. According to their website, WeatherBug is not spyware, however it is adware. It does not monitor, collect data or 'spy' on its user base, however the program is considered adware since the free version is ad-supported. You can read more about why WeatherBug is not considered spyware by clicking here.

I strongly recommend you to uninstall LimeWire PRO 4.12.3 as well, although that choice is yours. Aside from the obvious legal issues, file sharing is one of the primary ways through which people become infected with malware. Anytime you are running any type of P2P application, you are more prone to infection.
If you do not want to uninstall the program, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

You seem to have installed Microsoft.NET Framework 1.1 AND 2.0. This is not necessary. I suggest to keep your Microsoft.NET Framework 2.0 and uninstall these from Add/Remove Programs:
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)


I also see TruePoker and Poker Fun Club installed. If you installed these programs yourself, and use it to play poker online, please leave these programs alone. However, if you do not use it, I recommend removing the programs because in most cases, these programs are supported by malware, getting installed without asking for it. They also lead you to sites where malware is lurking. If you do not use the programs, please remove these entries through the Add/Remove Programs list as well:
Poker Fun Club (AvatarPack1)
Poker Fun Club (AvatarPack2)
Poker Fun Club (High res)'
TruePoker
TruePoker (High Res)


NOTE: Remember that these programs may require you to reboot your computer to complete the uninstallation - just let them.

Step #3
I need to see another HijackThis log, but you need to extract (unzip) HijackThis first (otherwise the backups made when items are fixed won't be secure). The easiest way to accomplish this is to reinstall and delete any copies of HijackThis.zip you have saved.

Please download the self-extracting version of HijackThis and save HijackThis_sfx to your Desktop.
Download HijackThis v.1.99.1

Once it is downloaded, double-click on the hijackthis_sfx.exe file and click the Unzip button. Then close the WinZip Self-Extractor window. Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it.
Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

When the HijackThis window opens, click on the button labelled "Do a system scan and save a logfile". HijackThis will perform a system scan, and when the scan is complete, Notepad will open up containing the scan results. The HijackThis log will be automatically saved to the HijackThis folder. Copy the entire contents of the new HijackThis log and post them here.

Step #4
Please provide me a fresh uninstall list by performing these instructions:
1. Open HijackThis.
2. Click once on the Config... button.
3. Go to the Misc Tools section by clicking on the Misc Tools button on top of the screen.
4. Click on the button labelled "Open Uninstall Manager...". You'll see a list of currently installed programs.
5. Click on the button labelled "Save list..." and specify where you would like to save the uninstall list.

When you press the Save button, Notepad will open up with the contents of that file. Copy and paste the contents of that Notepad file as a reply to this topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#14 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 21 November 2006 - 02:52 PM

I tried several times to copy my PROGRAMS List per your instructions with HJT it would not copy, note pad did NOT come up as it should have. I removed all progams that you said i should.I will keep trying and if i get it i will get it to you. THANKS webergr13

#15 webergr13

webergr13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 21 November 2006 - 02:57 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:54:59 AM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Gary Weber\My Documents\Programs\Anti keeloger\aklogNT+.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ekacpx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ekacpx.dll,sznnwub
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\spywarebot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163100287734
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users