Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Removal Hijack This Analysis


  • This topic is locked This topic is locked
4 replies to this topic

#1 carlsorensen

carlsorensen

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 26 November 2006 - 11:53 PM

Hello All,

I have tried everything trying to remove this infection... It started as virusbursters and Spyware Doctor removed that. I tried the Vundo Fix and VundoBeGone too they did not work.

I keep getting the WinAntiVirus Pro 2006 popups and other random popups. This is a work PC for my business and it's making things really difficult for me.

Below I have pasted the log from HiJackThis I hope there is somebody here who can help me.

Logfile of HijackThis v1.99.1
Scan saved at 8:46:40 PM, on 26/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\cqodxqin.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvis.dll,startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tuca] "C:\DOCUME~1\Carl\MYDOCU~1\DOBE~1\netdde.exe" -vt yazb
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


Thanks,

Carl

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:41 AM

Posted 27 November 2006 - 02:43 AM

Hello,

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Avast OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Agnitum Outpost Free, ZoneAlarm Free OR Kerio are FREE firewalls.

Understanding and using firewalls

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\cqodxqin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvis.dll,startup
O4 - HKCU\..\Run: [Tuca] "C:\DOCUME~1\Carl\MYDOCU~1\DOBE~1\netdde.exe" -vt yazb


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot!!

After reboot, delete next file:

C:\WINDOWS\system32\drvvis.dll

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 carlsorensen

carlsorensen
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 30 November 2006 - 06:37 PM

Hello,

Thank you for the reply. I am sorry I took so long to get back.

Here is my ComboFix log and my updated HiJackThis log. I could not find the file O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvis.dll,startup

I also installed AVG so maybe it removed that?

I'll post each log seperately below.

Carl

Carl - 06-11-30 15:19:50.35 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Carl\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Carl\My Documents\DOBE~1
C:\QooBox\Purity\Documents and Settings\Carl\My Documents\DOBE~1\?dobe
C:\QooBox\Purity\Program Files\SKS~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-30 to 2006-11-30 ))))))))))))))))))))))))))))))))))


2006-11-30 14:32 <DIR> d-------- C:\Program Files\DivX
2006-11-30 14:27 <DIR> d-------- C:\Program Files\AVIcodec
2006-11-29 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cabela's African Safari Saves
2006-11-29 22:09 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-11-29 22:09 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-11-29 22:09 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-11-29 22:05 <DIR> d-------- C:\Program Files\Activision Value
2006-11-28 08:12 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-27 12:10 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-27 12:10 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-27 12:10 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-27 12:10 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-27 12:10 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-27 12:10 <DIR> d-------- C:\Program Files\Grisoft
2006-11-27 12:10 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\AVG7
2006-11-27 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-27 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-26 22:29 <DIR> d-------- C:\Program Files\Crazy Browser
2006-11-26 20:41 <DIR> d-------- C:\Program Files\HijackThis
2006-11-26 20:34 <DIR> d-------- C:\VundoFix Backups
2006-11-26 19:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-11-26 19:22 <DIR> d-------- C:\WINDOWS\pss
2006-11-26 15:43 110,612 --a------ C:\WINDOWS\system32\lifvbosn.exe
2006-11-26 15:24 110,612 --a------ C:\WINDOWS\system32\neuavitu.exe
2006-11-26 13:52 110,612 --a------ C:\WINDOWS\system32\srtfjofr.exe
2006-11-25 13:53 <DIR> d-------- C:\Program Files\Firefly Studios
2006-11-25 13:52 110,612 --a------ C:\WINDOWS\system32\acylrtyj.exe
2006-11-25 13:48 110,612 --a------ C:\WINDOWS\system32\vlgjuvdl.exe
2006-11-25 13:44 605,924 ---hs---- C:\WINDOWS\system32\qpqss.ini2
2006-11-25 12:21 110,612 --a------ C:\WINDOWS\system32\vkxnyqvv.exe
2006-11-25 12:15 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2006-11-25 12:15 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2006-11-25 12:15 <DIR> d-------- C:\Program Files\Alcohol Soft
2006-11-24 20:26 110,612 --a------ C:\WINDOWS\system32\nvnldruk.exe
2006-11-24 17:43 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\BitTorrent
2006-11-24 17:42 <DIR> d-------- C:\Program Files\BitTorrent
2006-11-24 10:06 <DIR> d-------- C:\Program Files\LimeWire
2006-11-24 10:06 <DIR> d-------- C:\Documents and Settings\Carl\Incomplete
2006-11-24 10:04 <DIR> d-------- C:\Documents and Settings\Carl\.limewire
2006-11-24 07:16 612,819 ---hs---- C:\WINDOWS\system32\qpqss.bak2
2006-11-24 07:16 110,612 --a------ C:\WINDOWS\system32\cvpsgscq.exe
2006-11-23 18:31 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-23 07:16 604,641 ---hs---- C:\WINDOWS\system32\qpqss.bak1
2006-11-23 07:16 110,612 --a------ C:\WINDOWS\system32\icwwdlbw.exe
2006-11-22 21:19 <DIR> d-------- C:\Program Files\WinRAR
2006-11-22 20:35 <DIR> d-------- C:\Program Files\Activision
2006-11-22 11:15 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\Macromedia
2006-11-22 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2006-11-22 11:14 <DIR> d-------- C:\Program Files\Microsoft.NET
2006-11-22 11:14 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-22 11:14 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-22 11:07 <DIR> d-------- C:\Program Files\WS_FTP Pro
2006-11-22 11:07 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\Ipswitch
2006-11-22 11:06 306,688 --a------ C:\WINDOWS\ISUninst.exe
2006-11-22 10:08 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-11-22 10:08 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-11-22 10:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2006-11-22 10:08 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\PC Tools
2006-11-22 10:00 <DIR> d---s---- C:\Documents and Settings\Carl\UserData
2006-11-22 09:29 <DIR> d-------- C:\Documents and Settings\Carl\.housecall6.6
2006-11-22 08:50 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\OpenOffice.org2
2006-11-21 22:51 159,497 --a------ C:\WINDOWS\XSite Pro Uninstaller.exe
2006-11-21 22:51 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\Adobe
2006-11-21 22:50 <DIR> d-------- C:\Program Files\XSite Pro
2006-11-21 22:50 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2006-11-21 22:49 <DIR> dr--s---- C:\WINDOWS\assembly
2006-11-21 22:49 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-11-21 22:49 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-11-21 21:17 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2006-11-21 21:01 974,848 --------- C:\WINDOWS\system32\mfc70.dll
2006-11-21 21:01 57,344 --------- C:\WINDOWS\system32\mfc70enu.dll
2006-11-21 21:01 344,064 --------- C:\WINDOWS\system32\msvcr70.dll
2006-11-21 21:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2006-11-21 21:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2006-11-21 21:00 <DIR> d-------- C:\Program Files\Macromedia
2006-11-21 20:25 <DIR> d-------- C:\WINDOWS\Sun
2006-11-21 20:25 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\Sun
2006-11-21 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-11-21 18:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-21 18:22 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-21 17:17 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-11-21 14:36 <DIR> d-------- C:\WINDOWS\CSC
2006-11-21 14:30 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-21 14:12 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-21 14:09 <DIR> d-------- C:\Program Files\Google
2006-11-21 14:09 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\Google
2006-11-21 14:06 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-11-21 14:06 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-11-21 14:06 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-11-21 14:06 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-11-21 14:06 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-11-21 14:06 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-11-21 14:06 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-11-21 14:06 <DIR> d-------- C:\Program Files\Common Files\Ahead
2006-11-21 14:06 <DIR> d-------- C:\Program Files\Ahead
2006-11-21 14:04 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2006-11-21 14:04 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2006-11-21 14:04 <DIR> d-------- C:\Program Files\CyberLink
2006-11-21 14:04 <DIR> d-------- C:\MyWorks
2006-11-21 13:39 <DIR> d--hs---- C:\RECYCLER
2006-11-21 13:38 <DIR> d-------- C:\Program Files\Java
2006-11-21 13:38 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-21 13:38 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\Apple Computer
2006-11-21 13:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-21 13:37 <DIR> d-------- C:\Program Files\QuickTime
2006-11-21 13:37 <DIR> d-------- C:\Program Files\iTunes
2006-11-21 13:37 <DIR> d-------- C:\Program Files\iPod
2006-11-21 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-21 13:36 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-21 13:36 <DIR> d-------- C:\Program Files\Adobe
2006-11-21 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-21 13:35 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-21 13:35 <DIR> d-------- C:\Program Files\OpenOffice.org 2.0
2006-11-21 13:34 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-11-21 13:34 <DIR> d-------- C:\WINDOWS\nview
2006-11-21 13:33 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-11-21 13:33 <DIR> d-------- C:\NVIDIA
2006-11-21 13:31 27,648 -ra------ C:\WINDOWS\system32\drivers\iteatapi.sys
2006-11-21 13:31 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-21 13:31 <DIR> d-------- C:\WINDOWS\system32\Lang
2006-11-21 13:30 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-21 13:30 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-21 13:30 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-21 13:30 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-21 13:30 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-21 13:30 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-21 13:30 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-21 13:30 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-21 13:30 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-11-21 13:30 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-21 13:30 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-21 13:30 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-21 13:30 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-21 13:30 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-21 13:30 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-11-21 13:30 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2006-11-21 13:30 <DIR> d-------- C:\Program Files\Marvell
2006-11-21 13:29 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2006-11-21 13:29 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-11-21 13:29 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-11-21 13:29 4,299,264 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-11-21 13:29 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-11-21 13:29 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-21 13:29 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2006-11-21 13:29 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-11-21 13:29 16,239,616 -r------- C:\WINDOWS\RTHDCPL.exe
2006-11-21 13:28 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-11-21 13:28 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2006-11-21 13:28 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-21 13:28 <DIR> d-------- C:\Program Files\Realtek
2006-11-21 13:27 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-21 13:27 <DIR> d-------- C:\Program Files\Intel
2006-11-21 13:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-21 13:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-11-21 13:26 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2006-11-21 13:22 <DIR> dr-h----- C:\Documents and Settings\Carl\SendTo
2006-11-21 13:22 <DIR> dr-h----- C:\Documents and Settings\Carl\Recent
2006-11-21 13:22 <DIR> dr-h----- C:\Documents and Settings\Carl\Application Data\.
2006-11-21 13:22 <DIR> dr-h----- C:\Documents and Settings\Carl\Application Data
2006-11-21 13:22 <DIR> dr------- C:\Documents and Settings\Carl\Start Menu
2006-11-21 13:22 <DIR> dr------- C:\Documents and Settings\Carl\My Documents
2006-11-21 13:22 <DIR> dr------- C:\Documents and Settings\Carl\Favorites
2006-11-21 13:22 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-21 13:22 <DIR> d--h----- C:\Documents and Settings\Carl\Templates
2006-11-21 13:22 <DIR> d--h----- C:\Documents and Settings\Carl\PrintHood
2006-11-21 13:22 <DIR> d--h----- C:\Documents and Settings\Carl\NetHood
2006-11-21 13:22 <DIR> d--h----- C:\Documents and Settings\Carl\Local Settings
2006-11-21 13:22 <DIR> d---s---- C:\Documents and Settings\Carl\Cookies
2006-11-21 13:22 <DIR> d---s---- C:\Documents and Settings\Carl\Application Data\Microsoft
2006-11-21 13:22 <DIR> d-------- C:\Documents and Settings\Carl\Desktop
2006-11-21 13:22 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\Identities
2006-11-21 13:22 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\..
2006-11-21 13:22 <DIR> d-------- C:\Documents and Settings\Carl\..
2006-11-21 13:22 <DIR> d-------- C:\Documents and Settings\Carl\.
2006-11-21 13:21 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-21 13:21 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-21 13:21 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-21 13:19 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-21 13:19 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-21 13:19 <DIR> d-------- C:\Program Files\xerox
2006-11-21 13:19 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-21 13:18 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-21 13:18 0 -rahs---- C:\MSDOS.SYS
2006-11-21 13:18 0 -rahs---- C:\IO.SYS
2006-11-21 13:18 0 --a------ C:\CONFIG.SYS
2006-11-21 13:18 0 --a------ C:\AUTOEXEC.BAT
2006-11-21 13:18 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-21 13:18 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-21 13:18 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-21 13:18 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-21 13:18 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-21 13:17 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-21 13:17 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-21 13:17 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-21 13:17 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-21 13:17 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-21 13:17 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-21 13:17 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-21 13:17 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-21 13:17 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-21 13:17 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-21 13:17 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-21 13:17 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-21 13:17 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-21 13:17 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-21 13:17 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-21 13:17 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-21 13:17 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-21 13:17 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-21 13:17 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-21 13:17 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-21 13:17 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-21 13:17 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-21 13:17 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-21 13:17 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-21 13:17 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-21 13:17 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-21 13:17 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-21 13:17 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-21 13:17 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-21 13:17 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-21 13:17 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-21 13:17 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-21 13:17 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-21 13:17 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-21 13:17 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-21 13:17 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-21 13:17 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-21 13:17 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-21 13:17 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-21 13:17 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-21 13:17 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-21 13:17 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-21 13:17 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-21 13:17 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-21 13:17 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-21 13:17 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-21 13:17 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-21 13:17 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-21 13:17 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-21 13:17 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-21 13:17 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-21 13:17 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-21 13:17 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-21 13:17 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-21 13:17 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-21 13:17 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-21 13:16 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-21 13:16 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-21 13:16 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-21 13:16 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-21 13:16 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-21 13:16 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-21 13:16 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-21 13:16 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-21 13:16 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-21 13:16 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-21 13:16 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-21 13:16 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-21 13:16 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-21 13:16 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-21 13:16 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-21 13:16 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-21 13:16 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-21 13:16 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-21 13:16 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-21 13:16 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-21 13:16 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-21 13:16 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-21 13:16 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-21 13:16 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-21 13:16 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-21 13:16 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-21 13:16 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-21 13:16 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-21 13:16 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-21 13:16 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-21 13:16 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-21 13:16 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-21 13:16 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-21 13:16 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-21 13:16 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-21 13:16 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-21 13:16 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-21 13:16 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-21 13:16 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-21 13:16 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-21 13:16 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-21 13:16 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-21 13:16 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-21 13:16 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-21 13:16 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-21 13:16 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-21 13:16 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-21 13:16 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-21 13:16 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-21 13:16 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-21 13:16 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-21 13:16 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-21 13:16 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-21 13:16 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-21 13:16 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-21 13:16 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-21 13:16 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-21 13:16 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-21 13:16 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-21 13:16 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-21 13:16 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-21 13:16 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-21 13:16 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-21 13:16 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-21 13:16 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-21 13:16 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-21 13:16 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-21 13:16 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-21 13:16 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-21 13:16 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-21 13:16 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-21 13:16 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-21 13:16 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-21 13:16 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-21 13:16 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-21 13:16 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-21 13:16 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-21 13:16 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-21 13:16 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-21 13:16 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-21 13:16 <DIR> d-------- C:\WINDOWS\Registration
2006-11-21 13:16 <DIR> d-------- C:\Program Files\Windows NT
2006-11-21 13:16 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-21 13:16 <DIR> d-------- C:\Program Files\Online Services
2006-11-21 13:16 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-21 13:16 <DIR> d-------- C:\Program Files\MSN
2006-11-21 13:16 <DIR> d-------- C:\Program Files\Messenger
2006-11-21 13:16 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-21 13:15 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-21 13:15 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-21 13:15 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-21 13:15 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-21 13:15 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-21 13:15 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-21 05:13 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-21 05:13 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-21 05:13 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-21 05:12 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-21 05:12 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-21 05:12 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-21 05:12 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-21 05:12 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-21 05:12 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-21 05:12 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-21 05:12 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-21 05:12 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-21 05:12 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-21 05:12 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-21 05:12 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-21 05:12 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-21 05:12 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-21 05:12 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-21 05:12 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-21 05:12 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-21 05:12 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-21 05:12 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-21 05:12 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-21 05:12 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-21 05:12 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-21 05:12 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-21 05:12 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-21 05:12 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-21 05:12 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-21 05:12 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-21 05:12 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-21 05:12 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-21 05:12 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-21 05:12 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-21 05:12 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-21 05:12 <DIR> dr------- C:\Program Files\Common Files\..
2006-11-21 05:12 <DIR> dr------- C:\Program Files\.
2006-11-21 05:12 <DIR> dr------- C:\Program Files
2006-11-21 05:12 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-11-21 05:12 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-11-21 05:12 <DIR> d--hs---- C:\WINDOWS\Installer
2006-11-21 05:12 <DIR> d--hs---- C:\Program Files\..
2006-11-21 05:12 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-11-21 05:12 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-21 05:12 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-21 05:12 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-21 05:12 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-11-21 05:12 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-21 05:12 <DIR> d-------- C:\Program Files\Common Files\.
2006-11-21 05:12 <DIR> d-------- C:\Program Files\Common Files
2006-11-21 05:12 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-11-21 05:12 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-21 05:11 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-21 05:11 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-21 05:11 <DIR> d--hs---- C:\System Volume Information
2006-11-21 05:11 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-21 05:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-21 05:11 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-11-21 05:11 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-11-21 05:11 <DIR> d-------- C:\Documents and Settings
2006-11-21 05:04 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-11-21 05:04 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-11-21 05:04 <DIR> dr------- C:\WINDOWS\Web
2006-11-21 05:04 <DIR> d--hs---- C:\WINDOWS\..
2006-11-21 05:04 <DIR> d--h----- C:\WINDOWS\inf
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\WinSxS
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\twain_32
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Temp
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\wins
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\spool
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\ras
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\npp
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\mui
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\IME
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\ias
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\export
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\config
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\3076
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\2052
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\1054
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\1042
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\1041
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\1037
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\1033
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\1031
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\1028
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\1025
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system32
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system\..
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system\.
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\system
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\security
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Resources
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\repair
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Provisioning
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\PeerNet
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\pchealth
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\OemDir
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\mui
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\msapps
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\msagent
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Media
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\java
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\ime
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Help
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\ehome
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Debug
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Cursors
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\Config
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\AppPatch
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\addins
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS\.
2006-11-21 05:04 <DIR> d-------- C:\WINDOWS
2006-11-15 13:01 520,192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-11-15 13:01 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-11-15 13:01 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-11-15 13:01 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-11-15 12:56 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-11-15 12:56 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-11-15 12:56 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-11-15 12:56 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-11-15 12:56 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-11-15 12:56 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-11-15 12:56 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-11-15 12:56 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-11-15 12:56 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-11-15 12:56 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-11-15 12:56 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-11-15 12:56 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-11-15 12:36 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-11-15 12:36 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"=""
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"=""
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-30 15:21:30.04
C:\ComboFix.txt ... 06-11-30 15:21


Logfile of HijackThis v1.99.1
Scan saved at 3:31:01 PM, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Carl\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:41 AM

Posted 30 November 2006 - 06:52 PM

Hello,

Your Hijackthislog looks clean again.

Just some files you have to delete manually. Some will be hidden, so to reveal them, perform next:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next files:

C:\WINDOWS\system32\lifvbosn.exe
C:\WINDOWS\system32\neuavitu.exe
C:\WINDOWS\system32\srtfjofr.exe
C:\WINDOWS\system32\acylrtyj.exe
C:\WINDOWS\system32\vlgjuvdl.exe
C:\WINDOWS\system32\vkxnyqvv.exe
C:\WINDOWS\system32\nvnldruk.exe
C:\WINDOWS\system32\cvpsgscq.exe
C:\WINDOWS\system32\icwwdlbw.exe
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.bak1

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Let me know in your next reply how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:41 AM

Posted 10 December 2006 - 04:13 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users