Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected


  • Please log in to reply
21 replies to this topic

#1 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 10 April 2007 - 08:30 PM

Pretty much I keep getting redirected to random ads on the internet, even on this website. So i am thinking that I have some sort of virus.

I formatted my computer yesterday, so I don't know what could have gone wrong :thumbsup:

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:25 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\pbidaaaa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mops.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - C:\WINDOWS\system\btlmct32.dll
O2 - BHO: (no name) - {A38BD640-708D-4A52-AB2D-47E5386A8E65} - c:\windows\system32\imjaimj.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pbidaaaa] C:\WINDOWS\system32\pbidaaaa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pbidaaaa] C:\WINDOWS\system32\pbidaaaa.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: zcicnatb - C:\WINDOWS\SYSTEM32\imjaimj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Cheers,
sp0nge

BC AdBot (Login to Remove)

 


#2 Sp0nge

Sp0nge
  • Topic Starter

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 11 April 2007 - 01:07 AM

Anybody?......:'(

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:07 PM

Posted 11 April 2007 - 02:25 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please download VundoFix.exe to your desktop
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click "Scan for Vundo" button.
Once the scan is complete, right Click inside the listbox (white box) and click "add more files"
Copy and paste the 2 entries below into the top 2 boxes (no arrows):

--> C:\WINDOWS\SYSTEM32\imjaimj.dll

Click "Add Files" and click "Close Window".
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo - this is normal.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

#4 Sp0nge

Sp0nge
  • Topic Starter

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 11 April 2007 - 02:40 AM

Thank you Dave - Vundo could not delete the program I think, because it said it a few times upon startup.

This is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:31:23 PM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A38BD640-708D-4A52-AB2D-47E5386A8E65} - c:\windows\system32\imjaimj.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: zcicnatb - C:\WINDOWS\SYSTEM32\imjaimj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Vundo Report:


VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 5:22:47 PM 4/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\imjaimj.dll
C:\WINDOWS\SYSTEM32\imjaimj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\imjaimj.dll
C:\WINDOWS\SYSTEM32\imjaimj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:07 PM

Posted 11 April 2007 - 02:53 AM

Ok, let's try a different method for the time being.
You really need to install an antivirus, but we'll do that after we've removed Vundo.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {A38BD640-708D-4A52-AB2D-47E5386A8E65} - c:\windows\system32\imjaimj.dll
O20 - Winlogon Notify: zcicnatb - C:\WINDOWS\SYSTEM32\imjaimj.dll

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download Combofix to your desktop. !! It is really important that combofix.exe is on your desktop, not somewhere else or not in a folder on your desktop.
Then go to start > run and copy and paste next command in the field:

"C:\Documents and Settings\Owner\Desktop\combofix.exe" /v pmnlj

Hit enter. This should start the combofix.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

Edited by D-Trojanator, 11 April 2007 - 02:54 AM.


#6 Sp0nge

Sp0nge
  • Topic Starter

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 11 April 2007 - 03:08 AM

I HAD an antivirus yesterday morning... but I formatted my computer and lost it. Got a virus this quick.

Heres the Log it Produced:

"Pat" - 07-04-11 17:58:31 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Pat\Desktop"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\imjaimj.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\imjaimj.exe
C:\WINDOWS\system32\drivers\cznidbbp.sys
C:\WINDOWS\system32\imjaimj.dll.bak


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\meuoqwkp
-------\LEGACY_MEUOQWKP


((((((((((((((((((((((((((((((( Files Created from 2007-03-11 to 2007-04-11 ))))))))))))))))))))))))))))))))))


2007-04-11 17:22 <DIR> d-------- C:\VundoFix Backups
2007-04-11 16:05 <DIR> d-------- C:\Program Files\InterMute
2007-04-11 15:14 <DIR> d-------- C:\Program Files\Vstplugins
2007-04-11 15:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-11 15:03 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-11 15:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-11 15:03 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-11 12:53 <DIR> d-------- C:\DOCUME~1\Pat\Shared
2007-04-11 12:21 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-04-11 12:21 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-04-11 12:21 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-11 12:21 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-04-11 12:21 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-04-11 12:21 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-04-11 12:21 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-04-11 12:21 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-04-11 12:21 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-04-11 12:21 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-04-11 12:21 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-04-11 11:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-11 11:51 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-11 11:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-11 11:25 <DIR> d-------- C:\DOCUME~1\Pat\Incomplete
2007-04-11 11:01 <DIR> d-------- C:\Program Files\Java
2007-04-11 11:01 <DIR> d-------- C:\Program Files\Common Files\Java
2007-04-11 11:00 <DIR> d-------- C:\Program Files\LimeWire
2007-04-11 10:56 <DIR> d-------- C:\DOCUME~1\Pat\.limewire
2007-04-11 10:21 43,008 --a------ C:\WINDOWS\system32\somrucjz.dll
2007-04-11 10:21 127,488 --a------ C:\WINDOWS\system32\jvijcqng.dll
2007-04-11 10:21 100,864 --a------ C:\WINDOWS\system32\oufbcqjy.dll
2007-04-11 10:13 66,048 --a------ C:\WINDOWS\system32\dgmuicwc.exe
2007-04-11 10:13 61,024 --a------ C:\WINDOWS\system32\ipv6mops.dll
2007-04-11 10:13 16,384 --a------ C:\WINDOWS\system32\gybyraaa.exe
2007-04-11 10:13 153,600 --a------ C:\WINDOWS\system32\gutjhdct.exe
2007-04-11 10:13 14,336 --a------ C:\WINDOWS\system32\pbidaaaa.exe
2007-04-11 10:13 10,240 --a------ C:\WINDOWS\system\btlmct32.dll
2007-04-11 10:13 1,046 --a------ C:\WINDOWS\system32\asbpaaaa.exe
2007-04-11 09:45 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-04-11 09:44 577,536 --a------ C:\WINDOWS\soundman.exe
2007-04-11 09:44 4,027,840 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-04-11 09:44 315,392 --a------ C:\WINDOWS\alcupd.exe
2007-04-11 09:44 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2007-04-11 09:44 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-04-11 09:44 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-04-11 09:44 <DIR> d-------- C:\Program Files\Realtek AC97
2007-04-10 07:38 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-10 07:38 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-10 07:38 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-10 07:38 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-10 07:38 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-10 07:38 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-09 18:16 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2007-04-09 18:16 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2007-04-09 18:16 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-04-09 17:10 <DIR> d-------- C:\DOCUME~1\Pat\APPLIC~1\BitTorrent
2007-04-09 17:09 <DIR> d-------- C:\Program Files\BitTorrent
2007-04-09 16:54 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-09 16:54 <DIR> d-------- C:\Fraps
2007-04-09 16:37 <DIR> d-------- C:\Program Files\Ubisoft
2007-04-09 16:30 <DIR> d-------- C:\DOCUME~1\Pat\APPLIC~1\ATI
2007-04-09 16:26 95,617 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-04-09 16:26 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-04-09 16:26 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-04-09 16:26 <DIR> d-------- C:\Program Files\ATI Technologies
2007-04-09 11:50 <DIR> d-------- C:\DOCUME~1\Pat\APPLIC~1\NetMedia Providers
2007-04-09 11:32 <DIR> d-------- C:\DOCUME~1\Pat\APPLIC~1\Sony Setup
2007-04-09 11:07 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-09 11:07 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-09 10:53 <DIR> d--hs---- C:\RECYCLER
2007-04-09 10:41 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-09 10:32 <DIR> d-------- C:\Program Files\XviD
2007-04-09 10:05 <DIR> d-------- C:\DOCUME~1\Pat\APPLIC~1\Publish Providers
2007-04-09 10:04 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-04-09 10:04 <DIR> d-------- C:\DOCUME~1\Pat\APPLIC~1\Sony
2007-04-09 10:03 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-04-09 10:03 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-09 10:03 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-04-09 10:03 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-04-09 10:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-04-09 10:02 <DIR> d-------- C:\Program Files\Sony
2007-04-09 09:55 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-04-09 09:54 <DIR> d-------- C:\Program Files\Sony Setup
2007-04-09 09:52 <DIR> d---s---- C:\DOCUME~1\Pat\UserData
2007-04-09 09:48 1,572,864 --ah----- C:\DOCUME~1\Pat\NTUSER.DAT
2007-04-09 09:47 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-09 09:46 225,280 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-09 09:46 225,280 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-09 09:46 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-09 09:43 225,280 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-09 09:43 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-09 09:43 0 -rahs---- C:\MSDOS.SYS
2007-04-09 09:43 0 -rahs---- C:\IO.SYS
2007-04-09 09:43 0 --a------ C:\CONFIG.SYS
2007-04-09 09:43 0 --a------ C:\AUTOEXEC.BAT
2007-04-09 09:43 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-09 09:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-09 09:42 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-09 09:42 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-09 09:42 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-09 09:42 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-09 09:42 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-09 09:41 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-09 09:41 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-09 09:41 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-09 09:41 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-09 09:41 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-09 09:41 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-09 09:41 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-09 09:41 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-09 09:41 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-09 09:41 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-09 09:41 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-09 09:41 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-09 09:41 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-09 09:41 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-09 09:41 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-09 09:41 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-09 09:41 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-09 09:41 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-09 09:41 36,864 --a------ C:\WINDOWS\system32\wups.dll
2007-04-09 09:41 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-09 09:41 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-09 09:41 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-09 09:41 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-09 09:41 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-09 09:41 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-09 09:41 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-09 09:41 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-09 09:41 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-09 09:41 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-09 09:41 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-09 09:41 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-09 09:41 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-09 09:41 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-09 09:41 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-09 09:41 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-09 09:41 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-09 09:41 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-09 09:41 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-09 09:41 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-09 09:41 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-09 09:41 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-09 09:41 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-09 09:41 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-09 09:41 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-09 09:41 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-09 09:41 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-09 09:41 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-09 09:41 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-09 09:41 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-09 09:41 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-09 09:41 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-09 09:41 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-09 09:40 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-09 09:40 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-09 09:40 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-09 09:40 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-09 09:40 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-09 09:40 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-09 09:40 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-09 09:40 <DIR> d-------- C:\WINDOWS\Registration
2007-04-09 09:40 <DIR> d-------- C:\Program Files\Online Services
2007-04-09 09:40 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-09 09:40 <DIR> d-------- C:\Program Files\Messenger
2007-04-09 09:39 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-09 09:39 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-09 09:39 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-09 09:39 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-09 09:39 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-09 09:39 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-09 09:39 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-09 09:39 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-09 09:39 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-09 09:39 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-09 09:39 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-09 09:39 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-09 09:39 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-09 09:39 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-09 09:39 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-09 09:39 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-09 09:39 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-09 09:39 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-09 09:39 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-09 09:39 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-09 09:39 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-09 09:39 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-09 09:39 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-09 09:39 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-09 09:39 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-09 09:39 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-09 09:39 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-09 09:39 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-09 09:39 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-09 09:39 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-09 09:39 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-09 09:39 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-09 09:39 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-09 09:39 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-09 09:39 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-09 09:39 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-09 09:39 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-09 09:39 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-09 09:39 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-09 09:39 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-09 09:39 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-09 09:39 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-09 09:39 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-09 09:39 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-09 09:39 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-09 09:39 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-09 09:39 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-09 09:39 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-09 09:39 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-09 09:39 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-09 09:39 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-09 09:39 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-09 09:39 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-09 09:39 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-09 09:39 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-09 09:39 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-09 09:39 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-09 09:39 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-09 09:39 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-09 09:39 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-09 09:39 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-09 09:39 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-09 09:39 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-09 09:39 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-09 09:39 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-09 09:39 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-09 09:39 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-09 09:39 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-09 09:39 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-09 09:39 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-09 09:39 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-09 09:39 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-09 09:39 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-09 09:39 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-09 09:39 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-09 09:39 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-09 09:39 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-09 09:39 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-09 09:39 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-09 09:39 <DIR> d-------- C:\Program Files\Windows NT
2007-04-09 02:30 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-09 02:30 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-09 02:30 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-09 02:30 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-09 02:30 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-09 02:29 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-09 02:29 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-09 02:29 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-09 02:29 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-04-09 02:29 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-09 02:29 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-09 02:29 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-09 02:29 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-09 02:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-09 02:29 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-09 02:29 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-09 02:29 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-09 02:28 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-09 02:28 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-09 02:28 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-04-09 02:28 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-04-09 02:27 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-09 02:27 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-09 02:26 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-09 02:26 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-09 02:26 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-09 02:26 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-09 02:26 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-09 02:26 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-09 02:26 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-09 02:26 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-09 02:26 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-09 02:26 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-09 02:26 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-09 02:26 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-09 02:26 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-09 02:26 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-09 02:26 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-09 02:26 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-09 02:26 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-09 02:26 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-09 02:26 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-09 02:26 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-09 02:26 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-09 02:26 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-09 02:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-09 02:26 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-09 02:26 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-09 02:26 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-09 02:26 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-09 02:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-09 02:26 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-09 02:26 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-09 02:26 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-09 02:26 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-09 02:26 <DIR> dr------- C:\Program Files
2007-04-09 02:26 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-09 02:26 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-09 02:26 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-09 02:26 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-09 02:25 <DIR> d--hs---- C:\System Volume Information
2007-04-09 02:25 <DIR> d-------- C:\Documents and Settings
2007-04-09 02:18 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-09 02:18 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-09 02:18 <DIR> dr------- C:\WINDOWS\Web
2007-04-09 02:18 <DIR> d--h----- C:\WINDOWS\inf
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system32
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\system
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\security
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Resources
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\repair
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\mui
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\msapps
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\msagent
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Media
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\java
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\ime
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Help
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Debug
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\Config
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS\addins
2007-04-09 02:18 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-09 02:26 62 --ahs---- C:\DOCUME~1\Pat\APPLIC~1\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
kyfxlrrd



********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-11 18:02:15
C:\ComboFix-quarantined-files.txt ... 07-04-11 18:02

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:07 PM

Posted 11 April 2007 - 03:24 AM

Hello there, let's continue... :thumbsup:

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

Close all instances of Internet Explorer .
Go to your control panel and open "Internet Options".
Click on the "General" tab.
Click the "Delete Cookies" button, then the "Delete Files" button.
When prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

Go to start and click on the "run" button.
Type the following in the fox --> cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\somrucjz.dll
C:\WINDOWS\system32\jvijcqng.dll
C:\WINDOWS\system32\oufbcqjy.dll
C:\WINDOWS\system32\dgmuicwc.exe
C:\WINDOWS\system32\ipv6mops.dll
C:\WINDOWS\system32\gybyraaa.exe
C:\WINDOWS\system32\gutjhdct.exe
C:\WINDOWS\system32\pbidaaaa.exe
C:\WINDOWS\system\btlmct32.dll
C:\WINDOWS\system32\asbpaaaa.exe


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

Download Bobbi Flekman's RegSearch from
http://www.bleepingcomputer.com/files/regsearch.php

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.

Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.
Copy / Paste the following line into the top Search Box:

kyfxlrrd

then on the second line down paste the following:

meuoqwkp

Now hit OK. After completion Notepad will be opened with all the found instances of the string. The resulting file is saved in the same location as RegSearch.exe

Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

Post back with the regsearch log, the uninstall list and a new Hijackthis log.

#8 Sp0nge

Sp0nge
  • Topic Starter

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 11 April 2007 - 03:41 AM

I cant download killbox.

It says its not a valid Win32 executable or something.

It seems to b 0 bytes in size

Is there another download link?

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:07 PM

Posted 11 April 2007 - 03:52 AM

Please try the link here for the time being.
Does that work for you now?

#10 Sp0nge

Sp0nge
  • Topic Starter

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 11 April 2007 - 03:58 AM

Well I downloaded from softpedia or something and that worked. I just finished rebooting from the Killbox stage.

#11 Sp0nge

Sp0nge
  • Topic Starter

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 11 April 2007 - 04:06 AM

Here is the Uninstall List:


Adobe Flash Player 9 ActiveX
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
BitTorrent 5.0.7
Fraps (remove only)
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 3
LimeWire 4.12.11
Lock On 1.1
Lock On: Modern Air Combat
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Realtek AC'97 Audio
Sony ACID Pro 6.0
Sony Media Manager 2.0
Sony Vegas 6.0d
Spybot - Search & Destroy 1.4
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
XviD MPEG-4 Codec

Here is the RegSearch thing:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.2.0

; Results at 4/11/2007 6:58:18 PM for strings:
; 'kyfxlrrd'
; 'meuoqwkp'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
; Contents of value:
; 6to4
; AppMgmt
; AudioSrv
; Browser
; CryptSvc
; DMServer
; DHCP
; ERSvc
; EventSystem
; FastUserSwitchingCompatibility
; HidServ
; Ias
; Iprip
; Irmon
; LanmanServer
; LanmanWorkstation
; Messenger
; Netman
; Nla
; Ntmssvc
; NWCWorkstation
; Nwsapagent
; Rasauto
; Rasman
; Remoteaccess
; Schedule
; Seclogon
; SENS
; Sharedaccess
; SRService
; kyfxlrrd
; Tapisrv
; Themes
; TrkWks
; W32Time
; WZCSVC
; Wmi
; WmdmPmSp
; winmgmt
; wscsvc
; xmlprov
; BITS
; wuauserv
; ShellHWDetection
; helpsvc
; WmdmPmSN
;
;
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,6b,00,79,00,66,00,78,00,6c,00,72,00,72,00,64,00,00,00,54,00,61,00,70,\
00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,\
54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,32,00,54,00,69,00,6d,\
00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6d,00,69,00,\
00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,77,00,69,00,6e,\
00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,00,76,00,63,00,00,00,\
78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,42,00,49,00,54,00,53,00,00,\
00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,53,00,68,00,65,00,\
6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,\
00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,57,00,6d,00,64,00,\
6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_KYFXLRRD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_KYFXLRRD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_KYFXLRRD\0000]
"Service"="kyfxlrrd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_KYFXLRRD\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_KYFXLRRD\0000\Control]
"ActiveService"="kyfxlrrd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kyfxlrrd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kyfxlrrd\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kyfxlrrd\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kyfxlrrd\Enum]
"0"="Root\\LEGACY_KYFXLRRD\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KYFXLRRD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KYFXLRRD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KYFXLRRD\0000]
"Service"="kyfxlrrd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kyfxlrrd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kyfxlrrd\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KYFXLRRD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KYFXLRRD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KYFXLRRD\0000]
"Service"="kyfxlrrd"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KYFXLRRD\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KYFXLRRD\0000\Control]
"ActiveService"="kyfxlrrd"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kyfxlrrd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kyfxlrrd\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kyfxlrrd\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kyfxlrrd\Enum]
"0"="Root\\LEGACY_KYFXLRRD\\0000"

; End Of The Log...

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:02:05 PM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:07 PM

Posted 11 April 2007 - 04:58 PM

Good work, things are looking a lot better. :thumbsup:
However I want to take a look at the services running on the PC.
I have suspcions on a few entries I saw from the CF log.

I need you to download the following file:

Getservices.zip - Get list of XP/2000/NT Services

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. It's a going to be quite long, so I want to upload the file to me, to save space in this thread.
Go to this page.
Where it says, browse to the text file you saved earlier (you may need to close it first).
Then click the Send File button below.

Let me know when you have uploaded it.
David

#13 Sp0nge

Sp0nge
  • Topic Starter

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 11 April 2007 - 05:04 PM

I uploaded it

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:07 PM

Posted 11 April 2007 - 05:13 PM

Heya sp0nge :thumbsup:

Ok, in case you are interested, this was the bit I found it the log you uploaded:

SERVICE_NAME: kyfxlrrd
Controller for Serenum Filter
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serenum Filter Controller
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

I can see that this is now legitimate, there's nothing malicious with this service at all, even though google finds nothing on it.
How is the computer running now? Anything improved since we started?

Malware like this normally never comes alone and there are probably infected files left on your computer.

Please perform this online scan: Kaspersky Webscan
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

#15 Sp0nge

Sp0nge
  • Topic Starter

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:08:07 AM

Posted 12 April 2007 - 04:07 AM

Ooohhh the computer has really lost it now..

I did a system restore coz I couldnt access the net for..some reason..

Here is a new HJT log and im going to run Kaspersky Webscan now.

C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qpbiutoigogbo.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Cheers,

PS - Comp is really slow and takes a while to boot up my computer and various other windows explorer windows.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users