Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Plz Help


  • Please log in to reply
5 replies to this topic

#1 cybz

cybz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 29 April 2007 - 11:12 PM

I've been having trouble with some pop-ups coming up on my screen, one that comes pretty often is about WinAntiVirusPro 2006. Spybot, Adaware and NOD32 couldn't fix the problem. Heres the log, thanks for help.

Logfile of HijackThis v1.99.1
Scan saved at 00:07:08, on 2007-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\cybz\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 30 April 2007 - 03:34 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum cybz :thumbsup:

First please find and delete:
C:\Documents and Settings\cybz\Desktop\HijackThis.exe

Now download and install Hijackthis.
This is a self-extracting version which will automatically install HJT to C:\Program Files\Hijackthis by default,a desktop shortcut will also be created.

***************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


***************************

Now please go to:
C:\Program Files\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply,along with the C:\ComboFix.txt
Posted Image
Posted Image

#3 cybz

cybz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 30 April 2007 - 09:03 PM

Thanks for quick response. Here's the info you need:

---------------------------------------------------------------------------------------------------------
ComboFix
---------------------------------------------------------------------------------------------------------
"cybz" - 07-04-30 21:50:57 Service Pack 2
ComboFix 07-04-28.V - Running from: "C:\Documents and Settings\cybz\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\pmnomnk.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\bund1


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


2007-04-30 18:36 <DIR> d-------- C:\Temp\ini
2007-04-29 23:34 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-29 01:05 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\Lavasoft
2007-04-28 21:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-28 17:21 <DIR> d-------- C:\Program Files\Lavalys
2007-04-28 17:14 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-04-28 12:18 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-28 01:10 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-04-28 01:10 <DIR> d-------- C:\Program Files\Tweak-XP Pro 4
2007-04-28 00:42 <DIR> d-------- C:\WINDOWS\pss
2007-04-26 22:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-26 20:12 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-04-26 20:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-04-26 20:08 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-26 20:02 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-26 19:51 <DIR> d-------- C:\Fraps
2007-04-26 19:45 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-04-26 19:45 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-04-26 19:45 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-04-26 19:45 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-04-26 19:44 <DIR> d-------- C:\Program Files\Futuremark
2007-04-26 19:34 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-04-26 19:34 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-04-26 19:34 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-26 19:34 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-04-26 19:34 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-26 19:34 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-26 19:34 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-04-26 19:34 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-04-26 18:58 <DIR> d-------- C:\Program Files\MSBuild
2007-04-26 18:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-04-26 18:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-04-26 18:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-04-26 18:43 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-26 18:43 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-26 18:43 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-26 18:43 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-26 18:43 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-26 18:43 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-26 18:43 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-26 01:21 <DIR> d-------- C:\Temp\recov1
2007-04-26 01:17 <DIR> d-------- C:\Temp\recov
2007-04-26 01:14 <DIR> d-------- C:\Program Files\Azureus
2007-04-25 23:01 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-04-25 23:01 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-25 22:52 87,040 -ra------ C:\WINDOWS\system32\commonfx.dll
2007-04-25 22:52 81,920 --a------ C:\WINDOWS\system32\ctcoinst.dll
2007-04-25 22:52 77,824 -ra------ C:\WINDOWS\system32\drivers\emupia2k.sys
2007-04-25 22:52 751,104 -ra------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2007-04-25 22:52 73,728 --a------ C:\WINDOWS\system32\piaproxy.dll
2007-04-25 22:52 71,680 --a------ C:\WINDOWS\system32\ctdproxy.dll
2007-04-25 22:52 7,168 -ra------ C:\WINDOWS\system32\drivers\ctprxy2k.sys
2007-04-25 22:52 61,952 -ra------ C:\WINDOWS\system32\CTHWIUT.DLL
2007-04-25 22:52 548,352 -ra------ C:\WINDOWS\system32\ctsblfx.dll
2007-04-25 22:52 536,576 -ra------ C:\WINDOWS\system32\ctaudfx.dll
2007-04-25 22:52 53,932 -ra------ C:\WINDOWS\system32\ctdaught.dat
2007-04-25 22:52 501,760 -ra------ C:\WINDOWS\system32\drivers\ctac32k.sys
2007-04-25 22:52 439,424 -ra------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2007-04-25 22:52 366,041 -ra------ C:\WINDOWS\system32\ctdlang.dat
2007-04-25 22:52 313,207 -ra------ C:\WINDOWS\system32\ctstatic.dat
2007-04-25 22:52 178,688 -ra------ C:\WINDOWS\system32\drivers\haP17v2k.sys
2007-04-25 22:52 158,208 -ra------ C:\WINDOWS\system32\CT20XUT.DLL
2007-04-25 22:52 157,696 -ra------ C:\WINDOWS\system32\cteapsfx.dll
2007-04-25 22:52 153,088 -ra------ C:\WINDOWS\system32\drivers\haP16v2k.sys
2007-04-25 22:52 134,656 --a------ C:\WINDOWS\system32\ctdvinst.dll
2007-04-25 22:52 106,496 -ra------ C:\WINDOWS\system32\ctemupia.dll
2007-04-25 22:52 1,157,632 -ra------ C:\WINDOWS\system32\CTEXFIFX.dll
2007-04-25 22:52 1,093,632 -ra------ C:\WINDOWS\system32\drivers\ha20x2k.sys
2007-04-25 22:35 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-04-25 22:35 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-25 22:35 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-25 22:35 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-25 22:35 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-25 22:35 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-25 22:35 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-25 22:35 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-25 22:35 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-25 22:35 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-25 22:35 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-25 22:35 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-04-25 22:35 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-25 22:35 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-25 22:35 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-25 22:35 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-25 22:34 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2007-04-25 22:34 11,776 --a------ C:\WINDOWS\INRES.DLL
2007-04-25 22:34 <DIR> d-------- C:\WINDOWS\system32\Data
2007-04-25 22:31 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\Creative
2007-04-25 22:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-04-25 22:21 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-04-25 22:21 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\teamspeak2
2007-04-25 21:53 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-25 21:53 <DIR> d-------- C:\Program Files\Creative
2007-04-25 21:39 499,712 --a------ C:\WINDOWS\system\MSVCP71.DLL
2007-04-25 21:39 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\MusicIP
2007-04-25 21:38 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-25 21:38 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-25 21:38 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-25 21:38 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-25 21:37 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-25 21:37 <DIR> d-------- C:\Program Files\Winamp
2007-04-25 21:25 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\Logitech
2007-04-25 21:24 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-04-25 21:24 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-04-25 21:24 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-04-25 21:24 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-04-25 21:24 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-04-25 21:24 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-04-25 21:24 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-04-25 21:24 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-04-25 21:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-25 21:23 <DIR> d-------- C:\Program Files\Logitech
2007-04-25 21:23 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-04-25 21:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-04-25 21:13 <DIR> d-------- C:\Program Files\Trillian
2007-04-25 20:53 <DIR> d-------- C:\Temp\3333
2007-04-25 20:28 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-04-25 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Media Center Programs
2007-04-25 20:07 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\InstallShield
2007-04-25 20:05 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-04-25 19:59 <DIR> d-------- C:\Temp\333
2007-04-25 19:59 <DIR> d-------- C:\Games
2007-04-25 19:36 <DIR> d-------- C:\Program Files\iTunes
2007-04-25 19:36 <DIR> d-------- C:\Program Files\iPod
2007-04-25 19:36 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\Apple Computer
2007-04-25 19:35 <DIR> d-------- C:\Program Files\QuickTime
2007-04-25 19:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-04-25 19:26 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\Azureus
2007-04-25 19:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-04-24 23:37 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-24 23:37 <DIR> d-------- C:\Temp\Hard Drive Repair
2007-04-24 23:07 <DIR> d-------- C:\Temp\asdf3
2007-04-24 22:25 <DIR> d-------- C:\Program Files\Miranda IM
2007-04-24 22:25 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\Miranda
2007-04-24 22:18 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\atitray
2007-04-24 22:17 <DIR> d-------- C:\Program Files\Ray Adams
2007-04-24 20:54 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-24 20:47 <DIR> d-------- C:\Temp\asdf
2007-04-24 20:44 <DIR> d--hs---- C:\WINDOWS\CSC
2007-04-24 20:42 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-24 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-24 20:27 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-04-24 20:27 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-24 20:27 <DIR> d-------- C:\Temp\ATI
2007-04-24 20:25 218,624 --a------ C:\Temp\uxtheme.dll
2007-04-24 20:24 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-24 20:24 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-24 20:24 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-24 20:15 <DIR> d-------- C:\Shared
2007-04-24 20:15 <DIR> d-------- C:\Downloads
2007-04-24 20:15 <DIR> d-------- C:\Documents
2007-04-24 20:14 <DIR> d--hs---- C:\RECYCLER
2007-04-24 20:12 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-04-24 20:12 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-04-24 20:12 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-24 20:03 <DIR> d-------- C:\Program Files\PowerArchiver
2007-04-24 20:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
2007-04-24 20:00 <DIR> d-------- C:\DOCUME~1\cybz\APPLIC~1\Talkback
2007-04-24 19:59 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-24 19:58 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-24 19:57 <DIR> d-------- C:\Program Files\Marvell
2007-04-24 19:57 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-24 19:56 <DIR> d-------- C:\Temp\Marvell_8056_32bit_V85613
2007-04-24 19:56 <DIR> d-------- C:\Temp
2007-04-24 19:51 2,359,296 --ah----- C:\DOCUME~1\cybz\NTUSER.DAT
2007-04-24 19:50 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-24 19:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-24 19:50 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-24 19:47 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-24 19:45 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-24 19:45 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-24 19:45 0 -rahs---- C:\MSDOS.SYS
2007-04-24 19:45 0 -rahs---- C:\IO.SYS
2007-04-24 19:45 0 --a------ C:\CONFIG.SYS
2007-04-24 19:45 0 --a------ C:\AUTOEXEC.BAT
2007-04-24 19:45 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-24 19:45 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-24 19:44 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-24 19:44 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-24 19:44 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-24 19:44 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-24 19:44 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-24 19:43 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-24 19:43 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-24 19:43 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-24 19:43 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-24 19:43 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-24 19:43 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-24 19:43 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-24 19:43 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-24 19:43 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-24 19:43 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-24 19:43 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-24 19:43 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-24 19:43 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-24 19:43 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-24 19:43 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-24 19:43 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-24 19:43 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-24 19:43 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-24 19:43 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-24 19:43 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-24 19:43 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-24 19:43 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-24 19:43 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-24 19:43 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-24 19:43 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-24 19:43 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-24 19:43 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-24 19:43 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-24 19:43 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-24 19:43 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-24 19:43 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-24 19:43 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-24 19:43 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-24 19:43 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-24 19:43 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-24 19:43 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-24 19:43 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-24 19:43 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-24 19:43 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-24 19:43 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-24 19:43 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-24 19:43 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-24 19:43 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-24 19:43 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-24 19:43 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-24 19:43 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-24 19:43 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-24 19:43 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-24 19:43 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-24 19:43 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-24 19:43 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-24 19:42 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-24 19:42 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-24 19:42 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-24 19:42 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-24 19:42 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-24 19:42 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-24 19:42 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-24 19:42 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-24 19:42 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-24 19:42 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-24 19:42 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-24 19:42 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-24 19:42 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-24 19:42 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-24 19:42 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-24 19:42 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-24 19:42 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-24 19:42 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-24 19:42 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-24 19:42 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-24 19:42 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-24 19:42 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-24 19:42 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-24 19:42 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-24 19:42 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-24 19:42 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-24 19:42 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-24 19:42 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-24 19:42 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-24 19:42 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-24 19:42 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-24 19:42 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-24 19:42 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-24 19:42 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-24 19:42 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-24 19:42 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-24 19:42 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-24 19:42 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-24 19:42 <DIR> d-------- C:\WINDOWS\Registration
2007-04-24 19:42 <DIR> d-------- C:\Program Files\Online Services
2007-04-24 19:42 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-24 19:42 <DIR> d-------- C:\Program Files\Messenger
2007-04-24 19:41 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-24 19:41 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-24 19:41 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-24 19:41 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-24 19:41 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-24 19:41 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-24 19:41 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-24 19:41 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-24 19:41 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-24 19:41 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-24 19:41 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-24 19:41 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-24 19:41 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-24 19:41 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-24 19:41 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-24 19:41 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-24 19:41 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-24 19:41 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-24 19:41 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-24 19:41 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-24 19:41 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-24 19:41 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-24 19:41 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-24 19:41 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-24 19:41 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-24 19:41 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-24 19:41 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-24 19:41 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-24 19:41 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-24 19:41 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-24 19:41 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-24 19:41 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-24 19:41 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-24 19:41 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-24 19:41 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-24 19:41 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-24 19:41 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-24 19:41 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-24 19:41 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-24 19:41 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-24 19:41 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-24 19:41 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-24 19:41 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-24 19:41 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-24 19:41 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-24 19:41 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-24 19:41 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-24 19:41 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-24 19:41 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-24 19:41 <DIR> d-------- C:\Program Files\Windows NT
2007-04-24 15:36 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-04-24 15:36 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-04-24 15:36 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-04-24 15:36 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-04-24 15:36 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-04-24 15:36 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-04-24 15:36 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-04-24 15:36 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-04-24 15:35 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-04-24 15:35 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-24 15:35 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-24 15:35 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-04-24 15:35 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-04-24 15:35 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-04-24 15:35 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-04-24 15:35 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-04-24 15:35 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-04-24 15:35 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2007-04-24 15:35 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2007-04-24 15:35 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2007-04-24 15:35 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-04-24 15:35 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-04-24 15:35 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-04-24 15:35 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-24 15:35 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-24 15:35 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-24 15:35 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-04-24 15:35 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2007-04-24 15:35 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2007-04-24 15:35 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-04-24 15:35 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-24 15:35 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2007-04-24 15:35 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2007-04-24 15:35 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2007-04-24 15:35 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-04-24 15:35 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-04-24 15:32 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-24 15:32 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-24 15:31 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-24 15:31 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-24 15:31 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-24 15:30 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-24 15:30 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-24 15:30 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-24 15:30 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-24 15:30 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-24 15:30 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-24 15:30 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-24 15:30 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-24 15:30 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-24 15:30 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-24 15:30 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-24 15:30 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-24 15:30 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-24 15:30 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-24 15:30 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-24 15:30 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-24 15:30 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-24 15:30 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-24 15:30 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-24 15:30 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-24 15:30 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-24 15:30 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-24 15:30 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-24 15:30 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-24 15:30 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-24 15:30 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-24 15:30 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-24 15:30 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-24 15:30 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-24 15:30 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-24 15:30 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-24 15:30 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-24 15:30 <DIR> dr------- C:\Program Files
2007-04-24 15:30 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-24 15:30 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-24 15:30 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-24 15:30 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-24 15:30 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-24 15:30 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-24 15:29 <DIR> d--hs---- C:\System Volume Information
2007-04-24 15:29 <DIR> d-------- C:\Documents and Settings
2007-04-24 15:24 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-24 15:24 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-24 15:24 <DIR> dr------- C:\WINDOWS\Web
2007-04-24 15:24 <DIR> d--h----- C:\WINDOWS\inf
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system32
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\system
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\security
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Resources
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\repair
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\OemDir
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\mui
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\msapps
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\msagent
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Media
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\ime
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Help
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\ehome
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Debug
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\Config
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS\addins
2007-04-24 15:24 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-24 15:30 62 --ahs---- C:\DOCUME~1\cybz\APPLIC~1\desktop.ini
2007-03-23 06:07 583504 --------- C:\WINDOWS\system32\xpsshhdr.dll
2007-03-23 06:07 1683280 --------- C:\WINDOWS\system32\xpssvcs.dll
2007-03-22 20:25 124928 --------- C:\WINDOWS\system32\prntvpt.dll
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-14 21:58 315392 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-03-14 21:57 267776 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-14 21:57 1986560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-14 21:55 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-14 21:50 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-14 21:50 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-03-14 21:50 122880 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-14 21:50 114688 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-03-14 21:49 114688 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-14 21:48 450560 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-14 21:47 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-03-14 21:40 2820544 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-14 21:29 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-03-14 21:29 1315712 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-14 21:19 5402624 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-14 21:16 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-14 21:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-14 21:10 356352 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-13 14:06 56360 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 18:04 143676 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{D651AFF4-9590-424d-BD1E-8E33E090DFB3}"="C:\WINDOWS\system32\cfluciqd.dll" [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"Launch LGDCore"="\"C:\\Program Files\\Common Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AtiTrayTools"="\"C:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoLogoff"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTXFIHLP"
"hkey"="HKLM"
"command"="CTXFIHLP.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gkawvcow"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\gkawvcow.dll\",realset"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLLML"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UnlockerAssistant"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 21:53:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 21:53:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-30 21:53

---------------------------------------------------------------------------------------------------------
HijackThis
---------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:56:42, on 2007-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Hijackthis\abc.bat

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\cfluciqd.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 May 2007 - 04:13 AM

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

**********************************

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then reboot.

REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]

**********************************

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

**********************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Posted Image
Posted Image

#5 cybz

cybz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 02 May 2007 - 12:05 AM

Thanks a lot, Spybot didn't detect anything after boot. No Popups so far. I'm really grateful for the help you provided.

-----------------------------------------------------------------------------------------------------
VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 23:58:10 2007-05-01

Listing files found while scanning....

C:\WINDOWS\system32\cfluciqd.dll

Beginning removal...

Performing Repairs to the registry.
Done!

-----------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 00:57:01, on 2007-05-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 02 May 2007 - 06:17 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
C:\Vundfix Backups
C:\QooBox

Enable Spybot's protection.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users