Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis Log

Unread postby dbabbs » September 19th, 2006, 8:29 pm

Need Help. Have Run the suggested AV and spyware software but still get infected when I logon to the internet. Predominately see Trojan.SDbot or IRC

Thanks in advance,

Daniel


===========================================
Logfile of HijackThis v1.99.1
Scan saved at 7:20:56 PM, on 9/19/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Anti-Spyare\HijackThis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Dell|Alert] "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6608612653
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: COM+ System Service (DLLHOST) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
dbabbs
Active Member
 
Posts: 7
Joined: September 16th, 2006, 1:18 pm
Advertisement
Register to Remove

reply

Unread postby tim s » September 19th, 2006, 10:22 pm

Hi dbabbs,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

reply

Unread postby tim s » September 20th, 2006, 6:01 pm

Hi dbabbs,
-----------------------------------------------------------
Update Your Windows XP.
You are currently using an unpatched version of Windows XP. Your computer is wide open for infection.
Before attempting to remove malware, it is CRITICAL that you update to Service Pack 1a.
Get SP1a here : http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
You should also get SP2, but NOT NOW, rather only after your machine is clean.
After updating your Windows to SP1a, post a new HijackThis log please, using the Reply button.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby dbabbs » September 20th, 2006, 10:14 pm

Logfile of HijackThis v1.99.1
Scan saved at 9:02:53 PM, on 9/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\Traymon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Anti-Spyare\HijackThis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Dell|Alert] "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6608612653
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: COM+ System Service (DLLHOST) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
dbabbs
Active Member
 
Posts: 7
Joined: September 16th, 2006, 1:18 pm

reply

Unread postby tim s » September 21st, 2006, 8:20 pm

Hi dbabbs,
Thanks for posting log.

You are running Bit Defender and AVG antivirus program.
You must disable or uninstall one.
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. These conflicts can leave you open to infection.

If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.
-----------------------------------------------------------------------------

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
______________________________

Please post:
  • Report.txt
  • A new HijackThis log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Problem booting to safe mode

Unread postby dbabbs » September 21st, 2006, 10:58 pm

When I try to boot to safe mode I get to the Boot menu but the keyboard doesn't work so I can't select an option. Nothing works and I must power off to proceed. Unsure whether this is hardware or software related. I'm on a Dell 8200 circa 2001 BIOS A05.

It is quite tricky to get to Safe mode. When succesful there is a constant beep like when the keyboard buffer is full. If I try to press keys sparingly to avoid filling buffer no success. Also tried F5 but same thing.

Any ideas?
dbabbs
Active Member
 
Posts: 7
Joined: September 16th, 2006, 1:18 pm

Disregard last post-logs attached

Unread postby dbabbs » September 21st, 2006, 11:44 pm

I used MSCONFIG to force safeboot. Appears to have run properly.



SDFix: Version 1.25
-------------------

Thu 09/21/2006
10:29 PM


Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Daniel\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----

DLLHOST
msvbn
Windows Spooler Service

Path:
----

"C:\WINDOWS\system\dllhost.exe"
"C:\WINDOWS\msvbn.exe"
"C:\WINDOWS\winlogon.exe"


DLLHOST ... deleted
msvbn ... deleted
Windows Spooler Service ... deleted


Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting!

Stage Two...

Registry Cleaning Finished...

Checking For Malware Files:
--------------------------

C:\WINDOWS\SYSTEM32\eraseme_01124.exe
C:\WINDOWS\SYSTEM32\eraseme_18116.exe
C:\WINDOWS\SYSTEM32\eraseme_33620.exe
C:\WINDOWS\SYSTEM32\eraseme_41187.exe
C:\WINDOWS\SYSTEM32\eraseme_75305.exe
C:\WINDOWS\system32\i


Logfile of HijackThis v1.99.1
Scan saved at 10:40:46 PM, on 9/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Anti-Spyare\HijackThis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Dell|Alert] "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6608612653
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
dbabbs
Active Member
 
Posts: 7
Joined: September 16th, 2006, 1:18 pm

reply

Unread postby tim s » September 22nd, 2006, 10:09 am

Hi
Good job Thanks for posting logs.
SDFix is missing last part of report did it get cut off when coping and paste to reply? last line should say *FINISHED*

Older verison of Java can let infections in. the newest is jre1.5.0_08
Delete the older versions of Java and download the newest
Please follow these steps to remove older version Java components.

  1. Close any programmes you may have running, ESPECIALLY your web browser
  2. Click Start > Control Panel.
  3. Click Add/Remove Programs.
  4. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  5. Click the Remove or Change/Remove button.
  6. Repeat as many times as necessary to remove all versions of Java.
  7. Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment, and install it to your computer.
-------------------------------------------------------------------------------
Next: Let's make sure nothing is hiding.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.

  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree. WATCH SCREEN:UNcheck box Add CCleaner yahoo! Toolbar and use ccleaner from within IE when installing in next step.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," check "Cookies" (you will likely need to reenter your passwords at all sites where a cookie are used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
----------------------------------------------------------------------------------------

Run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the "Scan your PC" button NOTE: If you have a popblocker enable you will have to allow popup here.
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes. You may have to reboot here I did and start from step 1 again.)
10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply with others requested.
--------------------------------------------------------------------------------------------



Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
      Note: If the Update now option is grayed out, follow the steps below.
      • Click on Update on the toolbar.
      • Under Manual update, click on the Start Update button.
      • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Make sure you are in safe mode for the next step

-------------------------------------------------

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________


Please post:
  • Panda scan results
  • Ewido log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Panda/Ewido/Hijackthis Logs

Unread postby dbabbs » September 23rd, 2006, 8:44 am

Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Daniel\Desktop\SDFix\apps\Process.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\Documents and Settings\Daniel\Desktop\SDFix\backups\backups.zip[backups/i]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Daniel\Desktop\SDFix\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Daniel\Desktop\SDFix.zip[SDFix/apps/Process.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EIJ8CAW3\is[1].exe
Possible Virus. Not disinfected C:\Program Files\Anti-Spyare\HijackThis\backups\backup-20060831-194701-435.dll
Possible Virus. Not disinfected C:\Program Files\Anti-Spyare\HijackThis\backups\backup-20060831-194822-710.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Anti-Spyare\HijackThis\backups\backup-20060913-200545-209.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Anti-Spyare\HijackThis\backups\backup-20060913-210814-663.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Anti-Spyare\HijackThis\backups\backup-20060915-222953-773.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Anti-Spyare\HijackThis\backups\backup-20060915-224958-617.dll
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard1.dat
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\awtqrqq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\awtsppp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\awturom.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\byxvurp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\byxvurs.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\byxxxya.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\byxyxwv.dll
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\ddcaaax.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\hggdbxw.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\hgghedb.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\khfgdby.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\ljjhfef.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\nnnklml.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\nnnlmjj.dll
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\SYSTEM32\o
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\pmnnlli.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\qomkiif.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\rqrrqop.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\rqrsqrp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\ssqnlmn.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\ssqqqpo.dll
Virus:W32/Gaobot.FED.worm Disinfected C:\WINDOWS\SYSTEM32\TFTP2504
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\urqnonm.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\vtusssr.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\xxyvsrr.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\xxyyawt.dll ---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:26:36 AM 9/23/2006

+ Scan result:



C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EIJ8CAW3\is[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nnnklml.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\urqnonm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 7:32:11 AM, on 9/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Anti-Spyare\HijackThis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Dell|Alert] "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6608612653
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
dbabbs
Active Member
 
Posts: 7
Joined: September 16th, 2006, 1:18 pm

reply

Unread postby tim s » September 24th, 2006, 7:52 pm

Hi dbabbs,
Thanks for posting logs.
HJT log still show the old verison of Java not the new updated one.5.0 Update 8.
It is very,very important to follow ALL instructions to get your computer clean.

let's try again
-------------------------------------------------------------
Older verison of Java can let infections in. the newest is jre1.5.0_08
Delete the older versions of Java and download the newest
Please follow these steps to remove older version Java components.

  1. Close any programmes you may have running, ESPECIALLY your web browser
  2. Click Start > Control Panel.
  3. Click Add/Remove Programs.
  4. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  5. Click the Remove or Change/Remove button.
  6. Repeat as many times as necessary to remove all versions of Java.
  7. Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment, and install it to your computer.
----------------------------------------------------------------


Find SDFix folder and delete it and the SDFix backup Folder Delete it too.
-------------------------------------------------------------

Now find HijackThis_v1.99.1.exe and rename it to Stopit.exe
-------------------------------------------------------------

Please do the following.


Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable SpySweeper:

  • Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
  • Over to the left click "shields" and uncheck all there.
  • Uncheck "home page shield".
  • Uncheck "automatically restore default without notification".
---------------------------------------------------------------------------------------

Disable Trojan Hunter Guard
Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue magnifying glass icon with a red handle. Right click it and select Settings. Uncheck Load at startup and Enabled.
---------------------------------------------------------------------------------------
Disable Ewido
Open Ewido

  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Close Ewido
  • Right-click the Ewido Tray Icon and choose Exit. Confirm by clicking Yes.
-------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
--------------------------------------------------

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


-------------------------------------------------

Please post back with
vundofix.txt
combofix log
new HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Logs

Unread postby dbabbs » September 25th, 2006, 11:11 pm

Here are the logs. For your reference the Java link was to Update 6 and the Java website doesn't offer Update 8. I had to Google and find on the Sun developer site.


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.8

Scan started at 9:48:49 PM 9/25/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\awtqrqq.dll
C:\WINDOWS\SYSTEM32\awtsppp.dll
C:\WINDOWS\SYSTEM32\awturom.dll
C:\WINDOWS\SYSTEM32\byxvurp.dll
C:\WINDOWS\SYSTEM32\byxvurs.dll
C:\WINDOWS\SYSTEM32\byxxxya.dll
C:\WINDOWS\SYSTEM32\byxyxwv.dll
C:\WINDOWS\SYSTEM32\ddcaaax.dll
C:\WINDOWS\SYSTEM32\ddcyv.dll
C:\WINDOWS\SYSTEM32\vycdd.ini
C:\WINDOWS\SYSTEM32\hggdbxw.dll
C:\WINDOWS\SYSTEM32\hgghedb.dll
C:\WINDOWS\SYSTEM32\khfgdby.dll
C:\WINDOWS\SYSTEM32\ljjhfef.dll
C:\WINDOWS\SYSTEM32\nnnlmjj.dll
C:\WINDOWS\SYSTEM32\pmnnlli.dll
C:\WINDOWS\SYSTEM32\qomkiif.dll
C:\WINDOWS\SYSTEM32\rqrrqop.dll
C:\WINDOWS\SYSTEM32\rqrsqrp.dll
C:\WINDOWS\SYSTEM32\ssqnlmn.dll
C:\WINDOWS\SYSTEM32\ssqqqpo.dll
C:\WINDOWS\SYSTEM32\vtusssr.dll
C:\WINDOWS\SYSTEM32\xxyvsrr.dll
C:\WINDOWS\SYSTEM32\xxyyawt.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\awtqrqq.dll
C:\WINDOWS\SYSTEM32\awtqrqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\awtsppp.dll
C:\WINDOWS\SYSTEM32\awtsppp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\awturom.dll
C:\WINDOWS\SYSTEM32\awturom.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\byxvurp.dll
C:\WINDOWS\SYSTEM32\byxvurp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\byxvurs.dll
C:\WINDOWS\SYSTEM32\byxvurs.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\byxxxya.dll
C:\WINDOWS\SYSTEM32\byxxxya.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\byxyxwv.dll
C:\WINDOWS\SYSTEM32\byxyxwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddcaaax.dll
C:\WINDOWS\SYSTEM32\ddcaaax.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddcyv.dll
C:\WINDOWS\SYSTEM32\ddcyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vycdd.ini
C:\WINDOWS\SYSTEM32\vycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hggdbxw.dll
C:\WINDOWS\SYSTEM32\hggdbxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hgghedb.dll
C:\WINDOWS\SYSTEM32\hgghedb.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\khfgdby.dll
C:\WINDOWS\SYSTEM32\khfgdby.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ljjhfef.dll
C:\WINDOWS\SYSTEM32\ljjhfef.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nnnlmjj.dll
C:\WINDOWS\SYSTEM32\nnnlmjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pmnnlli.dll
C:\WINDOWS\SYSTEM32\pmnnlli.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qomkiif.dll
C:\WINDOWS\SYSTEM32\qomkiif.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqrrqop.dll
C:\WINDOWS\SYSTEM32\rqrrqop.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqrsqrp.dll
C:\WINDOWS\SYSTEM32\rqrsqrp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqnlmn.dll
C:\WINDOWS\SYSTEM32\ssqnlmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqqqpo.dll
C:\WINDOWS\SYSTEM32\ssqqqpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vtusssr.dll
C:\WINDOWS\SYSTEM32\vtusssr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xxyvsrr.dll
C:\WINDOWS\SYSTEM32\xxyvsrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xxyyawt.dll
C:\WINDOWS\SYSTEM32\xxyyawt.dll Has been deleted!

Performing Repairs to the registry.
Done!


Daniel - 06-09-25 22:02:10.84 Service Pack 1
ComboFix 06.09.25 - Running from: "C:\Program Files\Anti-Spyare\Combofix"

((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-23 22:05 7,882 --a------ C:\WINDOWS\SYSTEM32\GTKCMOS.sys
2006-09-23 22:05 7,626 --a------ C:\WINDOWS\SYSTEM32\GPCIEnum.sys
2006-09-23 22:05 7,168 --a------ C:\WINDOWS\SYSTEM32\DLPT64.sys
2006-09-23 22:05 6,977 --a------ C:\WINDOWS\SYSTEM32\DDMI2.sys
2006-09-23 22:05 6,656 --a------ C:\WINDOWS\SYSTEM32\DLPT2.sys
2006-09-23 22:05 5,632 --a------ C:\WINDOWS\SYSTEM32\GPCIEn64.sys
2006-09-23 22:05 5,120 --a------ C:\WINDOWS\SYSTEM32\GTKCMO64.sys
2006-09-23 22:05 4,608 --a------ C:\WINDOWS\SYSTEM32\DDMI64.sys
2006-09-20 19:13 115,200 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll
2006-09-20 19:12 921,475 --------- C:\WINDOWS\SYSTEM32\ati3d2ag.dll
2006-09-20 19:12 89,088 --a------ C:\WINDOWS\SYSTEM32\mqsec.dll
2006-09-20 19:12 844,675 --------- C:\WINDOWS\SYSTEM32\ati3d1ag.dll
2006-09-20 19:12 73,728 --a------ C:\WINDOWS\SYSTEM32\tlntsess.exe
2006-09-20 19:12 7,168 --a------ C:\WINDOWS\SYSTEM32\tlntsvrp.dll
2006-09-20 19:12 67,584 --a------ C:\WINDOWS\SYSTEM32\tlntsvr.exe
2006-09-20 19:12 67,584 --a------ C:\WINDOWS\SYSTEM32\fdeploy.dll
2006-09-20 19:12 613,888 --a------ C:\WINDOWS\SYSTEM32\mqqm.dll
2006-09-20 19:12 57,856 --a------ C:\WINDOWS\SYSTEM32\tlntadmn.exe
2006-09-20 19:12 57,344 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll
2006-09-20 19:12 545,792 --a------ C:\WINDOWS\SYSTEM32\wsecedit.dll
2006-09-20 19:12 504,832 --------- C:\WINDOWS\SYSTEM32\msftedit.dll
2006-09-20 19:12 5,120 --------- C:\WINDOWS\SYSTEM32\hccoin.dll
2006-09-20 19:12 478,720 --a------ C:\WINDOWS\SYSTEM32\mqsnap.dll
2006-09-20 19:12 469,504 --a------ C:\WINDOWS\SYSTEM32\mqutil.dll
2006-09-20 19:12 403,456 --------- C:\WINDOWS\SYSTEM32\winbrand.dll
2006-09-20 19:12 377,984 --------- C:\WINDOWS\SYSTEM32\ati2dvaa.dll
2006-09-20 19:12 3,584 --------- C:\WINDOWS\SYSTEM32\dsprpres.dll
2006-09-20 19:12 29,696 --------- C:\WINDOWS\SYSTEM32\asr_pfu.exe
2006-09-20 19:12 277,504 --a------ C:\WINDOWS\SYSTEM32\appmgr.dll
2006-09-20 19:12 231,936 --a------ C:\WINDOWS\SYSTEM32\tracerpt.exe
2006-09-20 19:12 218,112 --------- C:\WINDOWS\SYSTEM32\sbe.dll
2006-09-20 19:12 202,496 --------- C:\WINDOWS\SYSTEM32\ati2dvag.dll
2006-09-20 19:12 187,904 --------- C:\WINDOWS\SYSTEM32\xpsp1res.dll
2006-09-20 19:12 183,296 --a------ C:\WINDOWS\SYSTEM32\gptext.dll
2006-09-20 19:12 18,944 --------- C:\WINDOWS\SYSTEM32\faxpatch.exe
2006-09-20 19:12 172,032 --------- C:\WINDOWS\SYSTEM32\mssap.dll
2006-09-20 19:12 164,864 --a------ C:\WINDOWS\SYSTEM32\mqrt.dll
2006-09-20 19:12 164,352 --a------ C:\WINDOWS\SYSTEM32\mqtrig.dll
2006-09-20 19:12 156,672 --a------ C:\WINDOWS\SYSTEM32\appmgmts.dll
2006-09-20 19:12 155,648 --------- C:\WINDOWS\SYSTEM32\encdec.dll
2006-09-20 19:12 14,848 --a------ C:\WINDOWS\SYSTEM32\mqise.dll
2006-09-20 19:12 130,048 --a------ C:\WINDOWS\SYSTEM32\mqad.dll
2006-09-20 19:12 113,664 --a------ C:\WINDOWS\SYSTEM32\schtasks.exe
2006-09-20 19:12 113,152 --a------ C:\WINDOWS\SYSTEM32\gpresult.exe
2006-09-20 19:12 110,080 --------- C:\WINDOWS\SYSTEM32\sbeio.dll
2006-09-20 19:12 103,936 --a------ C:\WINDOWS\SYSTEM32\rsnotify.exe
2006-09-20 19:12 10,752 --------- C:\WINDOWS\SYSTEM32\spiisupd.exe
2006-09-20 19:12 1,677,312 --------- C:\WINDOWS\SYSTEM32\wmvcore2.dll
2006-09-20 19:11 98,816 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2006-09-20 19:11 98,304 --a------ C:\WINDOWS\SYSTEM32\oleprn.dll
2006-09-20 19:11 95,744 --a------ C:\WINDOWS\SYSTEM32\nlhtml.dll
2006-09-20 19:11 94,208 --a------ C:\WINDOWS\SYSTEM32\odbccp32.dll
2006-09-20 19:11 91,648 --a------ C:\WINDOWS\SYSTEM32\iuctl.dll
2006-09-20 19:11 91,648 --a------ C:\WINDOWS\SYSTEM32\ahui.exe
2006-09-20 19:11 91,136 --a------ C:\WINDOWS\SYSTEM32\rastls.dll
2006-09-20 19:11 91,136 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-09-20 19:11 9,728 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2006-09-20 19:11 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2006-09-20 19:11 9,216 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2006-09-20 19:11 9,216 --a------ C:\WINDOWS\SYSTEM32\dumprep.exe
2006-09-20 19:11 88,064 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2006-09-20 19:11 87,304 --a------ C:\WINDOWS\SYSTEM32\rdpdd.dll
2006-09-20 19:11 86,528 --a------ C:\WINDOWS\SYSTEM32\wlnotify.dll
2006-09-20 19:11 86,016 --a------ C:\WINDOWS\SYSTEM32\xactsrv.dll
2006-09-20 19:11 857,600 --a------ C:\WINDOWS\SYSTEM32\netplwiz.dll
2006-09-20 19:11 82,944 --a------ C:\WINDOWS\SYSTEM32\smlogsvc.exe
2006-09-20 19:11 82,944 --a------ C:\WINDOWS\SYSTEM32\psbase.dll
2006-09-20 19:11 82,432 --a------ C:\WINDOWS\SYSTEM32\fldrclnr.dll
2006-09-20 19:11 81,920 --a------ C:\WINDOWS\SYSTEM32\trkwks.dll
2006-09-20 19:11 81,408 --a------ C:\WINDOWS\SYSTEM32\msoert2.dll
2006-09-20 19:11 802,304 --a------ C:\WINDOWS\SYSTEM32\dxmrtp.dll
2006-09-20 19:11 8,832 --a------ C:\WINDOWS\SYSTEM32\framebuf.dll
2006-09-20 19:11 8,192 --a------ C:\WINDOWS\SYSTEM32\scrnsave.scr
2006-09-20 19:11 8,192 --a------ C:\WINDOWS\SYSTEM32\autolfn.exe
2006-09-20 19:11 77,824 --a------ C:\WINDOWS\SYSTEM32\wmpstub.exe
2006-09-20 19:11 76,288 --a------ C:\WINDOWS\SYSTEM32\dfrgfat.exe
2006-09-20 19:11 76,288 --a------ C:\WINDOWS\SYSTEM32\avifil32.dll
2006-09-20 19:11 75,912 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2006-09-20 19:11 74,810 --a------ C:\WINDOWS\SYSTEM32\atl.dll
2006-09-20 19:11 74,240 --a------ C:\WINDOWS\SYSTEM32\rtcshare.exe
2006-09-20 19:11 73,728 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2006-09-20 19:11 71,680 --a------ C:\WINDOWS\SYSTEM32\browsewm.dll
2006-09-20 19:11 71,168 --a------ C:\WINDOWS\SYSTEM32\sdbinst.exe
2006-09-20 19:11 70,656 --a------ C:\WINDOWS\SYSTEM32\defrag.exe
2006-09-20 19:11 70,144 --a------ C:\WINDOWS\SYSTEM32\cryptdlg.dll
2006-09-20 19:11 7,040 --a------ C:\WINDOWS\SYSTEM32\kd1394.dll
2006-09-20 19:11 699,392 --a------ C:\WINDOWS\SYSTEM32\msxml2.dll
2006-09-20 19:11 686,080 --a------ C:\WINDOWS\SYSTEM32\opengl32.dll
2006-09-20 19:11 68,096 --a------ C:\WINDOWS\SYSTEM32\mscms.dll
2006-09-20 19:11 674,816 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-09-20 19:11 67,584 --a------ C:\WINDOWS\SYSTEM32\msctfp.dll
2006-09-20 19:11 667,648 --a------ C:\WINDOWS\SYSTEM32\ss3dfo.scr
2006-09-20 19:11 66,560 --a------ C:\WINDOWS\SYSTEM32\spoolss.dll
2006-09-20 19:11 66,560 --a------ C:\WINDOWS\SYSTEM32\faultrep.dll
2006-09-20 19:11 66,048 --a------ C:\WINDOWS\SYSTEM32\sigverif.exe
2006-09-20 19:11 65,536 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2006-09-20 19:11 64,512 --a------ C:\WINDOWS\SYSTEM32\msiexec.exe
2006-09-20 19:11 64,512 --a------ C:\WINDOWS\SYSTEM32\ciodm.dll
2006-09-20 19:11 638,976 --a------ C:\WINDOWS\SYSTEM32\sstext3d.scr
2006-09-20 19:11 63,488 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2006-09-20 19:11 62,976 --a------ C:\WINDOWS\SYSTEM32\shgina.dll
2006-09-20 19:11 62,976 --a------ C:\WINDOWS\SYSTEM32\browselc.dll
2006-09-20 19:11 62,464 --a------ C:\WINDOWS\SYSTEM32\adsmsext.dll
2006-09-20 19:11 61,952 --a------ C:\WINDOWS\SYSTEM32\webclnt.dll
2006-09-20 19:11 61,952 --a------ C:\WINDOWS\SYSTEM32\sti.dll
2006-09-20 19:11 61,440 --a------ C:\WINDOWS\SYSTEM32\odbccu32.dll
2006-09-20 19:11 61,440 --a------ C:\WINDOWS\SYSTEM32\odbccr32.dll
2006-09-20 19:11 61,440 --a------ C:\WINDOWS\SYSTEM32\dbnetlib.dll
2006-09-20 19:11 60,928 --a------ C:\WINDOWS\SYSTEM32\ipv6.exe
2006-09-20 19:11 60,416 --a------ C:\WINDOWS\SYSTEM32\wextract.exe
2006-09-20 19:11 60,416 --a------ C:\WINDOWS\SYSTEM32\shimeng.dll
2006-09-20 19:11 6,656 --a------ C:\WINDOWS\SYSTEM32\batt.dll
2006-09-20 19:11 6,144 --a------ C:\WINDOWS\SYSTEM32\sensapi.dll
2006-09-20 19:11 598,016 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2006-09-20 19:11 59,392 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-09-20 19:11 59,392 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll
2006-09-20 19:11 587,776 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-09-20 19:11 584,192 --a------ C:\WINDOWS\SYSTEM32\netcfgx.dll
2006-09-20 19:11 582,656 --a------ C:\WINDOWS\SYSTEM32\catsrvut.dll
2006-09-20 19:11 58,880 --a------ C:\WINDOWS\SYSTEM32\pautoenr.dll
2006-09-20 19:11 57,856 --a------ C:\WINDOWS\SYSTEM32\raschap.dll
2006-09-20 19:11 57,856 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2006-09-20 19:11 569,344 --a------ C:\WINDOWS\SYSTEM32\sspipes.scr
2006-09-20 19:11 56,832 --a------ C:\WINDOWS\SYSTEM32\wzcdlg.dll
2006-09-20 19:11 56,320 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2006-09-20 19:11 56,320 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-09-20 19:11 557,568 --a------ C:\WINDOWS\SYSTEM32\crypt32.dll
2006-09-20 19:11 552,991 --a------ C:\WINDOWS\SYSTEM32\msrepl40.dll
2006-09-20 19:11 55,296 --a------ C:\WINDOWS\SYSTEM32\digest.dll
2006-09-20 19:11 548,864 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2006-09-20 19:11 54,272 --a------ C:\WINDOWS\SYSTEM32\clusapi.dll
2006-09-20 19:11 534,016 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2006-09-20 19:11 53,248 --a------ C:\WINDOWS\SYSTEM32\packager.exe
2006-09-20 19:11 53,248 --a------ C:\WINDOWS\SYSTEM32\odbcconf.exe
2006-09-20 19:11 53,248 --a------ C:\WINDOWS\SYSTEM32\cryptsvc.dll
2006-09-20 19:11 52,224 --a------ C:\WINDOWS\SYSTEM32\secur32.dll
2006-09-20 19:11 512,031 --a------ C:\WINDOWS\SYSTEM32\msexch40.dll
2006-09-20 19:11 51,712 --a------ C:\WINDOWS\SYSTEM32\ipconfig.exe
2006-09-20 19:11 51,200 --a------ C:\WINDOWS\SYSTEM32\wmerrenu.dll
2006-09-20 19:11 504,320 --a------ C:\WINDOWS\SYSTEM32\logonui.exe
2006-09-20 19:11 498,205 --a------ C:\WINDOWS\SYSTEM32\dxmasf.dll
2006-09-20 19:11 49,664 --a------ C:\WINDOWS\SYSTEM32\ixsso.dll
2006-09-20 19:11 49,152 --a------ C:\WINDOWS\SYSTEM32\npptools.dll
2006-09-20 19:11 49,152 --a------ C:\WINDOWS\SYSTEM32\eventlog.dll
2006-09-20 19:11 49,152 --a------ C:\WINDOWS\SYSTEM32\browser.dll
2006-09-20 19:11 48,640 --a------ C:\WINDOWS\SYSTEM32\vdmredir.dll
2006-09-20 19:11 48,128 --a------ C:\WINDOWS\SYSTEM32\winsta.dll
2006-09-20 19:11 48,128 --a------ C:\WINDOWS\SYSTEM32\reg.exe
2006-09-20 19:11 479,261 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-09-20 19:11 471,040 --a------ C:\WINDOWS\SYSTEM32\cryptui.dll
2006-09-20 19:11 47,616 --a------ C:\WINDOWS\SYSTEM32\utilman.exe
2006-09-20 19:11 45,568 --a------ C:\WINDOWS\SYSTEM32\docprop2.dll
2006-09-20 19:11 446,464 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll
2006-09-20 19:11 44,032 --a------ C:\WINDOWS\SYSTEM32\regapi.dll
2006-09-20 19:11 44,032 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2006-09-20 19:11 435,200 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2006-09-20 19:11 43,008 --a------ C:\WINDOWS\SYSTEM32\ssdpsrv.dll
2006-09-20 19:11 423,424 --a------ C:\WINDOWS\SYSTEM32\riched20.dll
2006-09-20 19:11 421,919 --a------ C:\WINDOWS\SYSTEM32\msrd2x40.dll
2006-09-20 19:11 420,864 --a------ C:\WINDOWS\SYSTEM32\shimgvw.dll
2006-09-20 19:11 42,537 --a------ C:\WINDOWS\SYSTEM32\keyboard.sys
2006-09-20 19:11 42,496 --a------ C:\WINDOWS\SYSTEM32\ncobjapi.dll
2006-09-20 19:11 41,984 --a------ C:\WINDOWS\SYSTEM32\alg.exe
2006-09-20 19:11 41,472 --a------ C:\WINDOWS\SYSTEM32\cmdl32.exe
2006-09-20 19:11 409,088 --a------ C:\WINDOWS\SYSTEM32\vssapi.dll
2006-09-20 19:11 401,462 --ahs---- C:\WINDOWS\SYSTEM32\msvcp60.dll
2006-09-20 19:11 40,960 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2006-09-20 19:11 4,608 --a------ C:\WINDOWS\SYSTEM32\msimg32.dll
2006-09-20 19:11 4,126 --a------ C:\WINDOWS\SYSTEM32\msdxmlc.dll
2006-09-20 19:11 399,360 --a------ C:\WINDOWS\SYSTEM32\netlogon.dll
2006-09-20 19:11 392,704 --a------ C:\WINDOWS\SYSTEM32\ntmssvc.dll
2006-09-20 19:11 39,424 --a------ C:\WINDOWS\SYSTEM32\net.exe
2006-09-20 19:11 388,608 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2006-09-20 19:11 385,024 --a------ C:\WINDOWS\SYSTEM32\sqlsrv32.dll
2006-09-20 19:11 384,000 --a------ C:\WINDOWS\SYSTEM32\themeui.dll
2006-09-20 19:11 381,440 --a------ C:\WINDOWS\SYSTEM32\lmrt.dll
2006-09-20 19:11 380,445 --a------ C:\WINDOWS\SYSTEM32\expsrv.dll
2006-09-20 19:11 38,912 --a------ C:\WINDOWS\SYSTEM32\wsnmp32.dll
2006-09-20 19:11 38,912 --a------ C:\WINDOWS\SYSTEM32\audiosrv.dll
2006-09-20 19:11 38,400 --a------ C:\WINDOWS\SYSTEM32\ntmsapi.dll
2006-09-20 19:11 38,400 --a------ C:\WINDOWS\SYSTEM32\ntlanman.dll
2006-09-20 19:11 37,888 --a------ C:\WINDOWS\SYSTEM32\hhsetup.dll
2006-09-20 19:11 368,710 --a------ C:\WINDOWS\SYSTEM32\msisam11.dll
2006-09-20 19:11 364,544 --a------ C:\WINDOWS\SYSTEM32\ssflwbox.scr
2006-09-20 19:11 36,922 --a------ C:\WINDOWS\SYSTEM32\imeshare.dll
2006-09-20 19:11 36,352 --a------ C:\WINDOWS\SYSTEM32\sens.dll
2006-09-20 19:11 359,936 --a------ C:\WINDOWS\SYSTEM32\msdtcprx.dll
2006-09-20 19:11 35,328 --a------ C:\WINDOWS\SYSTEM32\dfrgsnap.dll
2006-09-20 19:11 348,195 --a------ C:\WINDOWS\SYSTEM32\msjetoledb40.dll
2006-09-20 19:11 348,191 --a------ C:\WINDOWS\SYSTEM32\mspbde40.dll
2006-09-20 19:11 344,095 --a------ C:\WINDOWS\SYSTEM32\msxbde40.dll
2006-09-20 19:11 34,304 --a------ C:\WINDOWS\SYSTEM32\rcimlby.exe
2006-09-20 19:11 339,968 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2006-09-20 19:11 339,456 --a------ C:\WINDOWS\SYSTEM32\usp10.dll
2006-09-20 19:11 334,848 --a------ C:\WINDOWS\SYSTEM32\smlogcfg.dll
2006-09-20 19:11 33,808 --a------ C:\WINDOWS\SYSTEM32\ntio.sys
2006-09-20 19:11 33,280 --a------ C:\WINDOWS\SYSTEM32\shmgrate.exe
2006-09-20 19:11 328,704 --a------ C:\WINDOWS\SYSTEM32\oakley.dll
2006-09-20 19:11 324,608 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
2006-09-20 19:11 323,072 --ahs---- C:\WINDOWS\SYSTEM32\msvcrt.dll
2006-09-20 19:11 32,768 --a------ C:\WINDOWS\SYSTEM32\odbcad32.exe
2006-09-20 19:11 32,768 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2006-09-20 19:11 32,256 --a------ C:\WINDOWS\SYSTEM32\umandlg.dll
2006-09-20 19:11 32,256 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2006-09-20 19:11 319,760 --a------ C:\WINDOWS\SYSTEM32\msnsspc.dll
2006-09-20 19:11 319,519 --a------ C:\WINDOWS\SYSTEM32\msexcl40.dll
2006-09-20 19:11 318,464 --a------ C:\WINDOWS\SYSTEM32\ippromon.dll
2006-09-20 19:11 316,416 --a------ C:\WINDOWS\SYSTEM32\zipfldr.dll
2006-09-20 19:11 316,416 --a------ C:\WINDOWS\SYSTEM32\wiaservc.dll
2006-09-20 19:11 311,327 --a------ C:\WINDOWS\SYSTEM32\wmv8dmod.dll
2006-09-20 19:11 307,712 --a------ C:\WINDOWS\SYSTEM32\cscui.dll
2006-09-20 19:11 305,664 --a------ C:\WINDOWS\SYSTEM32\msihnd.dll
2006-09-20 19:11 30,208 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-09-20 19:11 3,338 --a------ C:\WINDOWS\SYSTEM32\redir.exe
2006-09-20 19:11 297,984 --a------ C:\WINDOWS\SYSTEM32\scesrv.dll
2006-09-20 19:11 296,448 --a------ C:\WINDOWS\SYSTEM32\wmstream.dll
2006-09-20 19:11 294,912 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-09-20 19:11 28,672 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-09-20 19:11 28,672 --a------ C:\WINDOWS\SYSTEM32\dbnmpntw.dll
2006-09-20 19:11 272,896 --a------ C:\WINDOWS\SYSTEM32\kerberos.dll
2006-09-20 19:11 27,136 --a------ C:\WINDOWS\SYSTEM32\ssdpapi.dll
2006-09-20 19:11 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-09-20 19:11 266,752 --a------ C:\WINDOWS\SYSTEM32\msctf.dll
2006-09-20 19:11 263,680 --a------ C:\WINDOWS\SYSTEM32\duser.dll
2006-09-20 19:11 263,168 --a------ C:\WINDOWS\SYSTEM32\devmgr.dll
2006-09-20 19:11 258,048 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-09-20 19:11 254,976 --a------ C:\WINDOWS\SYSTEM32\pdh.dll
2006-09-20 19:11 253,983 --a------ C:\WINDOWS\SYSTEM32\mstext40.dll
2006-09-20 19:11 251,904 --a------ C:\WINDOWS\SYSTEM32\strmdll.dll
2006-09-20 19:11 250,368 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2006-09-20 19:11 25,600 --a------ C:\WINDOWS\SYSTEM32\dfsshlex.dll
2006-09-20 19:11 247,808 --a------ C:\WINDOWS\SYSTEM32\wow32.dll
2006-09-20 19:11 241,725 --a------ C:\WINDOWS\SYSTEM32\msuni11.dll
2006-09-20 19:11 241,695 --a------ C:\WINDOWS\SYSTEM32\msjtes40.dll
2006-09-20 19:11 240,640 --a------ C:\WINDOWS\SYSTEM32\hnetcfg.dll
2006-09-20 19:11 24,576 --a------ C:\WINDOWS\SYSTEM32\odbcbcp.dll
2006-09-20 19:11 24,576 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2006-09-20 19:11 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsvinn.dll
2006-09-20 19:11 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsrpcn.dll
2006-09-20 19:11 24,576 --a------ C:\WINDOWS\SYSTEM32\conime.exe
2006-09-20 19:11 24,064 --a------ C:\WINDOWS\SYSTEM32\skeys.exe
2006-09-20 19:11 239,616 --a------ C:\WINDOWS\SYSTEM32\adsnt.dll
2006-09-20 19:11 238,592 --a------ C:\WINDOWS\SYSTEM32\compatui.dll
2006-09-20 19:11 238,080 --a------ C:\WINDOWS\SYSTEM32\newdev.dll
2006-09-20 19:11 236,032 --a------ C:\WINDOWS\SYSTEM32\icm32.dll
2006-09-20 19:11 233,984 --a------ C:\WINDOWS\SYSTEM32\tapisrv.dll
2006-09-20 19:11 233,472 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-09-20 19:11 231,424 --a------ C:\WINDOWS\SYSTEM32\upnpui.dll
2006-09-20 19:11 229,888 --a------ C:\WINDOWS\SYSTEM32\msieftp.dll
2006-09-20 19:11 228,864 --a------ C:\WINDOWS\SYSTEM32\msoeacct.dll
2006-09-20 19:11 227,840 --a------ C:\WINDOWS\SYSTEM32\dsquery.dll
2006-09-20 19:11 226,304 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2006-09-20 19:11 225,280 --a------ C:\WINDOWS\SYSTEM32\es.dll
2006-09-20 19:11 22,528 --a------ C:\WINDOWS\SYSTEM32\slayerxp.dll
2006-09-20 19:11 22,528 --a------ C:\WINDOWS\SYSTEM32\shfolder.dll
2006-09-20 19:11 22,528 --a------ C:\WINDOWS\SYSTEM32\mslbui.dll
2006-09-20 19:11 22,528 --a------ C:\WINDOWS\SYSTEM32\at.exe
2006-09-20 19:11 22,016 --a------ C:\WINDOWS\SYSTEM32\udhisapi.dll
2006-09-20 19:11 219,648 --a------ C:\WINDOWS\SYSTEM32\logon.scr
2006-09-20 19:11 213,023 --a------ C:\WINDOWS\SYSTEM32\msltus40.dll
2006-09-20 19:11 212,480 --a------ C:\WINDOWS\SYSTEM32\osk.exe
2006-09-20 19:11 210,944 --a------ C:\WINDOWS\SYSTEM32\moricons.dll
2006-09-20 19:11 204,288 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-09-20 19:11 203,264 --a------ C:\WINDOWS\SYSTEM32\uxtheme.dll
2006-09-20 19:11 200,704 --a------ C:\WINDOWS\SYSTEM32\odbc32.dll
2006-09-20 19:11 200,192 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2006-09-20 19:11 20,992 --a------ C:\WINDOWS\SYSTEM32\setup.exe
2006-09-20 19:11 20,480 --a------ C:\WINDOWS\SYSTEM32\dbmsadsn.dll
2006-09-20 19:11 2,086,400 --a------ C:\WINDOWS\SYSTEM32\msi.dll
2006-09-20 19:11 196,096 --a------ C:\WINDOWS\SYSTEM32\mobsync.dll
2006-09-20 19:11 193,536 --a------ C:\WINDOWS\SYSTEM32\rasppp.dll
2006-09-20 19:11 19,456 --a------ C:\WINDOWS\SYSTEM32\ssmarque.scr
2006-09-20 19:11 19,456 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-09-20 19:11 19,456 --a------ C:\WINDOWS\SYSTEM32\fontview.exe
2006-09-20 19:11 19,456 --a------ C:\WINDOWS\SYSTEM32\ersvc.dll
2006-09-20 19:11 186,880 --a------ C:\WINDOWS\SYSTEM32\certcli.dll
2006-09-20 19:11 182,784 --a------ C:\WINDOWS\SYSTEM32\msutb.dll
2006-09-20 19:11 180,224 --a------ C:\WINDOWS\SYSTEM32\dwwin.exe
2006-09-20 19:11 18,944 --a------ C:\WINDOWS\SYSTEM32\ssbezier.scr
2006-09-20 19:11 178,688 --a------ C:\WINDOWS\SYSTEM32\eudcedit.exe
2006-09-20 19:11 174,592 --a------ C:\WINDOWS\SYSTEM32\scecli.dll
2006-09-20 19:11 172,664 --a------ C:\WINDOWS\SYSTEM32\xenroll.dll
2006-09-20 19:11 171,520 --a------ C:\WINDOWS\SYSTEM32\winmm.dll
2006-09-20 19:11 171,008 --a------ C:\WINDOWS\SYSTEM32\sccsccp.dll
2006-09-20 19:11 17,408 --a------ C:\WINDOWS\SYSTEM32\wtsapi32.dll
2006-09-20 19:11 17,408 --a------ C:\WINDOWS\SYSTEM32\ssmyst.scr
2006-09-20 19:11 17,408 --a------ C:\WINDOWS\SYSTEM32\psapi.dll
2006-09-20 19:11 169,984 --a------ C:\WINDOWS\SYSTEM32\sccbase.dll
2006-09-20 19:11 168,960 --a------ C:\WINDOWS\SYSTEM32\dinput8.dll
2006-09-20 19:11 168,448 --a------ C:\WINDOWS\SYSTEM32\wldap32.dll
2006-09-20 19:11 165,888 --a------ C:\WINDOWS\SYSTEM32\ntmsdba.dll
2006-09-20 19:11 165,376 --a------ C:\WINDOWS\SYSTEM32\w32time.dll
2006-09-20 19:11 165,376 --a------ C:\WINDOWS\SYSTEM32\tapi32.dll
2006-09-20 19:11 165,376 --a------ C:\WINDOWS\SYSTEM32\els.dll
2006-09-20 19:11 164,864 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2006-09-20 19:11 163,840 --a------ C:\WINDOWS\SYSTEM32\mindex.dll
2006-09-20 19:11 162,816 --a------ C:\WINDOWS\SYSTEM32\adsldp.dll
2006-09-20 19:11 16,896 --a------ C:\WINDOWS\SYSTEM32\snmpapi.dll
2006-09-20 19:11 16,384 --a------ C:\WINDOWS\SYSTEM32\watchdog.sys
2006-09-20 19:11 16,384 --a------ C:\WINDOWS\SYSTEM32\ups.exe
2006-09-20 19:11 16,384 --a------ C:\WINDOWS\SYSTEM32\ping.exe
2006-09-20 19:11 16,384 --a------ C:\WINDOWS\SYSTEM32\odbc32gt.dll
2006-09-20 19:11 16,384 --a------ C:\WINDOWS\SYSTEM32\nddenb32.dll
2006-09-20 19:11 16,384 --a------ C:\WINDOWS\SYSTEM32\ds32gt.dll
2006-09-20 19:11 159,232 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2006-09-20 19:11 158,720 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2006-09-20 19:11 158,720 --a------ C:\WINDOWS\SYSTEM32\credui.dll
2006-09-20 19:11 155,648 --a------ C:\WINDOWS\SYSTEM32\ipsecsvc.dll
2006-09-20 19:11 154,112 --a------ C:\WINDOWS\SYSTEM32\netman.dll
2006-09-20 19:11 151,552 --a------ C:\WINDOWS\SYSTEM32\dinput.dll
2006-09-20 19:11 147,456 --a------ C:\WINDOWS\SYSTEM32\odbctrac.dll
2006-09-20 19:11 143,872 --a------ C:\WINDOWS\SYSTEM32\msimtf.dll
2006-09-20 19:11 143,872 --a------ C:\WINDOWS\SYSTEM32\itircl.dll
2006-09-20 19:11 14,848 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2006-09-20 19:11 14,366 --a------ C:\WINDOWS\SYSTEM32\asfsipc.dll
2006-09-20 19:11 139,776 --a------ C:\WINDOWS\SYSTEM32\adsldpc.dll
2006-09-20 19:11 137,216 --a------ C:\WINDOWS\SYSTEM32\ntshrui.dll
2006-09-20 19:11 135,680 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2006-09-20 19:11 135,680 --a------ C:\WINDOWS\SYSTEM32\dsprop.dll
2006-09-20 19:11 134,144 --a------ C:\WINDOWS\SYSTEM32\ipv6mon.dll
2006-09-20 19:11 133,632 --a------ C:\WINDOWS\SYSTEM32\rsaenh.dll
2006-09-20 19:11 133,120 --a------ C:\WINDOWS\SYSTEM32\sfc_os.dll
2006-09-20 19:11 131,072 --a------ C:\WINDOWS\SYSTEM32\msorcl32.dll
2006-09-20 19:11 130,560 --a------ C:\WINDOWS\SYSTEM32\sti_ci.dll
2006-09-20 19:11 13,824 --a------ C:\WINDOWS\SYSTEM32\rassapi.dll
2006-09-20 19:11 13,312 --a------ C:\WINDOWS\SYSTEM32\wship6.dll
2006-09-20 19:11 13,312 --a------ C:\WINDOWS\SYSTEM32\ssstars.scr
2006-09-20 19:11 13,312 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2006-09-20 19:11 128,512 --a------ C:\WINDOWS\SYSTEM32\taskmgr.exe
2006-09-20 19:11 126,976 --a------ C:\WINDOWS\SYSTEM32\msdart.dll
2006-09-20 19:11 126,976 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-09-20 19:11 124,928 --a------ C:\WINDOWS\SYSTEM32\webvw.dll
2006-09-20 19:11 124,928 --a------ C:\WINDOWS\SYSTEM32\dssenh.dll
2006-09-20 19:11 123,904 --a------ C:\WINDOWS\SYSTEM32\imapi.exe
2006-09-20 19:11 122,880 --a------ C:\WINDOWS\SYSTEM32\odbcconf.dll
2006-09-20 19:11 122,368 --a------ C:\WINDOWS\SYSTEM32\itss.dll
2006-09-20 19:11 120,320 --a------ C:\WINDOWS\SYSTEM32\upnp.dll
2006-09-20 19:11 12,800 --a------ C:\WINDOWS\SYSTEM32\runonce.exe
2006-09-20 19:11 12,288 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2006-09-20 19:11 12,288 --a------ C:\WINDOWS\SYSTEM32\odbcp32r.dll
2006-09-20 19:11 12,288 --a------ C:\WINDOWS\SYSTEM32\mscpx32r.dll
2006-09-20 19:11 119,808 --a------ C:\WINDOWS\SYSTEM32\wiadss.dll
2006-09-20 19:11 118,784 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe.dll
2006-09-20 19:11 117,760 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
2006-09-20 19:11 116,736 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2006-09-20 19:11 116,224 --a------ C:\WINDOWS\SYSTEM32\shsvcs.dll
2006-09-20 19:11 115,712 --a------ C:\WINDOWS\SYSTEM32\apphelp.dll
2006-09-20 19:11 115,200 --a------ C:\WINDOWS\SYSTEM32\net1.exe
2006-09-20 19:11 114,176 --a------ C:\WINDOWS\SYSTEM32\input.dll
2006-09-20 19:11 113,664 --a------ C:\WINDOWS\SYSTEM32\msvfw32.dll
2006-09-20 19:11 113,152 --a------ C:\WINDOWS\SYSTEM32\idq.dll
2006-09-20 19:11 113,152 --a------ C:\WINDOWS\SYSTEM32\dfrgui.dll
2006-09-20 19:11 112,128 --a------ C:\WINDOWS\SYSTEM32\ntmarta.dll
2006-09-20 19:11 11,776 --a------ C:\WINDOWS\SYSTEM32\sigtab.dll
2006-09-20 19:11 109,568 --a------ C:\WINDOWS\SYSTEM32\offfilt.dll
2006-09-20 19:11 107,008 --a------ C:\WINDOWS\SYSTEM32\umpnpmgr.dll
2006-09-20 19:11 106,496 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-09-20 19:11 105,984 --a------ C:\WINDOWS\SYSTEM32\netdde.exe
2006-09-20 19:11 103,936 --a------ C:\WINDOWS\SYSTEM32\imm32.dll
2006-09-20 19:11 103,424 --a------ C:\WINDOWS\SYSTEM32\dgnet.dll
2006-09-20 19:11 10,752 --a------ C:\WINDOWS\SYSTEM32\tracert.exe
2006-09-20 19:11 10,752 --a------ C:\WINDOWS\hh.exe
2006-09-20 19:11 10,240 --a------ C:\WINDOWS\SYSTEM32\msrle32.dll
2006-09-20 19:11 10,240 --a------ C:\WINDOWS\SYSTEM32\localui.dll
2006-09-20 19:11 1,622,528 --a------ C:\WINDOWS\SYSTEM32\netshell.dll
2006-09-20 19:11 1,503,262 --a------ C:\WINDOWS\SYSTEM32\msjet40.dll
2006-09-20 19:11 1,349,120 --a------ C:\WINDOWS\SYSTEM32\query.dll
2006-09-20 19:11 1,172,992 --a------ C:\WINDOWS\SYSTEM32\comsvcs.dll
2006-09-20 19:11 1,157,632 --a------ C:\WINDOWS\SYSTEM32\sfcfiles.dll
2006-09-20 19:11 1,128,960 --a------ C:\WINDOWS\SYSTEM32\mmcndmgr.dll
2006-09-20 19:11 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-09-12 22:23 129,816 --a------ C:\890830.exe
2006-08-30 23:47 10,698,768 --a------ C:\sspsetup1_1885167223.exe
2006-08-26 11:32 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2006-08-26 11:32 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2006-08-26 11:32 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2006-08-26 11:32 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-08-26 11:32 158,720 --------- C:\WINDOWS\SYSTEM32\xpob2res.dll
2006-08-26 11:16 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2006-08-26 11:16 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2006-08-26 11:16 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2006-08-26 11:16 18,200 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2006-08-26 11:16 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2006-08-26 11:16 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-25 21:32 -------- d-------- C:\Program Files\Java
2006-09-25 21:31 -------- d-------- C:\Program Files\Common Files\Java
2006-09-25 21:31 -------- d-------- C:\Program Files\Common Files
2006-09-25 20:28 -------- d-------- C:\Program Files\Anti-Spyare
2006-09-23 22:06 -------- d--h----- C:\Documents and Settings\Daniel\Application Data\GTek
2006-09-22 21:50 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-22 21:10 -------- d-------- C:\Program Files\WinZip
2006-09-22 21:08 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-22 21:07 -------- d-------- C:\Program Files\QuickTime
2006-09-22 21:07 -------- d-------- C:\Program Files\Netropa
2006-09-22 21:03 -------- d-------- C:\Program Files\LexmarkX73
2006-09-22 21:02 -------- d-------- C:\Program Files\Internet Explorer
2006-09-22 19:08 -------- d-------- C:\Program Files\CCleaner
2006-09-22 19:07 -------- d-------- C:\Program Files\Yahoo!
2006-09-22 18:48 -------- d-------- C:\Program Files\ItsDeductible2005
2006-09-20 19:12 -------- d-------- C:\Program Files\NetMeeting
2006-09-20 19:12 -------- d-------- C:\Program Files\Movie Maker
2006-09-20 19:12 -------- d-------- C:\Program Files\Messenger
2006-09-20 19:11 -------- d-------- C:\Program Files\Windows Media Player
2006-09-20 19:11 -------- d-------- C:\Program Files\Outlook Express
2006-09-20 19:11 -------- d-------- C:\Program Files\Common Files\System
2006-09-18 21:36 -------- d-------- C:\Program Files\Virtools Web Player 3.5
2006-09-17 13:38 -------- d-------- C:\Documents and Settings\Daniel\Application Data\AVG7
2006-09-17 07:57 -------- d-------- C:\Program Files\Common Files\Softwin
2006-09-16 16:32 -------- d-------- C:\Documents and Settings\Daniel\Application Data\TrojanHunter
2006-09-13 21:10 777472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-09-13 21:10 4288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
2006-09-13 21:10 27904 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-09-13 21:10 23424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfrs.sys
2006-09-13 21:10 -------- d-------- C:\Program Files\Grisoft
2006-09-13 19:20 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-13 19:20 -------- d-------- C:\Program Files\FSI
2006-09-12 22:26 -------- d-------- C:\Program Files\ACW
2006-08-31 20:10 -------- d-------- C:\Program Files\Webroot
2006-08-30 21:55 -------- d-------- C:\Documents and Settings\Daniel\Application Data\Webroot
2006-08-30 19:13 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-26 11:16 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-10 18:47 11648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxscrmbl.sys
2006-08-03 19:33 15360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2006-08-03 19:33 14848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2006-08-03 19:33 13824 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0509.sys
2006-08-03 19:33 117248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"Lexmark X73 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe"
"Lexmark X73 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe"
"Dell|Alert"="\"C:\\Program Files\\Dell\\Support\\Alert\\bin\\DAMon.exe\""
"DellTouch"="C:\\WINDOWS\\MMKeybd.exe"
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Compd Service Drivrs"="codq.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Compd Service Drivrs"="codq.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Compd Service Drivrs"="codq.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Compd Service Drivrs"="codq.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F76B8E3F-72AB-4E96-87FC-778B469BC334}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NetDDEsrv
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Mon 09/25/2006 22:02:37.53
ComboFix.txt



Logfile of HijackThis v1.99.1
Scan saved at 10:05:42 PM, on 9/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Anti-Spyare\HijackThis\Stopit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Dell|Alert] "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6608612653
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/ins ... downde.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
dbabbs
Active Member
 
Posts: 7
Joined: September 16th, 2006, 1:18 pm

reply

Unread postby tim s » September 26th, 2006, 6:51 am

Hi dbabbs
Sorry about link to update Java I will correct it.
Thanks for posting logs.
Microsoft's support for Windows XP SP1 ends October 10, 2006. No Windows Updates will be provided for Windows XP SP1 after that date.
In order to continue receiving Windows Updates, You will need to install SP2.
http://update.microsoft.com/windowsupda ... x?ln=en-us

How is your computer running now?
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Status

Unread postby dbabbs » September 26th, 2006, 9:32 pm

Thanx for your help.

My computer appears to be running normal. I had most browser issues resolved when i first posted with exception of my security settings being changed automatically. This behavior has stopped. I would also see excessive internet activity when I was idle and this has seemed to stop.

Based on the programs I have on my system which AV and spyware programs do you recommend? Is there a single program which is best at dealing with both or are two specialized programs best?

I will continue to monitor the situation and let you know of anything.

Once again thanks so much!
dbabbs
Active Member
 
Posts: 7
Joined: September 16th, 2006, 1:18 pm

reply

Unread postby tim s » September 27th, 2006, 10:26 am

Hi dbabbs

This is my normal post for when you are clear - which you now are - or seem to be.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.
NOW is the time you can start to hit back at the people who infected you.
Image
Please take the time to go and complain - that forum has a topic for your infection which is ................ please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agances that something will get done.


Happy surfin.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby NonSuch » October 1st, 2006, 1:09 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27232
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware