1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Strange rebooting issue (pe386 rootkit)

Discussion in 'Malware and Virus Removal Archive' started by jsmedina, 2006/12/29.

Page 2 of 2
  1. 2006/12/31
    jsmedina

    jsmedina Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    31
    Likes Received:
    0
    There are my three parts of the GMER log. My Vundofix log and HJT logs are exactly the same as before running GMER.
     
    jsmedina,
    #21
  2. 2006/12/31
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, GMER didn't expose anything there.

    I'm concerned that VundoFix didn't see those files, as they are indeed included in the database.

    Lets try a different tool, to see what it finds.

    Download VirtumundoBegone and save it to your desktop.

    Reboot, into safe mode, this way:
    Turn on the computer
    Immediately begin tapping the <F8> key.
    Use the arrow keys to highlight Safe Mode and press the <Enter> key.

    Also, enable the 'Show Hidden Folders' option, like this:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.


    Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

    Exit when it has finished.

    If this does not find anything we'll be using a specialized file deletion tool to get the ones I have seen that need removal.
     
    TeMerc,
    #22


  3. to hide this advert.

  4. 2007/01/01
    jsmedina

    jsmedina Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    31
    Likes Received:
    0
    Here's the log from VBG:


    [01/01/2007, 1:39:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\John S. Medina\Desktop\VirtumundoBeGone.exe" )
    [01/01/2007, 1:39:53] - Detected System Information:
    [01/01/2007, 1:39:53] - Windows Version: 5.1.2600, Service Pack 2
    [01/01/2007, 1:39:53] - Current Username: John S. Medina (Admin)
    [01/01/2007, 1:39:53] - Windows is in SAFE mode with Networking.
    [01/01/2007, 1:39:53] - Searching for Browser Helper Objects:
    [01/01/2007, 1:39:53] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
    [01/01/2007, 1:39:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/01/2007, 1:39:53] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [01/01/2007, 1:39:53] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [01/01/2007, 1:39:53] - Finished Searching Browser Helper Objects
    [01/01/2007, 1:39:53] - Finishing up...
    [01/01/2007, 1:39:53] - Nothing found! Exiting...
     
    jsmedina,
    #23
  5. 2007/01/01
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    OK, lets kill a bunch of files.

    Download the Killbox from here and save it to the desktop.
    • Double-click the KillBox icon on your desktop to open it
    • Select "Delete on Reboot "
    • Then select "All files ".
    Copy the file names below to the clipboard by highlighting them and pressing Control-C:
    C:\WINDOWS\system32\khfgggd.dll
    C:\WINDOWS\system32\unsvchosts.exe
    C:\WINDOWS\system32\wycdd.bak2
    C:\WINDOWS\system32\wycdd.bak1
    C:\WINDOWS\system32\nnnonnm.dll
    C:\WINDOWS\ie7
    C:\WINDOWS\system32\rhttpaa.dll

    Return to Killbox
    • Go to the File menu, and choose "Paste from Clipboard ".
    • Click the red-and-white [Delete File] button.
    • Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.

    Reboot manually, do not allow KB to reboot for you.

    Post new HJT and ComboFix as well, thanks for being patient.
     
    TeMerc,
    #24
  6. 2007/01/01
    jsmedina

    jsmedina Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    31
    Likes Received:
    0
    Here's my ComboFix Log part 1:

    John S. Medina - 07-01-01 5:15:16.68 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\John S. Medina\Desktop "

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))


    2007-01-01 05:07 <DIR> d-------- C:\!KillBox
    2006-12-31 02:50 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
    2006-12-30 03:27 <DIR> d-------- C:\Program Files\ProcessExplorer
    2006-12-30 03:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2006-12-30 03:13 <DIR> d-------- C:\Program Files\Lavasoft
    2006-12-30 03:13 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Lavasoft
    2006-12-30 01:57 <DIR> d-------- C:\WINDOWS\Temporary Internet Files
    2006-12-30 01:57 <DIR> d-------- C:\WINDOWS\Temp
    2006-12-30 01:57 <DIR> d-------- C:\WINDOWS\Recent
    2006-12-30 01:57 <DIR> d-------- C:\WINDOWS\Prefetch
    2006-12-30 01:57 <DIR> d-------- C:\WINDOWS\History
    2006-12-30 01:57 <DIR> d-------- C:\System Volume Information
    2006-12-30 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Recent
    2006-12-30 01:56 <DIR> d-------- C:\Program Files\Softwin
    2006-12-29 13:46 <DIR> d-------- C:\Program Files\HJT
    2006-12-29 05:09 <DIR> d-------- C:\Program Files\Debugging Tools for Windows
    2006-12-29 04:42 <DIR> d-------- C:\Program Files\Support Tools
    2006-12-28 02:09 <DIR> d-------- C:\Program Files\Windows Defender
    2006-12-28 02:05 <DIR> dr-h----- C:\Documents and Settings\John S. Medina\Recent
    2006-12-27 05:18 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Help
    2006-12-27 03:16 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\vlc
    2006-12-27 03:15 <DIR> d-------- C:\Program Files\VideoLAN
    2006-12-26 14:50 <DIR> d-------- C:\WINDOWS\Minidump
    2006-12-24 05:23 930 --a------ C:\WINDOWS\system32\winpfz32.sys
    2006-12-24 05:23 8,464 --a------ C:\WINDOWS\system32\sporder.dll
    2006-12-24 05:17 <DIR> d-------- C:\Program Files\Alcohol Soft
    2006-12-24 05:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2006-12-24 05:14 <DIR> d-------- C:\Program Files\QuickPar
    2006-12-24 05:12 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
    2006-12-24 04:13 <DIR> d-------- C:\Documents and Settings\John S. Medina\DoctorWeb
    2006-12-24 02:43 <DIR> d-------- C:\Program Files\PinMAME
    2006-12-23 05:20 <DIR> dr-h----- C:\$VAULT$.AVG
    2006-12-22 02:17 <DIR> d-------- C:\Program Files\uTorrent
    2006-12-22 02:17 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\uTorrent
    2006-12-22 02:14 <DIR> d-------- C:\Program Files\MESS
    2006-12-22 02:13 <DIR> d-------- C:\Program Files\TorrentZip
    2006-12-22 01:50 <DIR> d-------- C:\Program Files\MAME
    2006-12-20 22:38 36,736 --a------ C:\WINDOWS\system32\drivers\ultra.sys
    2006-12-20 19:17 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Apple Computer
    2006-12-20 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2006-12-20 19:12 <DIR> d-------- C:\Program Files\QuickTime
    2006-12-19 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2006-12-19 20:12 327,168 --a------ C:\WINDOWS\IsUninst.exe
    2006-12-19 19:03 <DIR> d-------- C:\Program Files\Power Grab 2002
    2006-12-19 19:02 <DIR> d-------- C:\Program Files\GoodMerge
    2006-12-19 18:59 <DIR> d-------- C:\Program Files\GoodGUI
    2006-12-19 18:56 <DIR> d-------- C:\Program Files\clrmamepro
    2006-12-19 18:52 <DIR> d-------- C:\Program Files\Adobe
    2006-12-19 18:52 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Adobe
    2006-12-19 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2006-12-19 18:48 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2006-12-19 12:07 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2006-12-19 12:07 <DIR> d-------- C:\Program Files\EA GAMES
    2006-12-19 11:56 10,752 --a------ C:\WINDOWS\system32\BASSMOD.dll
    2006-12-19 11:52 94,080 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
    2006-12-19 11:52 94,080 --a------ C:\Documents and Settings\John S. Medina\Application Data\ezplay.sys
    2006-12-19 11:52 87,608 --a------ C:\Documents and Settings\John S. Medina\Application Data\ezpinst.exe
    2006-12-19 11:52 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2006-12-19 11:52 47,360 --a------ C:\Documents and Settings\John S. Medina\Application Data\pcouffin.sys
    2006-12-19 11:52 <DIR> d-------- C:\Program Files\VSO
    2006-12-19 11:52 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Vso
    2006-12-19 11:44 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
    2006-12-19 11:41 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-12-19 11:41 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-12-19 11:41 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-12-19 11:41 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\AVG7
    2006-12-19 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2006-12-19 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2006-12-19 11:30 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Ahead
    2006-12-19 11:29 <DIR> d-------- C:\Program Files\Nero
    2006-12-19 11:29 <DIR> d-------- C:\Program Files\Common Files\Ahead
    2006-12-19 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2006-12-19 06:05 442,368 --a------ C:\WINDOWS\system32\CapabilityTable.exe
    2006-12-19 06:04 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
    2006-12-19 06:04 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
    2006-12-19 06:04 208,896 --------- C:\WINDOWS\system32\nvuide.exe
    2006-12-19 06:04 109,568 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
    2006-12-19 05:34 <DIR> d-------- C:\WINDOWS\NV23242452.TMP
    2006-12-19 05:30 <DIR> d-------- C:\Program Files\WinRAR
    2006-12-19 05:09 <DIR> d-------- C:\Program Files\eMule
    2006-12-18 02:51 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\OfficeUpdate12
    2006-12-18 02:48 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
    2006-12-18 02:47 <DIR> d-------- C:\Program Files\MSBuild
    2006-12-18 02:47 <DIR> d-------- C:\Program Files\Microsoft.NET
    2006-12-18 02:47 <DIR> d-------- C:\Program Files\Microsoft Works
    2006-12-18 02:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio
    2006-12-18 02:47 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
    2006-12-18 02:45 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2006-12-18 02:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
    2006-12-18 02:44 <DIR> dr-h----- C:\MSOCache
    2006-12-18 02:44 <DIR> d-------- C:\Program Files\Microsoft Office
    2006-12-18 02:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2006-12-18 02:35 <DIR> d-------- C:\Program Files\Microsoft Streets & Trips
    2006-12-18 02:35 <DIR> d-------- C:\Program Files\Microsoft Location Finder
    2006-12-18 02:23 <DIR> d-------- C:\Program Files\RssReader
    2006-12-18 02:14 <DIR> d-------- C:\Program Files\Microsoft Money 2007
    2006-12-18 02:07 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
    2006-12-18 02:07 <DIR> d-------- C:\WINDOWS\system32\windows media
    2006-12-18 01:40 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2006-12-18 01:40 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
    2006-12-18 01:40 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
    2006-12-18 01:40 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2006-12-18 01:40 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
    2006-12-18 01:40 <DIR> d-------- C:\WINDOWS\system32\Futuremark
    2006-12-18 01:30 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2006-12-17 05:53 <DIR> d-------- C:\Program Files\NVIDIA Corporation
    2006-12-17 05:48 <DIR> d-------- C:\Program Files\DIMES
    2006-12-17 05:48 <DIR> d-------- C:\Documents and Settings\John S. Medina\.netgraph
    2006-12-17 05:03 <DIR> d-------- C:\WINDOWS\Sun
    2006-12-17 05:03 <DIR> d-------- C:\Program Files\Java
    2006-12-17 05:03 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Sun
    2006-12-17 05:01 <DIR> d-------- C:\Program Files\Common Files\Java
    2006-12-17 04:50 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
    2006-12-17 04:49 94,208 -ra------ C:\WINDOWS\system32\HPZipt12.dll
    2006-12-17 04:49 65,795 -ra------ C:\WINDOWS\system32\HPZipm12.exe
    2006-12-17 04:49 61,699 -ra------ C:\WINDOWS\system32\HPZinw12.exe
    2006-12-17 04:49 57,344 -ra------ C:\WINDOWS\system32\HPZisn12.dll
    2006-12-17 04:49 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
    2006-12-17 04:49 266,296 -ra------ C:\WINDOWS\system32\HPZidr12.dll
    2006-12-17 04:49 196,608 -ra------ C:\WINDOWS\system32\HPZipr12.dll
    2006-12-17 04:49 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2006-12-17 04:46 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
    2006-12-17 04:46 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
    2006-12-17 04:46 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
    2006-12-17 04:46 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
    2006-12-17 04:46 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
    2006-12-17 04:41 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2006-12-17 04:41 <DIR> d-------- C:\Program Files\BOINC
    2006-12-17 04:40 208,896 --a------ C:\WINDOWS\system32\hpzcoi09.dll
    2006-12-17 04:19 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
    2006-12-17 04:14 <DIR> d-------- C:\WINDOWS\WBEM
    2006-12-17 04:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2006-12-17 04:13 <DIR> d----c--- C:\WINDOWS\ie7
    2006-12-17 04:13 <DIR> d-------- C:\WINDOWS\network diagnostic
    2006-12-17 04:11 <DIR> d-------- C:\WINDOWS\system32\DRM
    2006-12-17 04:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2006-12-17 04:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2006-12-17 04:10 <DIR> d-------- C:\WINDOWS\system32\en-us
    2006-12-17 04:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2006-12-17 04:06 <DIR> d-------- C:\WINDOWS\RegisteredPackages
    2006-12-17 04:04 <DIR> dr--s---- C:\WINDOWS\assembly
    2006-12-17 04:04 <DIR> d-------- C:\WINDOWS\system32\URTTemp
    2006-12-17 04:04 <DIR> d-------- C:\WINDOWS\Microsoft.NET
    2006-12-17 03:58 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
    2006-12-17 03:58 116,736 --------- C:\WINDOWS\system32\aaclient.dll
    2006-12-17 03:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2006-12-17 03:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2006-12-17 03:39 <DIR> d-------- C:\WINDOWS\system32\PreInstall
    2006-12-17 03:36 18,200 --a------ C:\WINDOWS\system32\wups2.dll
    2006-12-17 03:36 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
    2006-12-17 02:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2006-12-17 02:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2006-12-17 02:52 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
    2006-12-17 02:52 <DIR> d-------- C:\WINDOWS\nview
    2006-12-17 02:51 5,756,928 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
    2006-12-17 02:51 5,736,704 --a------ C:\WINDOWS\system32\nv4_disp.dll
    2006-12-17 02:47 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2006-12-17 02:47 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2006-12-17 02:47 <DIR> d-------- C:\Program Files\Grisoft
    2006-12-17 02:43 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Macromedia
    2006-12-17 02:42 <DIR> d--hs---- C:\RECYCLER
    2006-12-17 02:35 <DIR> d--hs---- C:\Documents and Settings\John S. Medina\UserData
    2006-12-17 02:27 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
    2006-12-17 02:27 43,264 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
    2006-12-17 02:27 385,024 -r------- C:\WINDOWS\system32\JMRaidTool.exe
    2006-12-17 02:27 <DIR> d-------- C:\WINDOWS\system32\Lang
    2006-12-17 02:27 <DIR> d-------- C:\WINDOWS\JM
    2006-12-17 02:25 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
    2006-12-17 02:25 86,016 -r------- C:\WINDOWS\SoundMan.exe
    2006-12-17 02:25 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-12-17 02:25 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2006-12-17 02:25 69,632 -r------- C:\WINDOWS\Alcmtr.exe
    2006-12-17 02:25 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-12-17 02:25 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-12-17 02:25 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-12-17 02:25 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-12-17 02:25 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-12-17 02:25 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2006-12-17 02:25 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
    2006-12-17 02:25 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
    2006-12-17 02:25 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
    2006-12-17 02:25 4,279,296 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
    2006-12-17 02:25 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-12-17 02:25 364,544 -r------- C:\WINDOWS\RtlUpd.exe
    2006-12-17 02:25 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-12-17 02:25 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
    2006-12-17 02:25 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
    2006-12-17 02:25 2,158,592 -r------- C:\WINDOWS\MicCal.exe
    2006-12-17 02:25 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-12-17 02:25 16,208,384 -r------- C:\WINDOWS\RTHDCPL.exe
    2006-12-17 02:25 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-12-17 02:25 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
    2006-12-17 02:25 <DIR> d-------- C:\WINDOWS\system32\RTCOM
    2006-12-17 02:25 <DIR> d-------- C:\Program Files\Realtek
    2006-12-17 02:24 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
    2006-12-17 02:24 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-12-17 02:24 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2006-12-17 02:24 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
    2006-12-17 02:24 <DIR> d-------- C:\Program Files\AMD
    2006-12-17 02:23 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2006-12-17 02:23 159,232 --a------ C:\WINDOWS\system32\fdco_l1036.dll
    2006-12-17 02:23 159,232 --a------ C:\WINDOWS\system32\fdco_l1034.dll
    2006-12-17 02:23 159,232 --a------ C:\WINDOWS\system32\fdco_l1031.dll
    2006-12-17 02:23 158,720 --a------ C:\WINDOWS\system32\fdco_l1046.dll
    2006-12-17 02:23 158,720 --a------ C:\WINDOWS\system32\fdco_l1040.dll
    2006-12-17 02:23 156,672 --a------ C:\WINDOWS\system32\fdco_l1042.dll
    2006-12-17 02:23 156,672 --a------ C:\WINDOWS\system32\fdco_l1041.dll
    2006-12-17 02:23 155,648 --a------ C:\WINDOWS\system32\fdco_l1028.dll
    2006-12-17 02:23 155,136 --a------ C:\WINDOWS\system32\fdco_l2052.dll
    2006-12-17 02:23 10,240 --a------ C:\WINDOWS\system32\bdco1ins.dll
    2006-12-17 02:23 <DIR> d-------- C:\WINDOWS\NV10841068.TMP
    2006-12-17 02:23 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2006-12-17 02:18 <DIR> dr-h----- C:\Documents and Settings\John S. Medina\SendTo
    2006-12-17 02:18 <DIR> dr-h----- C:\Documents and Settings\John S. Medina\Application Data\.
    2006-12-17 02:18 <DIR> dr-h----- C:\Documents and Settings\John S. Medina\Application Data
    2006-12-17 02:18 <DIR> dr------- C:\Documents and Settings\John S. Medina\Start Menu
    2006-12-17 02:18 <DIR> dr------- C:\Documents and Settings\John S. Medina\My Documents
    2006-12-17 02:18 <DIR> dr------- C:\Documents and Settings\John S. Medina\Favorites
    2006-12-17 02:18 <DIR> d--hs---- C:\Documents and Settings\John S. Medina\Cookies
    2006-12-17 02:18 <DIR> d--h----- C:\Program Files\Uninstall Information
    2006-12-17 02:18 <DIR> d--h----- C:\Documents and Settings\John S. Medina\Templates
    2006-12-17 02:18 <DIR> d--h----- C:\Documents and Settings\John S. Medina\PrintHood
    2006-12-17 02:18 <DIR> d--h----- C:\Documents and Settings\John S. Medina\NetHood
    2006-12-17 02:18 <DIR> d--h----- C:\Documents and Settings\John S. Medina\Local Settings
    2006-12-17 02:18 <DIR> d---s---- C:\Documents and Settings\John S. Medina\Application Data\Microsoft
    2006-12-17 02:18 <DIR> d-------- C:\Documents and Settings\John S. Medina\Desktop
    2006-12-17 02:18 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\Identities
    2006-12-17 02:18 <DIR> d-------- C:\Documents and Settings\John S. Medina\Application Data\..
    2006-12-17 02:18 <DIR> d-------- C:\Documents and Settings\John S. Medina\..
    2006-12-17 02:18 <DIR> d-------- C:\Documents and Settings\John S. Medina\.
    2006-12-17 02:15 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
    2006-12-17 02:15 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
    2006-12-17 02:13 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-12-17 02:13 0 -rahs---- C:\MSDOS.SYS
    2006-12-17 02:13 0 -rahs---- C:\IO.SYS
    2006-12-17 02:13 0 --a------ C:\CONFIG.SYS
    2006-12-17 02:13 0 --a------ C:\AUTOEXEC.BAT
    2006-12-17 02:13 <DIR> d-------- C:\WINDOWS\system32\xircom
    2006-12-17 02:13 <DIR> d-------- C:\Program Files\xerox
    2006-12-17 02:13 <DIR> d-------- C:\Program Files\microsoft frontpage
    2006-12-17 02:12 <DIR> dr------- C:\WINDOWS\Offline Web Pages
    2006-12-17 02:12 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
    2006-12-17 02:12 <DIR> d--h----- C:\Program Files\WindowsUpdate
    2006-12-17 02:12 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
    2006-12-17 02:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
    2006-12-17 02:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
    2006-12-17 02:11 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-12-17 02:11 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-12-17 02:11 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
    2006-12-17 02:11 41,240 --a------ C:\WINDOWS\system32\wups.dll
    2006-12-17 02:11 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-12-17 02:11 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2006-12-17 02:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-12-17 02:11 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
    2006-12-17 02:11 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2006-12-17 02:11 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-12-17 02:11 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
    2006-12-17 02:11 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-12-17 02:11 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-12-17 02:11 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-12-17 02:11 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-12-17 02:11 <DIR> d---s---- C:\WINDOWS\Tasks
    2006-12-17 02:11 <DIR> d-------- C:\WINDOWS\system32\Macromed
    2006-12-17 02:11 <DIR> d-------- C:\WINDOWS\system32\DirectX
    2006-12-17 02:11 <DIR> d-------- C:\WINDOWS\srchasst
    2006-12-17 02:11 <DIR> d-------- C:\Program Files\Movie Maker
    2006-12-17 02:11 <DIR> d-------- C:\Program Files\Common Files\Services
    2006-12-17 02:11 <DIR> d-------- C:\Program Files\Common Files\MSSoap
    2006-12-17 02:10 81,920 --a------ C:\WINDOWS\system32\isign32.dll
    2006-12-17 02:10 81,920 --a------ C:\WINDOWS\system32\ils.dll
    2006-12-17 02:10 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-12-17 02:10 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-12-17 02:10 69,632 --a------ C:\WINDOWS\system32\msconf.dll
    2006-12-17 02:10 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-12-17 02:10 67,584 --a------ C:\WINDOWS\system32\srclient.dll
    2006-12-17 02:10 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-12-17 02:10 48,128 --a------ C:\WINDOWS\system32\inetres.dll
    2006-12-17 02:10 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-12-17 02:10 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-12-17 02:10 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-12-17 02:10 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-12-17 02:10 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-12-17 02:10 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-12-17 02:10 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-12-17 02:10 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-12-17 02:10 274,944 --a------ C:\WINDOWS\system32\mstask.dll
    2006-12-17 02:10 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-12-17 02:10 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-12-17 02:10 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-12-17 02:10 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-12-17 02:10 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-12-17 02:10 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-12-17 02:10 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-12-17 02:10 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-12-17 02:10 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-12-17 02:10 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-12-17 02:10 <DIR> d-------- C:\WINDOWS\system32\Restore
    2006-12-17 02:10 <DIR> d--------
     
    jsmedina,
    #25
  7. 2007/01/01
    jsmedina

    jsmedina Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    31
    Likes Received:
    0
    and part 2:

    C:\WINDOWS\Registration
    2006-12-17 02:10 <DIR> d-------- C:\Program Files\Outlook Express
    2006-12-17 02:10 <DIR> d-------- C:\Program Files\NetMeeting
    2006-12-17 02:10 <DIR> d-------- C:\Program Files\Internet Explorer
    2006-12-17 02:10 <DIR> d-------- C:\Program Files\ComPlus Applications
    2006-12-17 02:10 <DIR> d-------- C:\Program Files\Common Files\System
    2006-12-17 02:09 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-12-17 02:09 9,728 --a------ C:\WINDOWS\system32\reset.exe
    2006-12-17 02:09 80,384 --a------ C:\WINDOWS\system32\charmap.exe
    2006-12-17 02:09 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-12-17 02:09 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-12-17 02:09 56,832 --a------ C:\WINDOWS\system32\sol.exe
    2006-12-17 02:09 55,296 --a------ C:\WINDOWS\system32\freecell.exe
    2006-12-17 02:09 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-12-17 02:09 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-12-17 02:09 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-12-17 02:09 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-12-17 02:09 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-12-17 02:09 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-12-17 02:09 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-12-17 02:09 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-12-17 02:09 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-12-17 02:09 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-12-17 02:09 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-12-17 02:09 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-12-17 02:09 20,992 --a------ C:\WINDOWS\system32\msg.exe
    2006-12-17 02:09 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-12-17 02:09 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-12-17 02:09 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-12-17 02:09 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-12-17 02:09 16,384 --a------ C:\WINDOWS\system32\tskill.exe
    2006-12-17 02:09 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-12-17 02:09 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-12-17 02:09 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-12-17 02:09 15,360 --a------ C:\WINDOWS\system32\logoff.exe
    2006-12-17 02:09 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-12-17 02:09 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-12-17 02:09 14,848 --a------ C:\WINDOWS\system32\tscon.exe
    2006-12-17 02:09 14,848 --a------ C:\WINDOWS\system32\shadow.exe
    2006-12-17 02:09 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-12-17 02:09 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-12-17 02:09 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-12-17 02:09 114,688 --a------ C:\WINDOWS\system32\calc.exe
    2006-12-17 02:09 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-12-17 02:09 <DIR> d-------- C:\Program Files\Windows Media Player
    2006-12-17 02:09 <DIR> d-------- C:\Program Files\MSN Gaming Zone
    2006-12-17 02:09 <DIR> d-------- C:\Program Files\Messenger
    2006-12-17 02:08 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-12-17 02:08 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-12-17 02:08 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
    2006-12-17 02:08 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-12-17 02:08 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-12-17 02:08 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-12-17 02:08 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
    2006-12-17 02:08 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-12-17 02:08 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-12-17 02:08 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-12-17 02:08 60,416 --a------ C:\WINDOWS\system32\colbact.dll
    2006-12-17 02:08 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-12-17 02:08 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-12-17 02:08 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-12-17 02:08 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-12-17 02:08 540,160 --a------ C:\WINDOWS\system32\comuid.dll
    2006-12-17 02:08 538,624 --a------ C:\WINDOWS\system32\spider.exe
    2006-12-17 02:08 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
    2006-12-17 02:08 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-12-17 02:08 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-12-17 02:08 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2006-12-17 02:08 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-12-17 02:08 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
    2006-12-17 02:08 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-12-17 02:08 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-12-17 02:08 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
    2006-12-17 02:08 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-12-17 02:08 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-12-17 02:08 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-12-17 02:08 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-12-17 02:08 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-12-17 02:08 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-12-17 02:08 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-12-17 02:08 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-12-17 02:08 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-12-17 02:08 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-12-17 02:08 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-12-17 02:08 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-12-17 02:08 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-12-17 02:08 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-12-17 02:08 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-12-17 02:08 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-12-17 02:08 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-12-17 02:08 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-12-17 02:08 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-12-17 02:08 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
    2006-12-17 02:08 <DIR> d-------- C:\WINDOWS\system32\MsDtc
    2006-12-17 02:08 <DIR> d-------- C:\WINDOWS\system32\Com
    2006-12-17 02:08 <DIR> d-------- C:\Program Files\Windows NT
    2006-12-16 21:07 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-12-16 21:06 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-12-16 21:06 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2006-12-16 21:06 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2006-12-16 21:05 74,240 --a------ C:\WINDOWS\system32\usbui.dll
    2006-12-16 21:05 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2006-12-16 21:03 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
    2006-12-16 21:03 9,008 --a------ C:\WINDOWS\system\VER.DLL
    2006-12-16 21:03 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-12-16 21:03 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
    2006-12-16 21:03 8,704 --a------ C:\WINDOWS\system32\batt.dll
    2006-12-16 21:03 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-12-16 21:03 74,752 --a------ C:\WINDOWS\system32\storprop.dll
    2006-12-16 21:03 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-12-16 21:03 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
    2006-12-16 21:03 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
    2006-12-16 21:03 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-12-16 21:03 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-12-16 21:03 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-12-16 21:03 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-12-16 21:03 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-12-16 21:03 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-12-16 21:03 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-12-16 21:03 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-12-16 21:03 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-12-16 21:03 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
    2006-12-16 21:03 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
    2006-12-16 21:03 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
    2006-12-16 21:03 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-12-16 21:03 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
    2006-12-16 21:03 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
    2006-12-16 21:03 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-12-16 21:03 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-12-16 21:03 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-12-16 21:03 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
    2006-12-16 21:03 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-12-16 21:03 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
    2006-12-16 21:03 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
    2006-12-16 21:03 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
    2006-12-16 21:03 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
    2006-12-16 21:03 <DIR> dr------- C:\Program Files\Common Files\..
    2006-12-16 21:03 <DIR> dr------- C:\Program Files\.
    2006-12-16 21:03 <DIR> dr------- C:\Program Files
    2006-12-16 21:03 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
    2006-12-16 21:03 <DIR> dr------- C:\Documents and Settings\All Users\Documents
    2006-12-16 21:03 <DIR> d--hs---- C:\WINDOWS\Installer
    2006-12-16 21:03 <DIR> d--hs---- C:\Program Files\..
    2006-12-16 21:03 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
    2006-12-16 21:03 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2006-12-16 21:03 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
    2006-12-16 21:03 <DIR> d-------- C:\WINDOWS\system32\CatRoot
    2006-12-16 21:03 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
    2006-12-16 21:03 <DIR> d-------- C:\Program Files\Common Files\ODBC
    2006-12-16 21:03 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-12-16 21:03 <DIR> d-------- C:\Program Files\Common Files\.
    2006-12-16 21:03 <DIR> d-------- C:\Program Files\Common Files
    2006-12-16 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
    2006-12-16 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
    2006-12-16 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
    2006-12-16 21:02 <DIR> d-------- C:\Documents and Settings\All Users\..
    2006-12-16 21:02 <DIR> d-------- C:\Documents and Settings\All Users\.
    2006-12-16 21:02 <DIR> d-------- C:\Documents and Settings
    2006-12-16 20:55 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
    2006-12-16 20:55 <DIR> dr--s---- C:\WINDOWS\Fonts
    2006-12-16 20:55 <DIR> dr------- C:\WINDOWS\Web
    2006-12-16 20:55 <DIR> d-a------ C:\WINDOWS\system32\drivers\..
    2006-12-16 20:55 <DIR> d-a------ C:\WINDOWS\system32\.
    2006-12-16 20:55 <DIR> d-a------ C:\WINDOWS\system32
    2006-12-16 20:55 <DIR> d--hs---- C:\WINDOWS\..
    2006-12-16 20:55 <DIR> d--h----- C:\WINDOWS\inf
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\WinSxS
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\twain_32
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\wins
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\wbem
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\usmt
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\spool
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\ShellExt
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\Setup
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\ras
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\oobe
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\npp
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\mui
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\inetsrv
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\IME
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\icsxml
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\ias
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\export
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\drivers\.
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\drivers
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\dhcp
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\config
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\3076
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\2052
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\1054
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\1042
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\1041
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\1037
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\1033
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\1031
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\1028
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\1025
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system32\..
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system\..
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system\.
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\system
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\security
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Resources
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\repair
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Provisioning
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\PeerNet
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\pchealth
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\mui
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\msapps
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\msagent
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Media
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\java
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\ime
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Help
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Driver Cache
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Debug
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Cursors
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Connection Wizard
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\Config
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\AppPatch
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\addins
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS\.
    2006-12-16 20:55 <DIR> d-------- C:\WINDOWS
    2006-12-13 00:27 262,144 --a------ C:\WINDOWS\boinc.scr


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "
    "RssReader "= "C:\\Program Files\\RssReader\\RssReader.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP "
    "KernelFaultCheck "=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion "=dword:00000110
    "DeskHtmlMinorVersion "=dword:00000005
    "Settings "=dword:00000001
    "GeneralFlags "=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "
    "Flags "=dword:00000002
    "Position "=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState "=hex:04,00,00,40
    "OriginalStateInfo "=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,\
    00,00,04,00,00,40
    "RestoredStateInfo "=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE "

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
    "{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "= "Groove GFS Stub Execution Hook "
    "{3FC4CAA7-71B5-44FC-A516-61D2AC9EF30D} "=" "
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091
    "NoRun "=dword:00000000
    "NoClose "=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername "=dword:00000000
    "legalnoticecaption "=" "
    "legalnoticetext "=" "
    "shutdownwithoutlogon "=dword:00000001
    "undockwithoutlogon "=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
    "CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
    "WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
    "SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
    "WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgggd

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY3AL310DBK3.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 07-01-01 5:15:53.96
    C:\ComboFix.txt ... 07-01-01 05:15
     
    jsmedina,
    #26
  8. 2007/01/01
    jsmedina

    jsmedina Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    31
    Likes Received:
    0
    Now, here's my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:18:09 AM, on 1/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RssReader\RssReader.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\boinc.exe
    C:\WINDOWS\system32\javaw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
    O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Startup: DIMES-Agent.lnk = C:\Program Files\DIMES\Agent\DimesDelayedLauncher.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166344555375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166344624046
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: khfgggd - khfgggd.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
    jsmedina,
    #27
  9. 2007/01/02
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    My apologies for not getting back to this thread sooner. I just overlooked it.

    Are you still experiencing problems after those file deletions? Let me know.

    We need to fix a few with HJT, but we'll do so in safe mode this time.

    Reboot, into safe mode, this way:
    Turn on the computer
    Immediately begin tapping the <F8> key.
    Use the arrow keys to highlight Safe Mode and press the <Enter> key.

    Also, enable the 'Show Hidden Folders' option, like this:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

    Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


    O20 - Winlogon Notify: khfgggd - khfgggd.dll (file missing)

    Reboot post a new HJT log back into this thread please.
     
    TeMerc,
    #28
  10. 2007/01/04
    jsmedina

    jsmedina Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    31
    Likes Received:
    0
    Here's my latest HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:18:29 AM, on 1/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RssReader\RssReader.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\boinc.exe
    C:\WINDOWS\system32\javaw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
    O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Startup: DIMES-Agent.lnk = C:\Program Files\DIMES\Agent\DimesDelayedLauncher.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166344555375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166344624046
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Everything seems to be working okay now. Unless you see something else that needs to be removed.
     
    jsmedina,
    #29
  11. 2007/01/04
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    At this point the logs indicate you are clear. However in the interest of persistence, both on my part and the malwares part, I'd like to leave this thread open and have you use the machine for a day or two.

    Drop back a note if everything is ok.
     
    TeMerc,
    #30
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...