Help - Search - Members - Calendar
Full Version: I Think Something Is Suss. Couple Of Pop-ups Happening.
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
mattshilo
May 25 2007, 02:33 AM
This is after a complete clean install of windows XP. Computer was starting to get sluggy after about 2 years without a clean OS install.

All went well for the first few days then the dreaded malware and pop-ups started appearing. Can anyone help please.

I am running SpyDoctor but have installed Adaware and run a hijack log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:28:35 AM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7FB6297A-4D96-4A5D-87AF-DE48B2EB5ECE} - C:\WINDOWS\system32\xxyyvsr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {AFD5336E-6407-49CD-929F-3FD4B312A17D} - C:\WINDOWS\system32\wvwtu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\pejelqva.dll",realset
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179504421969
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179505440748
O17 - HKLM\System\CCS\Services\Tcpip\..\{060C4EFC-819E-4403-9C82-0D0022A4EE06}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{060C4EFC-819E-4403-9C82-0D0022A4EE06}: Domain = vic.bigpond.net.au
O20 - Winlogon Notify: wvwtu - C:\WINDOWS\system32\wvwtu.dll
O20 - Winlogon Notify: xxyyvsr - C:\WINDOWS\SYSTEM32\xxyyvsr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Matt\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 7080 bytes
miekiemoes
May 25 2007, 11:48 AM
Hello,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
mattshilo
May 25 2007, 01:52 PM
cheers mate.. will do.

stay tuned.
miekiemoes
May 25 2007, 01:54 PM
Ok, read your logs afterwards. Don't forget to post them, since they are important, even though your problem looks fixed.
mattshilo
May 25 2007, 02:20 PM
ok here goes. i've played with a few thing during the day so i hope its' all good.



"Matt" - 2007-05-25 23:00:30 Service Pack 2
ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\Matt\Desktop\downloaded content\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pejelqva.dll
C:\WINDOWS\system32\avqlejep.ini
C:\WINDOWS\system32\utwvw.bak1
C:\WINDOWS\system32\utwvw.bak2
C:\WINDOWS\system32\utwvw.ini
C:\WINDOWS\system32\utwvw.ini2
C:\WINDOWS\system32\utwvw.tmp
C:\WINDOWS\system32\utwvw.bak1
C:\WINDOWS\system32\utwvw.bak2
C:\WINDOWS\system32\utwvw.ini
C:\WINDOWS\system32\utwvw.ini2
C:\WINDOWS\system32\utwvw.tmp
C:\WINDOWS\system32\utwvw.bak1
C:\WINDOWS\system32\utwvw.bak2
C:\WINDOWS\system32\utwvw.ini
C:\WINDOWS\system32\utwvw.ini2
C:\WINDOWS\system32\utwvw.tmp
C:\WINDOWS\system32\wvwtu.dll
C:\WINDOWS\system32\xxyyvsr.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))


2007-05-25 20:54 <DIR> d-------- C:\Deckard
2007-05-25 20:39 21,312 --a------ C:\WINDOWS\choice.exe
2007-05-25 18:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-25 11:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-25 11:21 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Lavasoft
2007-05-25 11:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-23 20:30 <DIR> d-------- C:\Program Files\CoolMon 2
2007-05-23 19:18 49,664 --a------ C:\WINDOWS\system32\isxdl.dll
2007-05-23 18:40 <DIR> d-------- C:\DOCUME~1\Shilo\APPLIC~1\Talkback
2007-05-23 11:19 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-05-23 11:19 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-23 11:19 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-05-23 11:19 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-05-23 11:19 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-05-23 11:19 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-05-23 11:19 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-05-23 11:19 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\PC Tools
2007-05-23 10:00 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-21 22:05 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Uniblue
2007-05-21 19:59 1,416 --a------ C:\WINDOWS\mozver.dat
2007-05-21 19:57 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\uTorrent
2007-05-21 16:44 <DIR> d--h----- C:\WINDOWS\PIF
2007-05-21 15:13 <DIR> d-------- C:\Program Files\MSBuild
2007-05-21 15:05 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-05-21 15:03 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-05-21 15:02 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-05-21 15:00 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-21 14:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-21 14:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-21 14:42 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-05-20 20:53 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-05-20 20:53 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-05-20 20:53 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-05-20 19:21 <DIR> d-------- C:\DOCUME~1\Shilo\APPLIC~1\Google
2007-05-20 15:04 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Ahead
2007-05-20 15:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-20 14:58 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-20 13:41 <DIR> d-------- C:\WINDOWS\pss
2007-05-20 13:14 <DIR> d-------- C:\DOCUME~1\Shilo\Contacts
2007-05-20 13:12 <DIR> d-------- C:\DOCUME~1\Matt\Contacts
2007-05-20 13:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-20 13:11 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-20 12:41 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Talkback
2007-05-20 12:40 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-20 12:38 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Google
2007-05-20 12:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-05-20 12:34 <DIR> d-------- C:\Program Files\Google
2007-05-20 12:30 <DIR> d-------- C:\Program Files\CCleaner
2007-05-20 12:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-20 11:30 <DIR> d-------- C:\Program Files\Microsoft Works
2007-05-20 11:23 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-20 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-05-20 11:19 <DIR> dr-h----- C:\MSOCache
2007-05-20 10:19 1,572,864 --a------ C:\DOCUME~1\Shilo\NTUSER.DAT
2007-05-20 10:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
2007-05-20 09:58 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-05-20 09:58 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-05-20 09:57 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-05-20 09:57 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-05-20 09:57 <DIR> d-------- C:\Program Files\Acronis
2007-05-20 09:51 <DIR> d-------- C:\Program Files\WinAce
2007-05-19 12:31 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-19 12:31 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-05-19 12:31 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-19 12:31 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-19 12:31 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-19 12:31 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-05-19 12:31 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-05-19 12:31 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-05-19 12:31 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-19 12:31 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-19 12:31 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-19 12:30 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-05-19 12:30 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-05-19 12:30 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-19 12:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-19 12:30 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-05-19 12:30 26,624 --a------ C:\WINDOWS\system32\drivers\alifir.sys
2007-05-19 12:30 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-19 12:30 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-05-19 12:30 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-05-19 12:29 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-19 12:29 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-19 12:29 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-05-19 12:29 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-19 12:29 231,552 --a------ C:\WINDOWS\system32\drivers\ac97ali.sys
2007-05-19 12:29 16,074 --a------ C:\WINDOWS\system32\drivers\FA312nd5.sys
2007-05-19 12:29 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-19 12:28 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-05-19 12:28 14,080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2007-05-19 12:28 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-05-19 12:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-19 12:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-19 12:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-19 12:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-19 12:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-19 12:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-19 12:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-19 12:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-19 12:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-19 12:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-19 12:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-19 12:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-19 12:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-19 12:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-19 12:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-19 12:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-19 12:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-19 12:27 <DIR> dr------- C:\Program Files
2007-05-19 12:27 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-19 12:27 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-19 12:26 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-19 12:26 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-05-19 12:26 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-19 12:26 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-19 12:26 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-19 12:26 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-19 12:26 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-05-19 12:26 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-19 12:26 69,120 --a------ C:\WINDOWS\notepad.exe
2007-05-19 12:26 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-05-19 12:26 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-19 12:26 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-05-19 12:26 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-05-19 12:26 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-19 12:26 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-19 12:26 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-19 12:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-19 12:26 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-19 12:26 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-19 12:26 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-19 12:26 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-19 12:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-19 12:26 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-19 12:26 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-19 12:26 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-19 12:26 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-19 12:26 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-05-19 12:26 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-19 12:26 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-19 12:25 <DIR> d-------- C:\Documents and Settings
2007-05-19 12:19 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-19 12:19 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-19 12:19 <DIR> dr------- C:\WINDOWS\Web
2007-05-19 12:19 <DIR> d--h----- C:\WINDOWS\inf
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system32
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\system
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\security
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\Resources
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\repair
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\mui
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\msapps
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\msagent
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\Media
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\ime
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\Help
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\Debug
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\Config
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS\addins
2007-05-19 12:19 <DIR> d-------- C:\WINDOWS
2007-05-19 09:46 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-19 09:46 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-19 08:47 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-05-19 08:45 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-05-19 08:17 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-19 08:12 <DIR> d-------- C:\Program Files\CONEXANT
2007-05-19 08:08 <DIR> d-------- C:\Program Files\Synaptics
2007-05-19 08:06 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-05-19 08:06 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-05-19 08:06 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-05-19 08:06 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-05-19 08:06 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-05-19 07:15 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-19 06:38 <DIR> d-------- C:\WINDOWS\provisioning
2007-05-19 06:38 <DIR> d-------- C:\WINDOWS\peernet
2007-05-19 06:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-05-19 06:30 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-19 06:26 <DIR> d-------- C:\WINDOWS\EHome
2007-05-19 05:03 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-05-19 05:03 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-05-19 03:03 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-05-19 03:03 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-05-19 03:03 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-05-19 03:03 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-05-19 03:03 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-05-19 02:31 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-19 02:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-19 02:16 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-19 02:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-19 02:16 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-19 02:15 <DIR> d-------- C:\WINDOWS\system32\bits
2007-05-19 02:12 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-05-19 02:12 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-05-19 02:12 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-05-19 02:12 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-19 02:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-19 02:08 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-19 02:08 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-05-19 02:08 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-19 02:08 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-19 02:08 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-19 02:08 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-19 02:07 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-19 02:06 <DIR> d--hs---- C:\DOCUME~1\Matt\UserData
2007-05-19 02:05 <DIR> d-------- C:\Program Files\Telstra
2007-05-19 02:05 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\BigPond
2007-05-19 02:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigPond
2007-05-19 01:59 <DIR> d--hs---- C:\RECYCLER
2007-05-19 01:54 2,883,584 --a------ C:\DOCUME~1\Matt\NTUSER.DAT
2007-05-19 01:54 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-19 01:51 765,952 --a------ C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-19 01:51 765,952 --a------ C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-19 01:51 <DIR> d--hs---- C:\System Volume Information
2007-05-19 01:47 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-19 01:47 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-19 01:47 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-19 01:46 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-19 01:46 0 -rahs---- C:\MSDOS.SYS
2007-05-19 01:46 0 -rahs---- C:\IO.SYS
2007-05-19 01:46 0 --a------ C:\CONFIG.SYS
2007-05-19 01:46 0 --a------ C:\AUTOEXEC.BAT
2007-05-19 01:45 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-19 01:45 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-19 01:45 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-19 01:44 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-19 01:43 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-19 01:43 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-19 01:43 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-19 01:43 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-19 01:43 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-19 01:43 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-19 01:43 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-19 01:43 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-19 01:43 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-19 01:43 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-19 01:43 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-19 01:43 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-19 01:43 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-19 01:43 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-19 01:43 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-19 01:43 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-19 01:43 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-19 01:43 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-19 01:43 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-19 01:43 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-19 01:43 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-19 01:43 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-19 01:43 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-19 01:43 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-19 01:43 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-19 01:43 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-19 01:43 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-19 01:43 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-19 01:43 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-19 01:43 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-19 01:43 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-19 01:43 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-19 01:43 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-19 01:43 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-19 01:43 <DIR> d-------- C:\WINDOWS\PCHealth
2007-05-19 01:43 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-19 01:43 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-19 01:42 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-19 01:42 <DIR> d-------- C:\WINDOWS\Registration
2007-05-19 01:41 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-19 01:41 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-19 01:41 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-19 01:41 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-19 01:41 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-19 01:41 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-19 01:41 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-19 01:41 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-19 01:41 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-19 01:41 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-19 01:41 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-19 01:41 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-19 01:41 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-19 01:41 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-19 01:41 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-19 01:41 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-19 01:41 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-05-19 01:41 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-19 01:41 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-19 01:41 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-19 01:41 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-19 01:41 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-19 01:41 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-19 01:41 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-19 01:41 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-19 01:41 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-19 01:41 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-19 01:41 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-19 01:41 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-19 01:41 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-19 01:41 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-19 01:41 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-19 01:41 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-05-19 01:41 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-19 01:41 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-19 01:41 <DIR> d-------- C:\Program Files\Online Services
2007-05-19 01:41 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-19 01:41 <DIR> d-------- C:\Program Files\Messenger
2007-05-19 01:40 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-19 01:40 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-19 01:40 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-19 01:40 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-19 01:40 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-19 01:40 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-19 01:40 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-19 01:40 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-19 01:40 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-19 01:40 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-19 01:40 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-19 01:40 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-19 01:40 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-19 01:40 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-19 01:40 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-19 01:40 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-19 01:40 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-19 01:40 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-19 01:40 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-19 01:40 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-19 01:40 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-19 01:40 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-19 01:40 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-19 01:40 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-19 01:40 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-19 01:40 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-19 01:40 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-19 01:40 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-19 01:40 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-19 01:40 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-19 01:40 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-19 01:40 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-19 01:40 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-19 01:40 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-19 01:40 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-19 01:40 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-19 01:40 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-19 01:40 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-19 01:40 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-19 01:40 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-19 01:40 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-19 01:40 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-19 01:40 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-19 01:40 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-19 01:40 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-19 01:40 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-19 01:40 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-19 01:40 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-19 01:40 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-19 01:40 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-22 20:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-22 20:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 10:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-16 08:50:06 14,368 ----a-w C:\WINDOWS\system32\relog_ap.dll
2007-02-14 09:14:42 17,440 ----a-w C:\WINDOWS\system32\acrotls.dll
2007-02-14 09:01:14 206,368 ----a-w C:\WINDOWS\system32\snapapi.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-05-20 12:38]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-20 12:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 18:08]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-19 09:45]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 18:45]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 18:57]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 18:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 12:34]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

*Newly Created Service* -HTTPFILTER

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 23:07:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-25 23:10:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 23:09

--- E O F ---


Hijack this log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:19:25 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179504421969
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179505440748
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{060C4EFC-819E-4403-9C82-0D0022A4EE06}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{060C4EFC-819E-4403-9C82-0D0022A4EE06}: Domain = vic.bigpond.net.au
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Matt\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6979 bytes


I was running spyware doctor but have disabled it to run adaware SE.

AVG was picking up two trojan's.
- Trojan horse Generic4.OUN
- Trojan horse Collected.11.B

Thanks for helping. Not that computer savvy.....yet..
miekiemoes
May 25 2007, 02:46 PM
Hi,

Check and fix next leftover in HijackThis:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Let AVG Delete what it detected.
The rest of your logs look clean. Let me know in your next reply how things are running now, if popups are gone.
mattshilo
May 26 2007, 04:32 AM
I seem to be running ok at the moment. Avg healed and moved Trojan's to virus vault.

current hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:19:18 AM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis_v2.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179504421969
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179505440748
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{060C4EFC-819E-4403-9C82-0D0022A4EE06}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{060C4EFC-819E-4403-9C82-0D0022A4EE06}: Domain = vic.bigpond.net.au
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Matt\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6871 bytes


I have a couple of reg entries where files are "missing".(see bold txt) should these be fixed as well??
mattshilo
May 26 2007, 09:24 AM
update...

please ignore this...

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

seems to have been fixed.

current hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:22:14 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179504421969
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179505440748
O17 - HKLM\System\CCS\Services\Tcpip\..\{060C4EFC-819E-4403-9C82-0D0022A4EE06}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{060C4EFC-819E-4403-9C82-0D0022A4EE06}: Domain = vic.bigpond.net.au
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Matt\LOCALS~1\Temp\hpdj.exe (file missing)

--
End of file - 5555 bytes


still seem to be getting this entry....

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Matt\LOCALS~1\Temp\hpdj.exe (file missing)


any comments..

I'm trying to learn as i go so i may seem like an amateur.. just bear with me..
miekiemoes
May 26 2007, 12:29 PM
Hi,

Yes, you may fix that entry although it's not malicious:

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Matt\LOCALS~1\Temp\hpdj.exe (file missing)

Actually, it will be better if you go to start > run and copy and paste next command in the field:

sc delete hpdj

Then hit enter.
This will delete the service from the registry, because when you fix it in HijackThis, it will only disable the service, not delete it.

The rest looks ok.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
mattshilo
May 26 2007, 02:12 PM
cheers. thanks heaps. Reading through links now.

matt
miekiemoes
May 26 2007, 06:29 PM
You're most welcome smile.gif
miekiemoes
May 28 2007, 08:22 PM
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.