|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-24-2007, 12:10 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 9
OS: WinXP SP2
|
I need sleep...
Hi all,
I give up. I have to turn to help of those more knowledgable after attempting all I can with all I have. The original problem lies with Smitfraud-C but what I am now left with is an unremovable rpcss.dll located in System32. I have followed the suggested steps in the sticky as well as running Smitfraudfix, Killbox, Avenger, a tool released by F-secure for rootkit analysis, running a repair console - so I am now one step from a very long download of Knoppix. I would be very greatefull for your help. The log: Logfile of HijackThis v1.99.1 Scan saved at 07:04:51, on 24/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Cacheman\Cacheman.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Omar\LOCALS~1\Temp\Rar$EX00.516\HijackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Cacheman] C:\Program Files\Cacheman\Cacheman.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1169471845514 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ED246D77-3FB0-42AE-A698-010590564626}: NameServer = 212.135.1.36,192.40.1.36 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Thanks again. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-24-2007, 06:38 AM
|
#2 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 9
OS: WinXP SP2
|
Hi guys,
I was just wondering if anyone had any ideas about this at all. Apologies if I seem pushy but I have two reports for my final year to hand in and the net connection has almost been rendered useless because of this :( Please help. |
|
|
|
|
01-24-2007, 07:19 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 9
OS: WinXP SP2
|
Hi again, I thought I'd post up the Combofix output (hope it helps):
"infiknight" - 07-01-24 14:13:13 Service Pack 2 ComboFix 07-01-24.2 - Running from: "C:\Documents and Settings\infiknight\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-24 to 2007-01-24 )))))))))))))))))))))))))))))))))) 2007-01-24 14:12 106 --a------ C:\delete.bat 2007-01-24 13:59 <DIR> d-------- C:\DOCUME~1\infiknight\Application Data\Uniblue 2007-01-24 13:09 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-01-24 13:09 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-01-24 13:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-01-24 13:09 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-01-24 13:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-01-24 13:09 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-01-24 05:41 <DIR> d-------- C:\!KillBox 2007-01-24 05:34 <DIR> d-------- C:\avenger 2007-01-24 04:20 2,172 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-24 04:11 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-01-24 02:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy 2007-01-24 00:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-01-24 00:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems 2007-01-24 00:26 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-01-24 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe 2007-01-24 00:04 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-01-24 00:04 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-01-24 00:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\nView_Profiles 2007-01-23 23:56 991,232 --a------ C:\WINDOWS\system32\virtear.dll 2007-01-23 23:56 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll 2007-01-23 23:56 578,304 --a------ C:\WINDOWS\system32\drivers\smwdm.sys 2007-01-23 23:56 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll 2007-01-23 23:56 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2007-01-23 23:56 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll 2007-01-23 23:56 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe 2007-01-23 23:56 44 --a------ C:\WINDOWS\system32\msssc.dll 2007-01-23 23:56 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll 2007-01-23 23:56 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys 2007-01-23 23:56 380,928 --a------ C:\WINDOWS\SynCor.exe 2007-01-23 23:56 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll 2007-01-23 23:56 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys 2007-01-23 23:56 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll 2007-01-23 23:56 <DIR> d-------- C:\WINDOWS\VirtualEar 2007-01-23 23:56 <DIR> d-------- C:\Program Files\Analog Devices 2007-01-23 23:55 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-01-23 23:55 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-01-23 23:55 <DIR> d-------- C:\WINDOWS\nview 2007-01-23 23:55 <DIR> d-------- C:\NVIDIA 2007-01-23 23:51 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-01-23 23:49 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-01-23 23:48 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-01-23 23:48 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-01-23 23:46 <DIR> dr-h----- C:\MSOCache 2007-01-23 17:39 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll 2007-01-23 17:39 <DIR> d-------- C:\Program Files\Driver-Soft 2007-01-23 17:25 <DIR> d-------- C:\DOCUME~1\infiknight\Application Data\Ahead 2007-01-23 17:23 <DIR> d-------- C:\Program Files\Nero 2007-01-23 17:23 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-01-23 17:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Nero 2007-01-23 17:03 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-01-23 17:03 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2007-01-23 17:03 <DIR> d-------- C:\DOCUME~1\infiknight\Application Data\TuneUp Software 2007-01-23 17:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-01-23 17:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\TuneUp Software 2007-01-23 15:59 <DIR> d-------- C:\Program Files\QuickTime 2007-01-23 15:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer 2007-01-23 15:58 <DIR> d-------- C:\Program Files\Foxit Software 2007-01-23 15:55 691,712 --a------ C:\WINDOWS\system32\wweb32.dll 2007-01-23 15:55 <DIR> d-------- C:\Program Files\WordWeb 2007-01-23 15:50 <DIR> d-------- C:\Program Files\DVD Region+CSS Free 2007-01-23 15:44 96,256 --a------ C:\WINDOWS\system32\drivers\sptd4285.sys 2007-01-23 15:44 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-23 15:32 23,552 --a------ C:\bxaee.exe 2007-01-23 15:29 <DIR> d-------- C:\Program Files\Cacheman 2007-01-23 15:20 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll 2007-01-23 15:20 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-01-23 15:20 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll 2007-01-23 15:20 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll 2007-01-23 15:20 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL 2007-01-23 15:20 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL 2007-01-23 15:20 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL 2007-01-23 15:20 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL 2007-01-23 15:20 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe 2007-01-23 15:20 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-01-23 15:20 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL 2007-01-23 15:20 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL 2007-01-23 15:20 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll 2007-01-23 15:20 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll 2007-01-23 15:20 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL 2007-01-23 15:20 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll 2007-01-23 15:20 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL 2007-01-23 15:20 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL 2007-01-23 15:20 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll 2007-01-23 15:20 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll 2007-01-23 15:20 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll 2007-01-23 15:20 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll 2007-01-23 15:20 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll 2007-01-23 15:20 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll 2007-01-23 15:20 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL 2007-01-23 15:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-01-23 15:20 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2007-01-23 15:20 <DIR> d-------- C:\Program Files\Logitech 2007-01-23 15:20 <DIR> d-------- C:\Program Files\Common Files\Logitech 2007-01-23 15:18 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-01-23 15:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-01-23 15:18 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-01-23 15:17 <DIR> d-------- C:\Program Files\HP 2007-01-23 15:04 <DIR> d-------- C:\Program Files\Real 2007-01-23 15:04 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-01-23 15:04 <DIR> d-------- C:\Program Files\Common Files\Real 2007-01-23 15:03 <DIR> d-------- C:\DOCUME~1\infiknight\Application Data\Real 2007-01-23 15:02 <DIR> d-------- C:\Program Files\XP Codec Pack 2007-01-23 15:01 <DIR> d-------- C:\My Downloads 2007-01-22 20:40 <DIR> d-------- C:\Program Files\Lavasoft 2007-01-22 20:40 <DIR> d-------- C:\DOCUME~1\infiknight\Application Data\Lavasoft 2007-01-22 20:39 34,304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2007-01-22 20:39 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2007-01-22 20:39 <DIR> d-------- C:\Program Files\AntiVir PersonalEdition Classic 2007-01-22 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AntiVir PersonalEdition Classic 2007-01-22 20:37 <DIR> d--hs---- C:\RECYCLER 2007-01-22 20:29 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2007-01-22 20:28 <DIR> d-------- C:\Program Files\Symantec 2007-01-22 20:28 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-01-22 20:02 <DIR> d-------- C:\DOCUME~1\infiknight\Application Data\Azureus 2007-01-22 20:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-01-22 20:00 <DIR> d-------- C:\Program Files\MSN Messenger 2007-01-22 17:03 <DIR> d-------- C:\Program Files\Azureus 2007-01-22 17:00 <DIR> d-------- C:\Program Files\Java 2007-01-22 16:59 <DIR> d-------- C:\Program Files\Common Files\Java 2007-01-22 15:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-01-22 15:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-01-22 15:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-01-22 15:41 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-01-22 15:41 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-01-22 15:41 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-01-22 15:41 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-01-22 15:41 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-01-22 15:41 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-01-22 15:41 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-01-22 15:41 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-01-22 15:41 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-01-22 15:41 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-01-22 15:41 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-01-22 15:41 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-01-22 15:41 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-01-22 15:41 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-01-22 15:40 60,416 --------- C:\WINDOWS\system32\tzchange.exe 2007-01-22 15:40 <DIR> dr--s---- C:\WINDOWS\assembly 2007-01-22 15:40 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-01-22 15:40 <DIR> d-------- C:\WINDOWS\Microsoft.NET 2007-01-22 15:38 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-01-22 15:38 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-01-22 15:38 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-01-22 15:22 <DIR> d--h-c--- C:\WINDOWS\ie7 2007-01-22 15:22 <DIR> d-------- C:\WINDOWS\WBEM 2007-01-22 15:22 <DIR> d-------- C:\WINDOWS\system32\en-US 2007-01-22 15:21 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2007-01-22 15:21 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-01-22 15:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-01-22 15:03 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-01-22 14:59 <DIR> d-------- C:\WINDOWS\Prefetch 2007-01-22 14:52 <DIR> d-------- C:\WINDOWS\provisioning 2007-01-22 14:52 <DIR> d-------- C:\WINDOWS\peernet 2007-01-22 14:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-01-22 14:49 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-01-22 14:49 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-01-22 14:47 <DIR> d-------- C:\WINDOWS\EHome 2007-01-22 14:44 11,776 --------- C:\WINDOWS\system32\spnpinst.exe 2007-01-22 14:30 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-01-22 14:30 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-01-22 14:30 77,312 --a------ C:\WINDOWS\system32\browser.dll 2007-01-22 14:30 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll 2007-01-22 14:30 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-01-22 14:30 614,912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-01-22 14:30 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2007-01-22 14:30 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll 2007-01-22 14:30 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-01-22 14:30 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-01-22 14:30 397,824 --------- C:\WINDOWS\system32\rpcss.dll 2007-01-22 14:30 39,936 --a------ C:\WINDOWS\system32\mf3216.dll 2007-01-22 14:30 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-01-22 14:30 243,200 --a------ C:\WINDOWS\system32\es.dll 2007-01-22 14:30 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-01-22 14:30 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-01-22 14:30 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-01-22 14:30 101,376 --a------ C:\WINDOWS\system32\txflog.dll 2007-01-22 14:30 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll 2007-01-22 14:30 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-01-22 14:28 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-01-22 14:26 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-01-22 14:26 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$ 2007-01-22 14:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage 2007-01-22 14:22 <DIR> d-------- C:\WINDOWS\system32\bits 2007-01-22 13:18 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-01-22 13:18 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-01-22 13:18 438,784 --------- C:\WINDOWS\system32\xpob2res.dll 2007-01-22 13:18 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-01-22 13:18 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-01-22 13:17 465,176 --a------ C:\WINDOWS\system32\wuapi.dll 2007-01-22 13:17 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-01-22 13:17 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-01-22 13:17 18,200 --a------ C:\WINDOWS\system32\wups2.dll 2007-01-22 13:17 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-01-22 13:17 127,256 --a------ C:\WINDOWS\system32\wucltui.dll 2007-01-22 13:17 <DIR> d--hs---- C:\DOCUME~1\infiknight\UserData 2007-01-22 13:17 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-01-22 13:12 <DIR> d--hs---- C:\WINDOWS\Installer 2007-01-22 13:09 <DIR> d--hs---- C:\System Volume Information 2007-01-22 13:06 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-01-22 13:06 0 -rahs---- C:\MSDOS.SYS 2007-01-22 13:06 0 -rahs---- C:\IO.SYS 2007-01-22 13:06 0 --a------ C:\CONFIG.SYS 2007-01-22 13:06 0 --a------ C:\AUTOEXEC.BAT 2007-01-22 13:06 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-01-22 13:06 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-01-22 13:05 <DIR> dr------- C:\WINDOWS\Offline Web Pages 2007-01-22 13:05 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM 2007-01-22 13:05 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-01-22 13:04 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-01-22 13:04 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-01-22 13:04 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-01-22 13:04 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-01-22 13:04 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-01-22 13:04 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-01-22 13:04 <DIR> d-------- C:\WINDOWS\system32\Macromed 2007-01-22 13:04 <DIR> d-------- C:\WINDOWS\system32\DirectX 2007-01-22 13:04 <DIR> d-------- C:\WINDOWS\srchasst 2007-01-22 13:04 <DIR> d-------- C:\Program Files\Movie Maker 2007-01-22 13:03 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-01-22 13:03 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-01-22 13:03 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-01-22 13:03 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-01-22 13:03 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-01-22 13:03 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-01-22 13:03 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-01-22 13:03 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-01-22 13:03 64,512 --a------ C:\WINDOWS\system32\acctres.dll 2007-01-22 13:03 48,128 --a------ C:\WINDOWS\system32\inetres.dll 2007-01-22 13:03 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-01-22 13:03 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-01-22 13:03 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-01-22 13:03 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-01-22 13:03 274,944 --a------ C:\WINDOWS\system32\mstask.dll 2007-01-22 13:03 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-01-22 13:03 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-01-22 13:03 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-01-22 13:03 170,496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-01-22 13:03 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-01-22 13:03 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-01-22 13:03 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-01-22 13:03 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-01-22 13:03 <DIR> d---s---- C:\WINDOWS\Tasks 2007-01-22 13:03 <DIR> d-------- C:\WINDOWS\system32\Restore 2007-01-22 13:03 <DIR> d-------- C:\WINDOWS\PCHEALTH 2007-01-22 13:03 <DIR> d-------- C:\Program Files\Common Files\MSSoap 2007-01-22 13:02 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-01-22 13:02 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-01-22 13:02 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-01-22 13:02 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-01-22 13:02 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-01-22 13:02 343,040 --a------ C:\WINDOWS\system32\mspaint.exe 2007-01-22 13:02 227,840 --a------ C:\WINDOWS\system32\avtapi.dll 2007-01-22 13:02 183,808 --a------ C:\WINDOWS\system32\accwiz.exe 2007-01-22 13:02 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-01-22 13:02 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-01-22 13:02 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-01-22 13:02 123,392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-01-22 13:02 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-01-22 13:02 <DIR> d-------- C:\WINDOWS\Registration 2007-01-22 13:02 <DIR> d-------- C:\Program Files\Windows NT 2007-01-22 13:02 <DIR> d-------- C:\Program Files\Online Services 2007-01-22 13:02 <DIR> d-------- C:\Program Files\MSN Gaming Zone 2007-01-22 13:02 <DIR> d-------- C:\Program Files\Messenger 2007-01-22 13:01 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-01-22 13:01 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-01-22 13:01 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-01-22 13:01 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-01-22 13:01 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-01-22 13:01 80,384 --a------ C:\WINDOWS\system32\charmap.exe 2007-01-22 13:01 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-01-22 13:01 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-01-22 13:01 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-01-22 13:01 600,576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-01-22 13:01 60,416 --a------ C:\WINDOWS\system32\remotepg.dll 2007-01-22 13:01 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-01-22 13:01 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-01-22 13:01 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-01-22 13:01 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-01-22 13:01 56,832 --a------ C:\WINDOWS\system32\sol.exe 2007-01-22 13:01 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-01-22 13:01 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2007-01-22 13:01 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-01-22 13:01 538,624 --a------ C:\WINDOWS\system32\spider.exe 2007-01-22 13:01 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-01-22 13:01 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-01-22 13:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-01-22 13:01 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-01-22 13:01 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-01-22 13:01 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-01-22 13:01 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-01-22 13:01 295,424 --a------ C:\WINDOWS\system32\termsrv.dll 2007-01-22 13:01 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-01-22 13:01 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-01-22 13:01 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-01-22 13:01 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-01-22 13:01 20,992 --a------ C:\WINDOWS\system32\msg.exe 2007-01-22 13:01 20,480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-01-22 13:01 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-01-22 13:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-01-22 13:01 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-01-22 13:01 185,344 --a------ C:\WINDOWS\system32\cmprops.dll 2007-01-22 13:01 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-01-22 13:01 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-01-22 13:01 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-01-22 13:01 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-01-22 13:01 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-01-22 13:01 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-01-22 13:01 15,360 --a------ C:\WINDOWS\system32\logoff.exe 2007-01-22 13:01 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-01-22 13:01 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-01-22 13:01 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-01-22 13:01 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-01-22 13:01 14,848 --a------ C:\WINDOWS\system32\tscon.exe 2007-01-22 13:01 14,848 --a------ C:\WINDOWS\system32\shadow.exe 2007-01-22 13:01 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-01-22 13:01 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-01-22 13:01 126,976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-01-22 13:01 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-01-22 13:01 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-01-22 13:01 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-01-22 13:01 114,688 --a------ C:\WINDOWS\system32\calc.exe 2007-01-22 13:01 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-01-22 13:01 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-01-22 13:01 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-01-22 13:01 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll 2007-01-22 13:01 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-01-22 13:01 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-01-22 13:01 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2007-01-22 13:01 <DIR> d-------- C:\WINDOWS\system32\Com 2007-01-22 12:58 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll 2007-01-22 12:58 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll 2007-01-22 12:58 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll 2007-01-22 12:58 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll 2007-01-22 12:58 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll 2007-01-22 12:58 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll 2007-01-22 12:58 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll 2007-01-22 12:58 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll 2007-01-22 12:58 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll 2007-01-22 12:58 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll 2007-01-22 12:58 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll 2007-01-22 12:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-01-22 12:47 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-01-22 12:47 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-01-22 12:47 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-01-22 12:47 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys 2007-01-22 12:47 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-01-22 12:47 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-01-22 12:46 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-01-22 12:46 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-01-22 12:46 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-01-22 12:46 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-01-22 12:46 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-01-22 12:46 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-01-22 12:46 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-01-22 12:46 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-01-22 12:46 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-01-22 12:46 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-01-22 12:46 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-01-22 12:46 41,088 --a------ C:\WINDOWS\system32\drivers\sisagp.sys 2007-01-22 12:46 <DIR> d-a------ C:\Program Files 2007-01-22 12:46 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines 2007-01-22 12:46 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-01-22 12:45 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-01-22 12:45 9,008 --a------ C:\WINDOWS\system\VER.DLL 2007-01-22 12:45 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-01-22 12:45 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-01-22 12:45 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-01-22 12:45 74,752 --a------ C:\WINDOWS\system32\storprop.dll 2007-01-22 12:45 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-01-22 12:45 69,120 --a------ C:\WINDOWS\notepad.exe 2007-01-22 12:45 68,768 --a------ C:\WINDOWS\system\mmsystem.dll 2007-01-22 12:45 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-01-22 12:45 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-01-22 12:45 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-01-22 12:45 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-01-22 12:45 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-01-22 12:45 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-01-22 12:45 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-01-22 12:45 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-01-22 12:45 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-01-22 12:45 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-01-22 12:45 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-01-22 12:45 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-01-22 12:45 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents 2007-01-22 12:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-01-22 12:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-01-22 12:45 <DIR> d-------- C:\Documents and Settings 2007-01-22 12:40 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache 2007-01-22 12:40 <DIR> dr--s---- C:\WINDOWS\Fonts 2007-01-22 12:40 <DIR> dr------- C:\WINDOWS\Web 2007-01-22 12:40 <DIR> d--h----- C:\WINDOWS\inf 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\WinSxS 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\twain_32 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\wins 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\wbem 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\usmt 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\spool 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\ShellExt 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\Setup 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\ras 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\oobe 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\npp 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\mui 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\inetsrv 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\IME 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\icsxml 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\ias 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\export 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\drivers\etc 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\drivers 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\dhcp 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\config 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\3com_dmi 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\3076 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\2052 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\1054 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\1042 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\1041 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\1037 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\1033 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\1031 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\1028 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32\1025 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system32 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\system 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\security 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\Resources 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\repair 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\mui 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\msapps 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\msagent 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\Media 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\java 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\ime 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\Help 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\Driver Cache 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\Debug 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\Cursors 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\Connection Wizard 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\Config 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\AppPatch 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS\addins 2007-01-22 12:40 <DIR> d-------- C:\WINDOWS (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-24 00:40 -------- d---s---- C:\DOCUME~1\infiknight\Application Data\microsoft 2007-01-22 20:37 -------- d-------- C:\DOCUME~1\infiknight\Application Data\macromedia 2007-01-22 13:12 -------- d-------- C:\DOCUME~1\infiknight\Application Data\identities 2007-01-22 12:45 62 --ahs---- C:\DOCUME~1\infiknight\Application Data\desktop.ini 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-02 16:10 80912 --a------ C:\WINDOWS\system32\sherlock2.exe 2006-10-28 18:10 16384 --a------ C:\WINDOWS\system32\ac3config.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Cacheman"="C:\\Program Files\\Cacheman\\Cacheman.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "C-Media Mixer"="Mixer.exe /startup" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "nwiz"="nwiz.exe /install" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Click Maintenance.job Completion time: 07-01-24 14:14:23 |
|
|
|
|
01-24-2007, 07:38 AM
|
#4 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,038
OS: WinXP and Vista
|
Hello infiknight and welcome,
Quote:
I need to see the report generated by SmitfraudFix. You'll find it at C:\rapport.txt I'd also like to see what files you 'Killed' with Killbox as well as what entries you used Avenger on. Launch Killbox>File>Logs>Actions History Log and post the contents here. Launch Avenger>File>Open log file and post the contents here. |
|
|
|
|
|
01-24-2007, 08:59 AM
|
#5 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 9
OS: WinXP SP2
|
Hi,
Thank you so much for getting back to me :) It seems as though my Avenger log is empty. Not sure what exactly happened there but the only command I have issued was for 'File delete' of c:\windows\system32\rpcss.dll I have also added a log from RootkitRevealer if its any help. Here's the requested info for Killbox: Pocket Killbox version 2.0.0.881 Running on Windows XP as infiknight(Administrator) was started @ Wednesday, January 24, 2007, 5:41 AM # 1 [Replace on Delete] Path = C:\WINDOWS\system32\rpcc.dll *Replaced with C:\Documents and Settings\infiknight\Local Settings\Temp\kbdummy.0 I Rebooted @ 5:43:16 AM Killbox Closed(Exit) @ 5:43:16 AM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as infiknight(Administrator) was started @ Wednesday, January 24, 2007, 5:47 AM # 1 [Files to Delete] Path = C:\WINDOWS\system32\rpcc.dll *File Was Deleted # 2 [Files to Delete] Path = C:\WINDOWS\system32\rpcss.dll *This File could not be Deleted Pocket Killbox version 2.0.0.881 Running on Windows XP as infiknight(Administrator) was started @ Wednesday, January 24, 2007, 5:50 AM # 1 [Files to Delete] Path = C:\WINDOWS\system32\rpcss.dll *This File could not be Deleted # 2 [Files to Delete] Path = C:\WINDOWS\system32\rpcss.dll *This File could not be Deleted Killbox Closed(Exit) @ 5:52:37 AM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as infiknight(Administrator) was started @ Wednesday, January 24, 2007, 1:05 PM # 1 [Files to Delete] Path = C:\WINDOWS\system32\rpcss.dll *This File could not be Deleted # 2 [Delete on Reboot] Path = C:\WINDOWS\system32\rpcss.dll *This File could not be Deleted Killbox Closed(Exit) @ 1:07:14 PM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as infiknight(Administrator) was started @ Wednesday, January 24, 2007, 2:05 PM # 1 [Files to Delete] Path = C:\WINDOWS\system32\rpcss.dll *This File could not be Deleted Killbox Closed(Exit) @ 2  42 PM__________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as infiknight(Administrator) was started @ Wednesday, January 24, 2007, 3:54 PM Log from RootkitRevealer: HKU\.DEFAULT\Control Panel\International 24/01/2007 14:14 0 bytes Security mismatch. HKU\.DEFAULT\Control Panel\International\Geo 24/01/2007 14:14 0 bytes Security mismatch. HKU\S-1-5-21-1957994488-1715567821-839522115-1003\Control Panel\International 24/01/2007 14:14 0 bytes Security mismatch. HKU\S-1-5-21-1957994488-1715567821-839522115-1003\Control Panel\International\Geo 24/01/2007 14:14 0 bytes Security mismatch. HKU\S-1-5-21-1957994488-1715567821-839522115-1003\Software\Microsoft\Command Processor 24/01/2007 14:43 0 bytes Security mismatch. HKU\S-1-5-18\Control Panel\International 24/01/2007 14:14 0 bytes Security mismatch. HKU\S-1-5-18\Control Panel\International\Geo 24/01/2007 14:14 0 bytes Security mismatch. HKLM\SECURITY\Policy\Secrets\SAC* 22/01/2007 14:42 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 22/01/2007 14:42 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Command Processor 24/01/2007 14:14 0 bytes Security mismatch. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 24/01/2007 00:18 0 bytes Access is denied. C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\45e786f0.qua 24/01/2007 16:18 30.92 KB Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED\4622873c.qua 24/01/2007 16:18 761.32 KB Visible in directory index, but not Windows API or MFT. C:\System Volume Information\_restore{AE50F793-F1BA-401B-8F5E-0B045A96DD03}\RP2\A0000041.dll 23/01/2007 15:32 30.50 KB Visible in Windows API, but not in MFT or directory index. C:\System Volume Information\_restore{AE50F793-F1BA-401B-8F5E-0B045A96DD03}\RP2\A0000200.dll 18/08/2006 07:46 761.00 KB Visible in directory index, but not Windows API or MFT. C:\WINDOWS\system32\ActiveScan\pskavs.dll 18/08/2006 07:46 761.00 KB Visible in Windows API, MFT, but not in directory index. Last edited by infiknight; 01-24-2007 at 09:28 AM. |
|
|
|
|
01-24-2007, 09:34 AM
|
#6 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 9
OS: WinXP SP2
|
Forgot the smitfraudfix log:
SmitFraudFix v2.133 Scan done at 13:07:29.04, 24/01/2007 Run from C:\Documents and Settings\infiknight\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\infiknight »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\infiknight\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\infiknight\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
01-24-2007, 10:45 AM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,038
OS: WinXP and Vista
|
You seemed to have gone after the infection a bit too agressively. Is it possible for you to do a System Restore back to the point just before you began all your fixing? If so, we can then clean the system properly.
Click Start>All Programs>Accessories>System Tools
If you were successful: Please download SmitfraudFix (by S!Ri) again and save it to your Desktop. Do not do anything with it yet!  Please run a new scan with HijackThis and post that log here. |
|
|
|
|
01-24-2007, 11:55 AM
|
#8 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 9
OS: WinXP SP2
|
lol It seems as though I may have. The restore point does not go that far back but I am posting the HJT log in hope that there's something to work with.
I've also noticed that when the firewall is up there seems to be a constant ping (or something else) being sent at my IP. Logfile of HijackThis v1.99.1 Scan saved at 18:52:42, on 24/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Omar\Desktop\**** tools\HijackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1169471845514 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ED246D77-3FB0-42AE-A698-010590564626}: NameServer = 212.135.1.36,192.40.1.36 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Thanks in advance Last edited by infiknight; 01-24-2007 at 12:01 PM. |
|
|
|
|
01-24-2007, 12:03 PM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,038
OS: WinXP and Vista
|
There's nothing here nor in the ComboFix.txt to work with. At this point I'm not sure if you're renaming rpcss.dll is affecting your internet connection, or if there is still malware lurking about.
You did mention you still have rpcss.dll in the system32 folder, correct? What exactly are your remaining issues? See if you can run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan Post those results here. |
|
|
|
|
01-24-2007, 01:24 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 9
OS: WinXP SP2
|
Hi,
Pandascan didn't bring back anything although the last time I did there were 3 rootkit errors. I haven't done anything since then so I'm not sure whats going on o_O The remaining issue is that there is a constant connection occupying all bandwidth. netstat -b shows that only the avira antivirus guard is listening or making a connection. Should I reinstall XP? I really wish not to as I have such a close deadline :( |
|
|
|
|
01-24-2007, 05:15 PM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,038
OS: WinXP and Vista
|
Hi,
I realize you did need to get this working properly quickly and I'm sorry I wasn't online to advise you earlier as I had a few more ideas for you.  I certainly commend your efforts and initiative in trying to clean the system yourself, but as you've found--it can be tricky. Should you find yourself infected in the future, please post a HijackThis log with us first and let one of us assist you in the removal. When you get the chance, to help protect your computer in the future I recommend that you get the following free programs if you do not already have them: Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Download Spyware Guard to catch and block spyware before it can execute. Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Follow this list and your potential for being infected again will reduce dramatically. Get some rest. 
|
|
|
|
|
01-26-2007, 10:03 PM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,038
OS: WinXP and Vista
|
Thanks. If you should run into any 'trouble' in the future, just post a HijackThis log here so we can guide you before you do any fixing on your own.
|
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
