There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox google hard drive hardware hijackthis internet laptop logon logs off macro malware microsoft motherboard network networking problem ram recovery router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Another simillar problem (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
coelacanth's Avatar
Computer Specs
Junior Member with 1 posts.
  
Join Date: Feb 2007
Experience: Intermediate
07-Feb-2007, 05:20 AM #1
Another simillar problem
Hi there. I found out recently that one of my colleague's computer is having the same "C:\WINDOWS\system32\DL5EB7~1.EXE" problem as the thread starter. I followed the steps he did with HijackThis log, Vundo and ComboFix . However after i ran VundoFix, the result says the system couldn't detect any vundo. Following is the logs

Logfile of HijackThis v1.99.1
Scan saved at 3:36:53 PM, on 5/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\kernels88.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\dlh9jkd1q7.exe
C:\WINDOWS\System32\services.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels88.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\18222122.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


:: After ComboFix ::

ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dlh9jkd1q1.exe
C:\WINDOWS\system32\dlh9jkd1q2.exe
C:\WINDOWS\system32\dlh9jkd1q5.exe
C:\WINDOWS\system32\dlh9jkd1q6.exe
C:\WINDOWS\system32\dlh9jkd1q7.exe
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\kernels88.exe
C:\WINDOWS\system32\vxg6ame4.exe
C:\WINDOWS\system32\vxga4me1.exe
C:\WINDOWS\system32\vxga5me3.exe
C:\WINDOWS\system32\vxga8me6.exe
C:\WINDOWS\system32\aspi102465.exe
C:\WINDOWS\system32\vxga4me1.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\g32.txt
C:\WINDOWS\s32.txt
C:\WINDOWS\ws386.ini
C:\WINDOWS\trace
C:\Documents and Settings\All Users\Documents\Settings


((((((((((((((((((((((((((((((( Files Created from 2006-04-16 to 2006-05-16 ))))))))))))))))))))))))))))))))))


2006-05-16 15:40 <DIR> d-------- C:\VundoFix Backups
2006-05-16 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2006-05-16 14:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
2006-05-16 13:31 <DIR> d-------- C:\WINDOWS\setup.pss
2006-05-16 09:22 34,069 --a------ C:\WINDOWS\system32\hmklyq32.dll
2006-05-10 02:54 65,568 --a------ C:\WINDOWS\system32\lzx32.sys
2006-05-10 02:54 34,005 --a------ C:\WINDOWS\system32\wxtal32.dll
2006-05-10 02:00 34,005 --a------ C:\WINDOWS\system32\jdyv32.dll
2006-05-10 01:59 8,704 --a------ C:\WINDOWS\system32\lyqmxk.sys
2006-05-10 01:59 8,704 --a------ C:\WINDOWS\system32\eqvtb.sys
2006-05-10 01:59 34,005 --a------ C:\WINDOWS\system32\relmd32.dll
2006-05-10 01:59 34,005 --a------ C:\WINDOWS\system32\lgbye32.dll
2006-05-10 01:59 102,400 --a------ C:\WINDOWS\system32\advvpi32.dll
2006-05-10 01:58 8,302 --a------ C:\syst.exe
2006-05-10 01:58 8,302 --a------ C:\3456346345643.exe
2006-05-06 04:39 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2006-05-03 23:00 <DIR> d--hs---- C:\RECYCLER
2006-05-03 22:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-05-03 22:53 <DIR> d-------- C:\WINDOWS\ShellNew
2006-05-03 22:25 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys
2006-05-03 22:25 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
2006-05-03 21:49 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-05-03 21:43 470,144 --a------ C:\WINDOWS\system32\G200d.dll
2006-05-03 21:43 320,384 --a------ C:\WINDOWS\system32\drivers\G200m.sys
2006-05-03 21:38 <DIR> d--hs---- C:\WINDOWS\Installer
2006-05-03 21:37 237,568 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2006-05-03 21:37 237,568 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2006-05-03 21:37 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2006-05-03 21:37 <DIR> d--hs---- C:\System Volume Information
2006-05-03 21:37 <DIR> d-------- C:\WINDOWS\Prefetch
2006-05-03 21:26 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-05-03 21:26 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-05-03 21:25 237,568 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2006-05-03 21:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-05-03 21:25 0 -rahs---- C:\MSDOS.SYS
2006-05-03 21:25 0 -rahs---- C:\IO.SYS
2006-05-03 21:25 0 --a------ C:\CONFIG.SYS
2006-05-03 21:25 0 --a------ C:\AUTOEXEC.BAT
2006-05-03 21:22 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-05-03 21:22 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2006-05-03 21:22 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-05-03 21:21 <DIR> d-------- C:\WINDOWS\srchasst
2006-05-03 21:20 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-05-03 21:20 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-05-03 21:20 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-05-03 21:20 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-05-03 21:20 179,200 --a------ C:\WINDOWS\system32\qmgr.dll
2006-05-03 21:20 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-05-03 21:20 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-05-03 21:20 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-05-03 21:20 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-05-03 21:20 <DIR> d-------- C:\Program Files\Movie Maker
2006-05-03 21:19 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
2006-05-03 21:19 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-05-03 21:19 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-05-03 21:19 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-05-03 21:19 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-05-03 21:19 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-05-03 21:19 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-05-03 21:19 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-05-03 21:19 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2006-05-03 21:19 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-05-03 21:19 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-05-03 21:19 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-05-03 21:19 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-05-03 21:19 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-05-03 21:19 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-05-03 21:19 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-05-03 21:19 249,856 --a------ C:\WINDOWS\system32\mstask.dll
2006-05-03 21:19 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-05-03 21:19 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-05-03 21:19 218,112 --a------ C:\WINDOWS\system32\srrstr.dll
2006-05-03 21:19 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-05-03 21:19 158,720 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-05-03 21:19 155,136 --a------ C:\WINDOWS\system32\srsvc.dll
2006-05-03 21:19 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-05-03 21:19 <DIR> d---s---- C:\WINDOWS\Tasks
2006-05-03 21:19 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-05-03 21:19 <DIR> d-------- C:\WINDOWS\PCHEALTH
2006-05-03 21:19 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-05-03 21:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2006-05-03 21:17 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-05-03 21:17 <DIR> d-------- C:\WINDOWS\Registration
2006-05-03 21:17 <DIR> d-------- C:\Program Files\Online Services
2006-05-03 21:16 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-05-03 21:16 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-05-03 21:16 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-05-03 21:16 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-05-03 21:16 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-05-03 21:16 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
2006-05-03 21:16 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-05-03 21:16 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-05-03 21:16 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-05-03 21:16 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-05-03 21:16 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-05-03 21:16 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-05-03 21:16 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-05-03 21:16 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-05-03 21:16 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2006-05-03 21:16 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-05-03 21:16 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-05-03 21:16 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-05-03 21:16 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-05-03 21:16 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-05-03 21:16 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-05-03 21:16 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-05-03 21:16 385,536 --a------ C:\WINDOWS\system32\mstsc.exe
2006-05-03 21:16 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-05-03 21:16 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-05-03 21:16 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-05-03 21:16 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-05-03 21:16 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-05-03 21:16 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-05-03 21:16 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-05-03 21:16 197,632 --a------ C:\WINDOWS\system32\termsrv.dll
2006-05-03 21:16 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-05-03 21:16 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-05-03 21:16 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-05-03 21:16 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-05-03 21:16 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-05-03 21:16 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-05-03 21:16 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-05-03 21:16 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-05-03 21:16 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-05-03 21:16 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2006-05-03 21:16 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-05-03 21:16 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-05-03 21:16 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-05-03 21:16 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-05-03 21:16 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-05-03 21:16 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-05-03 21:16 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-05-03 21:16 112,128 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-05-03 21:16 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-05-03 21:16 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-05-03 21:16 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-05-03 21:16 <DIR> d-------- C:\Program Files\Windows NT
2006-05-03 21:16 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-05-03 21:16 <DIR> d-------- C:\Program Files\Messenger
2006-05-03 21:15 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-05-03 21:15 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-05-03 21:15 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-05-03 21:15 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-05-03 21:15 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-05-03 21:15 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-05-03 21:15 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-05-03 21:15 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2006-05-03 21:15 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-05-03 21:15 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-05-03 21:15 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-05-03 21:15 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-05-03 21:15 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-05-03 21:15 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-05-03 21:15 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-05-03 21:15 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-05-03 21:15 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-05-03 21:15 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-05-03 21:15 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-05-03 21:15 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-05-03 21:15 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-05-03 21:15 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-05-03 21:15 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-05-03 21:15 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-05-03 21:15 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-05-03 21:15 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-05-03 21:15 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-05-03 21:15 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-05-03 21:15 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-05-03 21:15 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-05-03 21:15 <DIR> d-------- C:\WINDOWS\system32\Com
2006-05-03 21:14 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-05-03 21:14 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-05-03 14:09 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-05-03 14:09 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-05-03 14:08 9,344 --a------ C:\WINDOWS\system32\drivers\NtApm.sys
2006-05-03 14:08 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-05-03 14:08 6,400 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-05-03 14:08 57,472 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-05-03 14:08 55,808 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-05-03 14:08 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-05-03 14:08 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-05-03 14:08 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-05-03 14:08 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-05-03 14:08 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-05-03 14:08 159,232 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-03 14:08 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-05-03 14:07 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-05-03 14:07 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2006-05-03 14:07 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys
2006-05-03 14:07 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-05-03 14:07 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
2006-05-03 14:07 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
2006-05-03 14:07 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-05-03 14:07 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll
2006-05-03 14:07 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys
2006-05-03 14:07 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2006-05-03 14:07 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys
2006-05-03 14:07 256,512 --a------ C:\WINDOWS\system32\devcon32.dll
2006-05-03 14:07 25,472 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-05-03 14:07 24,064 --a------ C:\WINDOWS\system32\devldr32.exe
2006-05-03 14:07 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-05-03 14:04 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-05-03 14:04 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-05-03 14:04 <DIR> dr------- C:\Program Files
2006-05-03 14:04 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-05-03 14:04 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-05-03 14:03 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-05-03 14:03 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-05-03 14:03 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-05-03 14:03 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-05-03 14:03 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2006-05-03 14:03 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-05-03 14:03 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-05-03 14:03 68,928 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-05-03 14:03 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-05-03 14:03 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-05-03 14:03 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-05-03 14:03 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-05-03 14:03 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-05-03 14:03 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-05-03 14:03 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-05-03 14:03 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-05-03 14:03 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-05-03 14:03 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-05-03 14:03 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-05-03 14:03 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-05-03 14:03 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-05-03 14:03 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-05-03 14:03 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2006-05-03 14:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-05-03 14:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-05-03 14:02 <DIR> d-------- C:\Documents and Settings
2006-05-03 13:55 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-05-03 13:55 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-05-03 13:55 <DIR> dr------- C:\WINDOWS\Web
2006-05-03 13:55 <DIR> d-a------ C:\WINDOWS\system32
2006-05-03 13:55 <DIR> d--h----- C:\WINDOWS\inf
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\WinSxS
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\twain_32
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\wins
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\spool
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ras
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\npp
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\mui
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\IME
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ias
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\export
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\config
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\3076
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\2052
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1054
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1042
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1041
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1037
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1033
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1031
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1028
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1025
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\security
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Resources
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\repair
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\mui
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\msapps
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\msagent
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Media
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\java
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\ime
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Help
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Debug
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Cursors
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Config
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\AppPatch
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\addins
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-05-16 14:57 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\microsoft
2006-05-16 14:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\lavasoft
2006-05-03 21:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\identities
2006-05-03 14:03 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!ewido"="\"E:\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,7 4,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell executehooks]
"System Registry Hook"="{309C96FA-8C40-4bce-879C-989DC33DCD25}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceob jectdelayload]
"CDRecorder030"="{A3BC5E20-0235-1ABF-9CE1-00AA00512030}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk

HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt

HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage

HKLM\SYSTEM\CurrentControlSet\Services\ql1080k

HKLM\SYSTEM\CurrentControlSet\Services\ql12400

HKLM\SYSTEM\CurrentControlSet\Services\RasManp

HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe

HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi

HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD

HKLM\SYSTEM\CurrentControlSet\Services\redbookgr

HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry

HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator

HKLM\SYSTEM\CurrentControlSet\Services\RSVPs

HKLM\SYSTEM\CurrentControlSet\Services\SamSs39

HKLM\SYSTEM\CurrentControlSet\Services\Secdrvle

HKLM\SYSTEM\CurrentControlSet\Services\SENSogon

HKLM\SYSTEM\CurrentControlSet\Services\Serialm

HKLM\SYSTEM\CurrentControlSet\Services\Sfloppye

HKLM\SYSTEM\CurrentControlSet\Services\sfmanpy

HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection

HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr

HKLM\SYSTEM\CurrentControlSet\Services\srooler

HKLM\SYSTEM\CurrentControlSet\Services\Srvervice

HKLM\SYSTEM\CurrentControlSet\Services\stisvcV

HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi

HKLM\SYSTEM\CurrentControlSet\Services\sym_hix

HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog

HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE

HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice

HKLM\SYSTEM\CurrentControlSet\Services\TosIder

HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs

HKLM\SYSTEM\CurrentControlSet\Services\UdfsD

HKLM\SYSTEM\CurrentControlSet\Services\upnphostr

HKLM\SYSTEM\CurrentControlSet\Services\UPSphost

HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee

HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap

HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme

HKLM\SYSTEM\CurrentControlSet\Services\WDICAp

HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt

HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSp

HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 42
hidden files: 0

********************************************************************

Completion time: 06-05-16 15:50:06


Hope you can help. Thanks
cybertech's Avatar
Computer Specs
Moderator with 68,815 posts.
  
Join Date: Apr 2002
Location: Washington State
07-Feb-2007, 12:18 PM #2
Hi Welcome to TSG!!

I've moved you to a thread of your own so please reply here.

You need to go here and install "Service Pack 1" This will patch numerous security holes in IE and Windows. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed. After you get SP1 installed, restart your computer. Come back here and post the new Hijack This log.
__________________
Microsoft MVP/Windows - Consumer Security
Closed Thread Bookmark and Share   techguy.org/542038

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 02:48 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.