WOW Keylogger Worry (Shouldn't take long)

Matarael · 08:07 AM

So, my GF clicked on a known keylogger site.

The day after I'd formatted her computer too ---- ARRRRGH.

Nothing is coming up as detecting for me with.. well, anything and I've hit it with everything I know.

So..... can someone have a look at this hijack this for me and tell me if it looks clean?

She uses firefox and I'm wondering if that stopped anything from happening, but... eh.

Just want to eliminate a worry. lot of time and effort into that account

Thanks. You guys rock.

-Mat

The info:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:54:11 AM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Benjamin Brown\Desktop\HiJackThis_v2.exe
C:\WINDOWS\SoftwareDistribution\Download\cb2769f3b1daf367a31ed046299a3790\u pdate\update.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5a8f8fbc07424160956c896aed9422fb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5a8f8fbc07424160956c896aed9422fb
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1179902692015
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

Not much is installed ATM, so should be pretty fast to pick through.

Thanks again!

-Ben

Matarael · 24-May-2007, 08:05 AM #2

and some hot combofix action for those who like it that way.

"Benjamin Brown" - 2007-05-24 8:04:09 Service Pack 2
ComboFix 07-05.24.4.V - Running from: "C:\Documents and Settings\Benjamin Brown\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))

2007-05-24 07:50 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-24 07:50 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-05-24 07:50 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-24 07:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-05-24 07:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-24 07:10 <DIR> d-------- C:\Program Files\KeyScrambler
2007-05-24 07:09 <DIR> d-------- C:\DOCUME~1\BENJAM~1\APPLIC~1\Lavasoft
2007-05-24 06:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-24 01:39 <DIR> d-------- C:\Program Files\simplemu
2007-05-23 21:34 <DIR> d-------- C:\DOCUME~1\BENJAM~1\APPLIC~1\CyberLink
2007-05-23 19:42 <DIR> d-------- C:\Program Files\CyberLink
2007-05-23 19:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-05-23 16:43 <DIR> d-------- C:\RECYCLER
2007-05-23 08:11 <DIR> d-------- C:\DOCUME~1\BENJAM~1\Contacts
2007-05-23 05:48 <DIR> d-------- C:\DOCUME~1\BENJAM~1\APPLIC~1\Ventrilo
2007-05-23 05:47 708,608 --a------ C:\DOCUME~1\BENJAM~1\ntuser.dat
2007-05-23 05:47 <DIR> d-------- C:\Program Files\Ventrilo
2007-05-23 05:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-23 05:12 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-05-23 05:05 <DIR> d---s---- C:\Program Files\Xfire
2007-05-23 05:05 <DIR> d-------- C:\DOCUME~1\BENJAM~1\APPLIC~1\Xfire
2007-05-23 05:04 <DIR> d-------- C:\Program Files\Lighthouse Interactive
2007-05-23 04:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-23 04:44 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-23 04:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-05-23 04:44 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-23 04:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-05-23 04:39 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-23 04:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-23 04:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-23 04:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-23 04:27 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-23 04:27 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-05-23 04:27 <DIR> d-------- C:\WINDOWS\nview
2007-05-23 04:27 <DIR> d-------- C:\NVIDIA
2007-05-23 04:25 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-05-23 04:23 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-23 04:23 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-23 04:23 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-23 04:23 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-23 04:23 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-23 04:23 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-23 04:23 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-23 04:23 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-23 04:23 49,152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-05-23 04:23 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-23 04:23 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-23 04:23 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-23 04:23 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-23 04:23 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-23 04:23 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-05-23 04:22 9,715,200 -ra------ C:\WINDOWS\RTLCPL.exe
2007-05-23 04:22 86,016 -ra------ C:\WINDOWS\SoundMan.exe
2007-05-23 04:22 69,632 -ra------ C:\WINDOWS\Alcmtr.exe
2007-05-23 04:22 520,192 -ra------ C:\WINDOWS\RtlExUpd.dll
2007-05-23 04:22 4,402,176 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-05-23 04:22 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-05-23 04:22 2,808,832 -ra------ C:\WINDOWS\alcwzrd.exe
2007-05-23 04:22 2,157,568 -ra------ C:\WINDOWS\MicCal.exe
2007-05-23 04:22 16,132,608 -ra------ C:\WINDOWS\RTHDCPL.exe
2007-05-23 04:22 1,822,720 -ra------ C:\WINDOWS\SkyTel.exe
2007-05-23 04:22 1,191,936 -ra------ C:\WINDOWS\RtlUpd.exe
2007-05-23 04:22 <DIR> d-------- C:\Program Files\Realtek
2007-05-23 04:21 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-23 04:20 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2007-05-23 04:20 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-05-23 04:20 <DIR> d-------- C:\Program Files\VIA
2007-05-23 04:20 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-05-23 04:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-23 04:13 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-23 04:10 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-23 04:07 <DIR> d-------- C:\WINDOWS\provisioning
2007-05-23 04:07 <DIR> d-------- C:\WINDOWS\peernet
2007-05-23 04:06 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-05-23 04:04 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-23 04:04 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-23 04:03 <DIR> d-------- C:\WINDOWS\EHome
2007-05-23 04:02 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-05-23 04:02 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-05-23 03:55 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-23 03:55 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-23 03:55 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-05-23 03:55 66,560 --a------ C:\WINDOWS\system32\mtxclu(3).dll
2007-05-23 03:55 66,560 --------- C:\WINDOWS\system32\mtxclu.dll
2007-05-23 03:55 628,224 --a------ C:\WINDOWS\system32\catsrvut(3).dll
2007-05-23 03:55 628,224 --------- C:\WINDOWS\system32\catsrvut.dll
2007-05-23 03:55 62,464 --a------ C:\WINDOWS\system32\colbact(3).dll
2007-05-23 03:55 62,464 --------- C:\WINDOWS\system32\colbact.dll
2007-05-23 03:55 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-05-23 03:55 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-05-23 03:55 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-23 03:55 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-23 03:55 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-05-23 03:55 395,776 --a------ C:\WINDOWS\system32\rpcss(4).dll
2007-05-23 03:55 395,776 --a------ C:\WINDOWS\system32\rpcss(3).dll
2007-05-23 03:55 395,776 --------- C:\WINDOWS\system32\rpcss.dll
2007-05-23 03:55 332,288 --a------ C:\WINDOWS\system32\netapi32(3).dll
2007-05-23 03:55 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-05-23 03:55 243,200 --------- C:\WINDOWS\system32\es.dll
2007-05-23 03:55 229,888 --a------ C:\WINDOWS\system32\catsrv(3).dll
2007-05-23 03:55 229,888 --------- C:\WINDOWS\system32\catsrv.dll
2007-05-23 03:55 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-23 03:55 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-23 03:55 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-05-23 03:55 1,281,536 --a------ C:\WINDOWS\system32\ole32(4).dll
2007-05-23 03:55 1,281,536 --a------ C:\WINDOWS\system32\ole32(3).dll
2007-05-23 03:55 1,281,536 --------- C:\WINDOWS\system32\ole32.dll
2007-05-23 03:55 1,251,840 --a------ C:\WINDOWS\system32\comsvcs(3).dll
2007-05-23 03:55 1,251,840 --------- C:\WINDOWS\system32\comsvcs.dll
2007-05-23 03:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-23 03:53 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-23 03:53 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-05-23 03:51 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-05-23 03:51 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-05-23 03:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-23 03:47 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-05-23 03:47 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-05-23 03:47 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-05-23 03:47 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-23 03:47 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-23 03:47 <DIR> d-------- C:\WINDOWS\system32\bits
2007-05-23 03:45 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-23 03:45 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-23 03:45 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-23 03:45 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-23 03:45 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-23 03:45 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-23 03:44 <DIR> d---s---- C:\DOCUME~1\BENJAM~1\UserData
2007-05-23 03:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-23 03:34 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-23 03:32 233,472 --a------ C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-23 03:32 233,472 --a------ C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-23 03:32 <DIR> d--hs---- C:\System Volume Information
2007-05-23 03:28 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-23 03:28 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-23 03:28 0 -rahs---- C:\MSDOS.SYS
2007-05-23 03:28 0 -rahs---- C:\IO.SYS
2007-05-23 03:28 0 --a------ C:\CONFIG.SYS
2007-05-23 03:28 0 --a------ C:\AUTOEXEC.BAT
2007-05-23 03:28 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-23 03:28 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-23 03:27 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-23 03:27 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-23 03:27 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-23 03:27 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-23 03:27 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-23 03:27 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-23 03:27 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-23 03:27 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-23 03:27 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-23 03:27 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-23 03:27 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-23 03:27 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-23 03:27 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-23 03:26 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-23 03:26 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-23 03:26 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-23 03:26 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-23 03:26 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-23 03:26 678,400 --a------ C:\WINDOWS\system32\inetcomm(2).dll
2007-05-23 03:26 678,400 --------- C:\WINDOWS\system32\inetcomm.dll
2007-05-23 03:26 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-23 03:26 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-23 03:26 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-23 03:26 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-23 03:26 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-23 03:26 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-23 03:26 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-23 03:26 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-23 03:26 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-23 03:26 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-23 03:26 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-23 03:26 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-23 03:26 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-23 03:26 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-23 03:26 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-23 03:26 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-23 03:26 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-23 03:26 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-23 03:26 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-23 03:26 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-23 03:26 <DIR> d-------- C:\WINDOWS\Registration
2007-05-23 03:26 <DIR> d-------- C:\WINDOWS\PCHEALTH
2007-05-23 03:26 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-23 03:25 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-23 03:25 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-23 03:25 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-23 03:25 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-23 03:25 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-23 03:25 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-23 03:25 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-23 03:25 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-23 03:25 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-23 03:25 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-23 03:25 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-23 03:25 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-23 03:25 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-23 03:25 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-23 03:25 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-23 03:25 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-23 03:25 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-23 03:25 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-23 03:25 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-23 03:25 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-23 03:25 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-23 03:25 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-23 03:25 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-23 03:25 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-23 03:25 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-23 03:25 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-23 03:25 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-23 03:25 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-23 03:25 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-23 03:25 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-23 03:25 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-23 03:25 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-23 03:25 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-23 03:25 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-23 03:25 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-23 03:25 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-23 03:25 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-23 03:25 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-23 03:25 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-23 03:25 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-23 03:25 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-23 03:25 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-05-23 03:25 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-23 03:25 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-23 03:25 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-23 03:25 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-23 03:25 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-23 03:25 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-23 03:25 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-23 03:25 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-23 03:25 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-23 03:25 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-23 03:25 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-23 03:25 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-23 03:25 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-23 03:25 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-23 03:25 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-23 03:25 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-23 03:25 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-23 03:25 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-23 03:25 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-23 03:25 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-23 03:25 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-23 03:25 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-23 03:25 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-23 03:25 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-23 03:25 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-23 03:25 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-23 03:25 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-23 03:25 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-23 03:25 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-05-23 03:25 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-23 03:25 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-23 03:25 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-23 03:25 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-23 03:25 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-23 03:25 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-23 03:25 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-23 03:25 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-23 03:25 <DIR> d-------- C:\Program Files\Windows NT
2007-05-23 03:25 <DIR> d-------- C:\Program Files\Online Services
2007-05-23 03:25 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-23 03:25 <DIR> d-------- C:\Program Files\Messenger
2007-05-23 00:22 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-23 00:22 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-05-23 00:21 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-23 00:20 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-23 00:20 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-05-23 00:19 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-23 00:19 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-05-23 00:19 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-23 00:19 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-23 00:19 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-23 00:19 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-23 00:19 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-23 00:19 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-05-23 00:19 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-23 00:19 69,120 --a------ C:\WINDOWS\notepad.exe
2007-05-23 00:19 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-05-23 00:19 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-23 00:19 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-23 00:19 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-23 00:19 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-23 00:19 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-23 00:19 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-23 00:19 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-23 00:19 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-23 00:19 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-23 00:19 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-23 00:19 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-23 00:19 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-23 00:19 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-23 00:19 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-23 00:19 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-23 00:19 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-23 00:19 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-23 00:19 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-23 00:19 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-23 00:19 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-23 00:19 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-23 00:19 <DIR> dr------- C:\Program Files
2007-05-23 00:19 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-05-23 00:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-23 00:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-23 00:19 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-23 00:19 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-23 00:19 <DIR> d-------- C:\Documents and Settings
2007-05-23 00:15 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-23 00:15 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-23 00:15 <DIR> dr------- C:\WINDOWS\Web
2007-05-23 00:15 <DIR> d--h----- C:\WINDOWS\inf
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system32
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\system
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\security
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\Resources
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\repair
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\mui
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\msapps
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\msagent
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\Media
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\ime
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\Help
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\Debug
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\Config
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS\addins
2007-05-23 00:15 <DIR> d-------- C:\WINDOWS

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-17 01:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 01:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b68cca94-08db-11dc-aae2-806d6172696f}]
AutoRun\command- I:\AutorunShim.exe

*Newly Created Service* -PROCEXP90

Contents of the 'Scheduled Tasks' folder
2007-05-24 09:42:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 08:04:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

********************************************************************

Completion time: 2007-05-24 8:04:33

--- E O F ---

Matarael · 24-May-2007, 10:01 AM #3

Sorry to bump my own thread.. have to go to out soon.

Matarael · 25-May-2007, 10:42 PM #4

Day and a half later bump. >.>

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!