Another simillar problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

coelacanth

Thread Starter
Joined
Feb 7, 2007
Messages
1
Hi there. I found out recently that one of my colleague's computer is having the same "C:\WINDOWS\system32\DL5EB7~1.EXE" problem as the thread starter. I followed the steps he did with HijackThis log, Vundo and ComboFix . However after i ran VundoFix, the result says the system couldn't detect any vundo. Following is the logs

Logfile of HijackThis v1.99.1
Scan saved at 3:36:53 PM, on 5/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\kernels88.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\dlh9jkd1q7.exe
C:\WINDOWS\System32\services.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels88.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\18222122.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


:: After ComboFix ::

ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dlh9jkd1q1.exe
C:\WINDOWS\system32\dlh9jkd1q2.exe
C:\WINDOWS\system32\dlh9jkd1q5.exe
C:\WINDOWS\system32\dlh9jkd1q6.exe
C:\WINDOWS\system32\dlh9jkd1q7.exe
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\kernels88.exe
C:\WINDOWS\system32\vxg6ame4.exe
C:\WINDOWS\system32\vxga4me1.exe
C:\WINDOWS\system32\vxga5me3.exe
C:\WINDOWS\system32\vxga8me6.exe
C:\WINDOWS\system32\aspi102465.exe
C:\WINDOWS\system32\vxga4me1.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\g32.txt
C:\WINDOWS\s32.txt
C:\WINDOWS\ws386.ini
C:\WINDOWS\trace
C:\Documents and Settings\All Users\Documents\Settings


((((((((((((((((((((((((((((((( Files Created from 2006-04-16 to 2006-05-16 ))))))))))))))))))))))))))))))))))


2006-05-16 15:40 <DIR> d-------- C:\VundoFix Backups
2006-05-16 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2006-05-16 14:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
2006-05-16 13:31 <DIR> d-------- C:\WINDOWS\setup.pss
2006-05-16 09:22 34,069 --a------ C:\WINDOWS\system32\hmklyq32.dll
2006-05-10 02:54 65,568 --a------ C:\WINDOWS\system32\lzx32.sys
2006-05-10 02:54 34,005 --a------ C:\WINDOWS\system32\wxtal32.dll
2006-05-10 02:00 34,005 --a------ C:\WINDOWS\system32\jdyv32.dll
2006-05-10 01:59 8,704 --a------ C:\WINDOWS\system32\lyqmxk.sys
2006-05-10 01:59 8,704 --a------ C:\WINDOWS\system32\eqvtb.sys
2006-05-10 01:59 34,005 --a------ C:\WINDOWS\system32\relmd32.dll
2006-05-10 01:59 34,005 --a------ C:\WINDOWS\system32\lgbye32.dll
2006-05-10 01:59 102,400 --a------ C:\WINDOWS\system32\advvpi32.dll
2006-05-10 01:58 8,302 --a------ C:\syst.exe
2006-05-10 01:58 8,302 --a------ C:\3456346345643.exe
2006-05-06 04:39 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2006-05-03 23:00 <DIR> d--hs---- C:\RECYCLER
2006-05-03 22:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-05-03 22:53 <DIR> d-------- C:\WINDOWS\ShellNew
2006-05-03 22:25 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys
2006-05-03 22:25 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
2006-05-03 21:49 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-05-03 21:43 470,144 --a------ C:\WINDOWS\system32\G200d.dll
2006-05-03 21:43 320,384 --a------ C:\WINDOWS\system32\drivers\G200m.sys
2006-05-03 21:38 <DIR> d--hs---- C:\WINDOWS\Installer
2006-05-03 21:37 237,568 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2006-05-03 21:37 237,568 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2006-05-03 21:37 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2006-05-03 21:37 <DIR> d--hs---- C:\System Volume Information
2006-05-03 21:37 <DIR> d-------- C:\WINDOWS\Prefetch
2006-05-03 21:26 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-05-03 21:26 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-05-03 21:25 237,568 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2006-05-03 21:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-05-03 21:25 0 -rahs---- C:\MSDOS.SYS
2006-05-03 21:25 0 -rahs---- C:\IO.SYS
2006-05-03 21:25 0 --a------ C:\CONFIG.SYS
2006-05-03 21:25 0 --a------ C:\AUTOEXEC.BAT
2006-05-03 21:22 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-05-03 21:22 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2006-05-03 21:22 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-05-03 21:21 <DIR> d-------- C:\WINDOWS\srchasst
2006-05-03 21:20 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-05-03 21:20 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-05-03 21:20 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-05-03 21:20 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-05-03 21:20 179,200 --a------ C:\WINDOWS\system32\qmgr.dll
2006-05-03 21:20 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-05-03 21:20 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-05-03 21:20 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-05-03 21:20 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-05-03 21:20 <DIR> d-------- C:\Program Files\Movie Maker
2006-05-03 21:19 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
2006-05-03 21:19 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-05-03 21:19 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-05-03 21:19 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-05-03 21:19 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-05-03 21:19 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-05-03 21:19 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-05-03 21:19 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-05-03 21:19 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2006-05-03 21:19 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-05-03 21:19 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-05-03 21:19 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-05-03 21:19 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-05-03 21:19 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-05-03 21:19 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-05-03 21:19 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-05-03 21:19 249,856 --a------ C:\WINDOWS\system32\mstask.dll
2006-05-03 21:19 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-05-03 21:19 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-05-03 21:19 218,112 --a------ C:\WINDOWS\system32\srrstr.dll
2006-05-03 21:19 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-05-03 21:19 158,720 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-05-03 21:19 155,136 --a------ C:\WINDOWS\system32\srsvc.dll
2006-05-03 21:19 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-05-03 21:19 <DIR> d---s---- C:\WINDOWS\Tasks
2006-05-03 21:19 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-05-03 21:19 <DIR> d-------- C:\WINDOWS\PCHEALTH
2006-05-03 21:19 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-05-03 21:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2006-05-03 21:17 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-05-03 21:17 <DIR> d-------- C:\WINDOWS\Registration
2006-05-03 21:17 <DIR> d-------- C:\Program Files\Online Services
2006-05-03 21:16 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-05-03 21:16 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-05-03 21:16 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-05-03 21:16 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-05-03 21:16 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-05-03 21:16 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
2006-05-03 21:16 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-05-03 21:16 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-05-03 21:16 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-05-03 21:16 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-05-03 21:16 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-05-03 21:16 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-05-03 21:16 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-05-03 21:16 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-05-03 21:16 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2006-05-03 21:16 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-05-03 21:16 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-05-03 21:16 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-05-03 21:16 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-05-03 21:16 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-05-03 21:16 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-05-03 21:16 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-05-03 21:16 385,536 --a------ C:\WINDOWS\system32\mstsc.exe
2006-05-03 21:16 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-05-03 21:16 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-05-03 21:16 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-05-03 21:16 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-05-03 21:16 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-05-03 21:16 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-05-03 21:16 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-05-03 21:16 197,632 --a------ C:\WINDOWS\system32\termsrv.dll
2006-05-03 21:16 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-05-03 21:16 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-05-03 21:16 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-05-03 21:16 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-05-03 21:16 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-05-03 21:16 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-05-03 21:16 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-05-03 21:16 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-05-03 21:16 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-05-03 21:16 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2006-05-03 21:16 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-05-03 21:16 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-05-03 21:16 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-05-03 21:16 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-05-03 21:16 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-05-03 21:16 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-05-03 21:16 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-05-03 21:16 112,128 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-05-03 21:16 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-05-03 21:16 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-05-03 21:16 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-05-03 21:16 <DIR> d-------- C:\Program Files\Windows NT
2006-05-03 21:16 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-05-03 21:16 <DIR> d-------- C:\Program Files\Messenger
2006-05-03 21:15 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-05-03 21:15 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-05-03 21:15 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-05-03 21:15 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-05-03 21:15 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-05-03 21:15 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-05-03 21:15 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-05-03 21:15 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2006-05-03 21:15 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-05-03 21:15 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-05-03 21:15 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-05-03 21:15 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-05-03 21:15 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-05-03 21:15 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-05-03 21:15 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-05-03 21:15 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-05-03 21:15 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-05-03 21:15 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-05-03 21:15 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-05-03 21:15 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-05-03 21:15 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-05-03 21:15 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-05-03 21:15 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-05-03 21:15 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-05-03 21:15 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-05-03 21:15 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-05-03 21:15 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-05-03 21:15 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-05-03 21:15 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-05-03 21:15 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-05-03 21:15 <DIR> d-------- C:\WINDOWS\system32\Com
2006-05-03 21:14 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-05-03 21:14 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-05-03 14:09 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-05-03 14:09 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-05-03 14:08 9,344 --a------ C:\WINDOWS\system32\drivers\NtApm.sys
2006-05-03 14:08 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-05-03 14:08 6,400 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-05-03 14:08 57,472 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-05-03 14:08 55,808 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-05-03 14:08 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-05-03 14:08 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-05-03 14:08 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-05-03 14:08 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-05-03 14:08 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-05-03 14:08 159,232 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-03 14:08 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-05-03 14:07 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-05-03 14:07 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2006-05-03 14:07 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys
2006-05-03 14:07 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-05-03 14:07 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
2006-05-03 14:07 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
2006-05-03 14:07 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-05-03 14:07 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll
2006-05-03 14:07 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys
2006-05-03 14:07 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2006-05-03 14:07 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys
2006-05-03 14:07 256,512 --a------ C:\WINDOWS\system32\devcon32.dll
2006-05-03 14:07 25,472 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-05-03 14:07 24,064 --a------ C:\WINDOWS\system32\devldr32.exe
2006-05-03 14:07 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-05-03 14:04 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-05-03 14:04 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-05-03 14:04 <DIR> dr------- C:\Program Files
2006-05-03 14:04 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-05-03 14:04 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-05-03 14:03 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-05-03 14:03 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-05-03 14:03 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-05-03 14:03 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-05-03 14:03 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2006-05-03 14:03 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-05-03 14:03 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-05-03 14:03 68,928 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-05-03 14:03 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-05-03 14:03 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-05-03 14:03 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-05-03 14:03 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-05-03 14:03 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-05-03 14:03 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-05-03 14:03 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-05-03 14:03 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-05-03 14:03 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-05-03 14:03 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-05-03 14:03 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-05-03 14:03 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-05-03 14:03 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-05-03 14:03 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-05-03 14:03 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2006-05-03 14:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-05-03 14:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-05-03 14:02 <DIR> d-------- C:\Documents and Settings
2006-05-03 13:55 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-05-03 13:55 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-05-03 13:55 <DIR> dr------- C:\WINDOWS\Web
2006-05-03 13:55 <DIR> d-a------ C:\WINDOWS\system32
2006-05-03 13:55 <DIR> d--h----- C:\WINDOWS\inf
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\WinSxS
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\twain_32
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\wins
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\spool
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ras
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\npp
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\mui
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\IME
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ias
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\export
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\config
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\3076
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\2052
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1054
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1042
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1041
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1037
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1033
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1031
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1028
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1025
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\security
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Resources
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\repair
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\mui
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\msapps
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\msagent
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Media
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\java
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\ime
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Help
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Debug
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Cursors
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Config
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\AppPatch
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\addins
2006-05-03 13:55 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-05-16 14:57 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\microsoft
2006-05-16 14:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\lavasoft
2006-05-03 21:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\identities
2006-05-03 14:03 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!ewido"="\"E:\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"System Registry Hook"="{309C96FA-8C40-4bce-879C-989DC33DCD25}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"CDRecorder030"="{A3BC5E20-0235-1ABF-9CE1-00AA00512030}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk

HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt

HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage

HKLM\SYSTEM\CurrentControlSet\Services\ql1080k

HKLM\SYSTEM\CurrentControlSet\Services\ql12400

HKLM\SYSTEM\CurrentControlSet\Services\RasManp

HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe

HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi

HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD

HKLM\SYSTEM\CurrentControlSet\Services\redbookgr

HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry

HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator

HKLM\SYSTEM\CurrentControlSet\Services\RSVPs

HKLM\SYSTEM\CurrentControlSet\Services\SamSs39

HKLM\SYSTEM\CurrentControlSet\Services\Secdrvle

HKLM\SYSTEM\CurrentControlSet\Services\SENSogon

HKLM\SYSTEM\CurrentControlSet\Services\Serialm

HKLM\SYSTEM\CurrentControlSet\Services\Sfloppye

HKLM\SYSTEM\CurrentControlSet\Services\sfmanpy

HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection

HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr

HKLM\SYSTEM\CurrentControlSet\Services\srooler

HKLM\SYSTEM\CurrentControlSet\Services\Srvervice

HKLM\SYSTEM\CurrentControlSet\Services\stisvcV

HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi

HKLM\SYSTEM\CurrentControlSet\Services\sym_hix

HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog

HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE

HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice

HKLM\SYSTEM\CurrentControlSet\Services\TosIder

HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs

HKLM\SYSTEM\CurrentControlSet\Services\UdfsD

HKLM\SYSTEM\CurrentControlSet\Services\upnphostr

HKLM\SYSTEM\CurrentControlSet\Services\UPSphost

HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee

HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap

HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme

HKLM\SYSTEM\CurrentControlSet\Services\WDICAp

HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt

HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSp

HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 42
hidden files: 0

********************************************************************

Completion time: 06-05-16 15:50:06


Hope you can help. Thanks
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi Welcome to TSG!!

I've moved you to a thread of your own so please reply here.

You need to go here and install "Service Pack 1" This will patch numerous security holes in IE and Windows. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed. After you get SP1 installed, restart your computer. Come back here and post the new Hijack This log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top