1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Another simillar problem

Discussion in 'Virus & Other Malware Removal' started by coelacanth, Feb 7, 2007.

Thread Status:
Not open for further replies.
  1. coelacanth

    coelacanth Thread Starter

    Joined:
    Feb 7, 2007
    Messages:
    1
    Hi there. I found out recently that one of my colleague's computer is having the same "C:\WINDOWS\system32\DL5EB7~1.EXE" problem as the thread starter. I followed the steps he did with HijackThis log, Vundo and ComboFix . However after i ran VundoFix, the result says the system couldn't detect any vundo. Following is the logs

    Logfile of HijackThis v1.99.1
    Scan saved at 3:36:53 PM, on 5/16/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    E:\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\kernels88.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\dlh9jkd1q7.exe
    C:\WINDOWS\System32\services.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [!ewido] "E:\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels88.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\18222122.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


    :: After ComboFix ::

    ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Administrator\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\dlh9jkd1q1.exe
    C:\WINDOWS\system32\dlh9jkd1q2.exe
    C:\WINDOWS\system32\dlh9jkd1q5.exe
    C:\WINDOWS\system32\dlh9jkd1q6.exe
    C:\WINDOWS\system32\dlh9jkd1q7.exe
    C:\WINDOWS\system32\dlh9jkd1q8.exe
    C:\WINDOWS\system32\kernels88.exe
    C:\WINDOWS\system32\vxg6ame4.exe
    C:\WINDOWS\system32\vxga4me1.exe
    C:\WINDOWS\system32\vxga5me3.exe
    C:\WINDOWS\system32\vxga8me6.exe
    C:\WINDOWS\system32\aspi102465.exe
    C:\WINDOWS\system32\vxga4me1.exe
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\g32.txt
    C:\WINDOWS\s32.txt
    C:\WINDOWS\ws386.ini
    C:\WINDOWS\trace
    C:\Documents and Settings\All Users\Documents\Settings


    ((((((((((((((((((((((((((((((( Files Created from 2006-04-16 to 2006-05-16 ))))))))))))))))))))))))))))))))))


    2006-05-16 15:40 <DIR> d-------- C:\VundoFix Backups
    2006-05-16 14:57 <DIR> d-------- C:\Program Files\Lavasoft
    2006-05-16 14:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
    2006-05-16 13:31 <DIR> d-------- C:\WINDOWS\setup.pss
    2006-05-16 09:22 34,069 --a------ C:\WINDOWS\system32\hmklyq32.dll
    2006-05-10 02:54 65,568 --a------ C:\WINDOWS\system32\lzx32.sys
    2006-05-10 02:54 34,005 --a------ C:\WINDOWS\system32\wxtal32.dll
    2006-05-10 02:00 34,005 --a------ C:\WINDOWS\system32\jdyv32.dll
    2006-05-10 01:59 8,704 --a------ C:\WINDOWS\system32\lyqmxk.sys
    2006-05-10 01:59 8,704 --a------ C:\WINDOWS\system32\eqvtb.sys
    2006-05-10 01:59 34,005 --a------ C:\WINDOWS\system32\relmd32.dll
    2006-05-10 01:59 34,005 --a------ C:\WINDOWS\system32\lgbye32.dll
    2006-05-10 01:59 102,400 --a------ C:\WINDOWS\system32\advvpi32.dll
    2006-05-10 01:58 8,302 --a------ C:\syst.exe
    2006-05-10 01:58 8,302 --a------ C:\3456346345643.exe
    2006-05-06 04:39 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
    2006-05-03 23:00 <DIR> d--hs---- C:\RECYCLER
    2006-05-03 22:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2006-05-03 22:53 <DIR> d-------- C:\WINDOWS\ShellNew
    2006-05-03 22:25 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys
    2006-05-03 22:25 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
    2006-05-03 21:49 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
    2006-05-03 21:43 470,144 --a------ C:\WINDOWS\system32\G200d.dll
    2006-05-03 21:43 320,384 --a------ C:\WINDOWS\system32\drivers\G200m.sys
    2006-05-03 21:38 <DIR> d--hs---- C:\WINDOWS\Installer
    2006-05-03 21:37 237,568 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
    2006-05-03 21:37 237,568 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
    2006-05-03 21:37 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2006-05-03 21:37 <DIR> d--hs---- C:\System Volume Information
    2006-05-03 21:37 <DIR> d-------- C:\WINDOWS\Prefetch
    2006-05-03 21:26 <DIR> d-------- C:\WINDOWS\system32\xircom
    2006-05-03 21:26 <DIR> d-------- C:\Program Files\microsoft frontpage
    2006-05-03 21:25 237,568 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
    2006-05-03 21:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-05-03 21:25 0 -rahs---- C:\MSDOS.SYS
    2006-05-03 21:25 0 -rahs---- C:\IO.SYS
    2006-05-03 21:25 0 --a------ C:\CONFIG.SYS
    2006-05-03 21:25 0 --a------ C:\AUTOEXEC.BAT
    2006-05-03 21:22 <DIR> dr------- C:\WINDOWS\Offline Web Pages
    2006-05-03 21:22 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
    2006-05-03 21:22 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
    2006-05-03 21:21 <DIR> d-------- C:\WINDOWS\srchasst
    2006-05-03 21:20 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-05-03 21:20 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-05-03 21:20 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-05-03 21:20 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-05-03 21:20 179,200 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-05-03 21:20 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-05-03 21:20 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-05-03 21:20 <DIR> d-------- C:\WINDOWS\system32\Macromed
    2006-05-03 21:20 <DIR> d-------- C:\WINDOWS\system32\DirectX
    2006-05-03 21:20 <DIR> d-------- C:\Program Files\Movie Maker
    2006-05-03 21:19 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-05-03 21:19 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-05-03 21:19 77,824 --a------ C:\WINDOWS\system32\isign32.dll
    2006-05-03 21:19 73,728 --a------ C:\WINDOWS\system32\ils.dll
    2006-05-03 21:19 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-05-03 21:19 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-05-03 21:19 65,536 --a------ C:\WINDOWS\system32\msconf.dll
    2006-05-03 21:19 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-05-03 21:19 61,952 --a------ C:\WINDOWS\system32\srclient.dll
    2006-05-03 21:19 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-05-03 21:19 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-05-03 21:19 47,616 --a------ C:\WINDOWS\system32\inetres.dll
    2006-05-03 21:19 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-05-03 21:19 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-05-03 21:19 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-05-03 21:19 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-05-03 21:19 249,856 --a------ C:\WINDOWS\system32\mstask.dll
    2006-05-03 21:19 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-05-03 21:19 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-05-03 21:19 218,112 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-05-03 21:19 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-05-03 21:19 158,720 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-05-03 21:19 155,136 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-05-03 21:19 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-05-03 21:19 <DIR> d---s---- C:\WINDOWS\Tasks
    2006-05-03 21:19 <DIR> d-------- C:\WINDOWS\system32\Restore
    2006-05-03 21:19 <DIR> d-------- C:\WINDOWS\PCHEALTH
    2006-05-03 21:19 <DIR> d-------- C:\Program Files\Common Files\MSSoap
    2006-05-03 21:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2006-05-03 21:17 <DIR> d--h----- C:\Program Files\WindowsUpdate
    2006-05-03 21:17 <DIR> d-------- C:\WINDOWS\Registration
    2006-05-03 21:17 <DIR> d-------- C:\Program Files\Online Services
    2006-05-03 21:16 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-05-03 21:16 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-05-03 21:16 9,728 --a------ C:\WINDOWS\system32\reset.exe
    2006-05-03 21:16 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-05-03 21:16 80,384 --a------ C:\WINDOWS\system32\charmap.exe
    2006-05-03 21:16 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-05-03 21:16 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-05-03 21:16 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-05-03 21:16 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-05-03 21:16 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-05-03 21:16 56,832 --a------ C:\WINDOWS\system32\sol.exe
    2006-05-03 21:16 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-05-03 21:16 55,296 --a------ C:\WINDOWS\system32\freecell.exe
    2006-05-03 21:16 534,016 --a------ C:\WINDOWS\system32\spider.exe
    2006-05-03 21:16 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-05-03 21:16 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-05-03 21:16 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
    2006-05-03 21:16 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-05-03 21:16 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-05-03 21:16 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-05-03 21:16 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-05-03 21:16 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-05-03 21:16 385,536 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-05-03 21:16 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-05-03 21:16 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-05-03 21:16 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-05-03 21:16 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-05-03 21:16 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-05-03 21:16 20,992 --a------ C:\WINDOWS\system32\msg.exe
    2006-05-03 21:16 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-05-03 21:16 197,632 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-05-03 21:16 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-05-03 21:16 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-05-03 21:16 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-05-03 21:16 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-05-03 21:16 16,384 --a------ C:\WINDOWS\system32\tskill.exe
    2006-05-03 21:16 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-05-03 21:16 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-05-03 21:16 15,360 --a------ C:\WINDOWS\system32\logoff.exe
    2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\tscon.exe
    2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\shadow.exe
    2006-05-03 21:16 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-05-03 21:16 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-05-03 21:16 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-05-03 21:16 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-05-03 21:16 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-05-03 21:16 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-05-03 21:16 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-05-03 21:16 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-05-03 21:16 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-05-03 21:16 114,688 --a------ C:\WINDOWS\system32\calc.exe
    2006-05-03 21:16 112,128 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-05-03 21:16 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-05-03 21:16 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-05-03 21:16 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-05-03 21:16 <DIR> d-------- C:\Program Files\Windows NT
    2006-05-03 21:16 <DIR> d-------- C:\Program Files\MSN Gaming Zone
    2006-05-03 21:16 <DIR> d-------- C:\Program Files\Messenger
    2006-05-03 21:15 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-05-03 21:15 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-05-03 21:15 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-05-03 21:15 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
    2006-05-03 21:15 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-05-03 21:15 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-05-03 21:15 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll
    2006-05-03 21:15 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-05-03 21:15 56,832 --a------ C:\WINDOWS\system32\colbact.dll
    2006-05-03 21:15 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-05-03 21:15 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-05-03 21:15 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-05-03 21:15 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-05-03 21:15 495,616 --a------ C:\WINDOWS\system32\comuid.dll
    2006-05-03 21:15 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
    2006-05-03 21:15 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-05-03 21:15 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-05-03 21:15 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-05-03 21:15 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-05-03 21:15 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-05-03 21:15 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
    2006-05-03 21:15 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-05-03 21:15 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-05-03 21:15 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-05-03 21:15 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-05-03 21:15 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-05-03 21:15 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-05-03 21:15 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-05-03 21:15 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll
    2006-05-03 21:15 <DIR> d-------- C:\WINDOWS\system32\MsDtc
    2006-05-03 21:15 <DIR> d-------- C:\WINDOWS\system32\Com
    2006-05-03 21:14 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2006-05-03 21:14 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-05-03 14:09 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
    2006-05-03 14:09 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-05-03 14:08 9,344 --a------ C:\WINDOWS\system32\drivers\NtApm.sys
    2006-05-03 14:08 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-05-03 14:08 6,400 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2006-05-03 14:08 57,472 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-05-03 14:08 55,808 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-05-03 14:08 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-05-03 14:08 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-05-03 14:08 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-05-03 14:08 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2006-05-03 14:08 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-05-03 14:08 159,232 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-05-03 14:08 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-05-03 14:07 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
    2006-05-03 14:07 67,072 --a------ C:\WINDOWS\system32\usbui.dll
    2006-05-03 14:07 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys
    2006-05-03 14:07 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-05-03 14:07 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
    2006-05-03 14:07 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
    2006-05-03 14:07 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-05-03 14:07 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll
    2006-05-03 14:07 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys
    2006-05-03 14:07 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
    2006-05-03 14:07 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys
    2006-05-03 14:07 256,512 --a------ C:\WINDOWS\system32\devcon32.dll
    2006-05-03 14:07 25,472 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
    2006-05-03 14:07 24,064 --a------ C:\WINDOWS\system32\devldr32.exe
    2006-05-03 14:07 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2006-05-03 14:04 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-05-03 14:04 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-05-03 14:04 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-05-03 14:04 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-05-03 14:04 <DIR> dr------- C:\Program Files
    2006-05-03 14:04 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
    2006-05-03 14:04 <DIR> d-------- C:\Program Files\Common Files\ODBC
    2006-05-03 14:03 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
    2006-05-03 14:03 9,008 --a------ C:\WINDOWS\system\VER.DLL
    2006-05-03 14:03 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-05-03 14:03 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
    2006-05-03 14:03 70,656 --a------ C:\WINDOWS\system32\storprop.dll
    2006-05-03 14:03 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-05-03 14:03 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
    2006-05-03 14:03 68,928 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
    2006-05-03 14:03 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-05-03 14:03 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-05-03 14:03 6,656 --a------ C:\WINDOWS\system32\batt.dll
    2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-05-03 14:03 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-05-03 14:03 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
    2006-05-03 14:03 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
    2006-05-03 14:03 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-05-03 14:03 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
    2006-05-03 14:03 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
    2006-05-03 14:03 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-05-03 14:03 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-05-03 14:03 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-05-03 14:03 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
    2006-05-03 14:03 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
    2006-05-03 14:03 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
    2006-05-03 14:03 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-05-03 14:03 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
    2006-05-03 14:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
    2006-05-03 14:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot
    2006-05-03 14:02 <DIR> d-------- C:\Documents and Settings
    2006-05-03 13:55 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
    2006-05-03 13:55 <DIR> dr--s---- C:\WINDOWS\Fonts
    2006-05-03 13:55 <DIR> dr------- C:\WINDOWS\Web
    2006-05-03 13:55 <DIR> d-a------ C:\WINDOWS\system32
    2006-05-03 13:55 <DIR> d--h----- C:\WINDOWS\inf
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\WinSxS
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\twain_32
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\wins
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\wbem
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\usmt
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\spool
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ShellExt
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\Setup
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ras
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\oobe
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\npp
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\mui
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\inetsrv
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\IME
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\icsxml
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\ias
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\export
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\drivers
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\dhcp
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\config
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\3076
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\2052
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1054
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1042
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1041
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1037
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1033
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1031
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1028
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system32\1025
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\system
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\security
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Resources
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\repair
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\mui
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\msapps
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\msagent
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Media
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\java
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\ime
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Help
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Driver Cache
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Debug
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Cursors
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Connection Wizard
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\Config
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\AppPatch
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS\addins
    2006-05-03 13:55 <DIR> d-------- C:\WINDOWS


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    Rootkit driver pe386 is present. A rootkit scan is required

    2006-05-16 14:57 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\microsoft
    2006-05-16 14:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\lavasoft
    2006-05-03 21:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\identities
    2006-05-03 14:03 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "!ewido"="\"E:\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
    "flags"=dword:00000008

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "System Registry Hook"="{309C96FA-8C40-4bce-879C-989DC33DCD25}"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "CDRecorder030"="{A3BC5E20-0235-1ABF-9CE1-00AA00512030}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk

    HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt

    HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage

    HKLM\SYSTEM\CurrentControlSet\Services\ql1080k

    HKLM\SYSTEM\CurrentControlSet\Services\ql12400

    HKLM\SYSTEM\CurrentControlSet\Services\RasManp

    HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe

    HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi

    HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD

    HKLM\SYSTEM\CurrentControlSet\Services\redbookgr

    HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry

    HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator

    HKLM\SYSTEM\CurrentControlSet\Services\RSVPs

    HKLM\SYSTEM\CurrentControlSet\Services\SamSs39

    HKLM\SYSTEM\CurrentControlSet\Services\Secdrvle

    HKLM\SYSTEM\CurrentControlSet\Services\SENSogon

    HKLM\SYSTEM\CurrentControlSet\Services\Serialm

    HKLM\SYSTEM\CurrentControlSet\Services\Sfloppye

    HKLM\SYSTEM\CurrentControlSet\Services\sfmanpy

    HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection

    HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr

    HKLM\SYSTEM\CurrentControlSet\Services\srooler

    HKLM\SYSTEM\CurrentControlSet\Services\Srvervice

    HKLM\SYSTEM\CurrentControlSet\Services\stisvcV

    HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi

    HKLM\SYSTEM\CurrentControlSet\Services\sym_hix

    HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv

    HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE

    HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice

    HKLM\SYSTEM\CurrentControlSet\Services\TosIder

    HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs

    HKLM\SYSTEM\CurrentControlSet\Services\UdfsD

    HKLM\SYSTEM\CurrentControlSet\Services\upnphostr

    HKLM\SYSTEM\CurrentControlSet\Services\UPSphost

    HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee

    HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap

    HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme

    HKLM\SYSTEM\CurrentControlSet\Services\WDICAp

    HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt

    HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSp

    HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv

    scanning hidden autostart entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 42
    hidden files: 0

    ********************************************************************

    Completion time: 06-05-16 15:50:06


    Hope you can help. Thanks
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!

    I've moved you to a thread of your own so please reply here.

    You need to go here and install "Service Pack 1" This will patch numerous security holes in IE and Windows. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

    DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed. After you get SP1 installed, restart your computer. Come back here and post the new Hijack This log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Another simillar problem
  1. BrianJones5
    Replies:
    0
    Views:
    411
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542038

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice