Pop ups and dll problem

Question

Hello,   It looks like I can't handle the incoming spy- adware and trojans anymore. Normally I simply run Norman adware SE Prof and Norman VC but Norman adware can not make it's scan to the end (it simply doesn't want to continue after scanning multiple files) so I cant delete the infections it finds. I now have the following symphtons: -Pop ups from Outerinfo -Other advertisement pop ups -Norman VC keeps giving me the next message over and over (every 2 seconds after closing it)                          Location: C:\WINDOWS\system32\awvtr.dll                          Vundo.gen20 This seemed to be a trojan, though NVC putted it in Quarantine and the file is now nowhere to be found...But that message keeps coming! running NVC again doesn't work either.   Thanks for your help in advance!     Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 13:34:14, on 29-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWSetadpu2000352.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\System32
vsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\BIN
ipsvc.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin
vcoas.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\?ystem32
?pdb.exe C:\WINDOWS\system32\FNTS~1
slookup.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Roland vd Linden\Local Settings\Temporary Internet Files\Content.IE5\2SQ77W7I\HiJackThis_v2[1].exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4EE5DA61-648C-4F53-A140-1BE34F97F2BF} - C:\WINDOWS\system32\gieknt.dll O2 - BHO: (no name) - {542A10D3-7E37-44E3-A1B9-884377B0D395} - C:\WINDOWS\system32\awvtr.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\kwyyaqlc.dll O2 - BHO: (no name) - {E35C5648-D807-4952-A6B6-016A6EEB2786} - C:\WINDOWS\system32\opnkiji.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe' O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [runner1] C:\WINDOWSetadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [InfoData] rundll32.exe 'C:\WINDOWS\system32
xqkwatm.dll',realset O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [DAEMON Tools] 'C:\Program Files\DAEMON Tools\daemon.exe' -lang 1033 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 'C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe' O4 - HKCU\..\Run: [Dtth] 'C:\WINDOWS\system32\FNTS~1
slookup.exe' -vt ndrv O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177092253623 O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing) O20 - Winlogon Notify: opnkiji - C:\WINDOWS\SYSTEM32\opnkiji.dll O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin
vcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 7500 bytes

Bugbatter · Answer

Welcome :)

Yes, you have a few infections in there. Let's give this a try first. We may have to do some manual deletions after that, but let's see what the tool catches first.

Please download Combofix from here: h ttp://download.bleepingcomputer.com/sUBs/combofix.exe
Or
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
** Take note that the links are case sensitive

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Do not proceed with the rest of the fix if you fail to run combofix.

ace_quorthon · Answer

2007-04-20 20:24 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-04-20 20:24 67,072 --a------ C:\WINDOWS\system32dshost.exe 2007-04-20 20:24 67,072 --a------ C:\WINDOWS\system32
tdsapi.dll 2007-04-20 20:24 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll 2007-04-20 20:24 66,176 --a------ C:\WINDOWS\system32\drivers\udfs.sys 2007-04-20 20:24 66,048 --a------ C:\WINDOWS\system32\wextract.exe 2007-04-20 20:24 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-04-20 20:24 65,920 --a------ C:\WINDOWS\system32\drivers\serial.sys 2007-04-20 20:24 65,536 --a------ C:\WINDOWS\system32\wshext.dll 2007-04-20 20:24 65,536 --a------ C:\WINDOWS\system32\shimeng.dll 2007-04-20 20:24 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll 2007-04-20 20:24 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll 2007-04-20 20:24 65,024 --a------ C:\WINDOWS\system32\pautoenr.dll 2007-04-20 20:24 64,000 --a------ C:\WINDOWS\system32\samlib.dll 2007-04-20 20:24 632,832 --a------ C:\WINDOWS\system32\autoconv.exe 2007-04-20 20:24 63,744 --a------ C:\WINDOWS\system32\drivers\mf.sys 2007-04-20 20:24 63,744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys 2007-04-20 20:24 629,248 --a------ C:\WINDOWS\system32
etcfgx.dll 2007-04-20 20:24 62,464 --a------ C:\WINDOWS\system32dpclip.exe 2007-04-20 20:24 619,008 --a------ C:\WINDOWS\system32\autochk.exe 2007-04-20 20:24 617,472 --a------ C:\WINDOWS\system32\comctl32.dll 2007-04-20 20:24 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll 2007-04-20 20:24 610,304 --a------ C:\WINDOWS\system32\sspipes.scr 2007-04-20 20:24 61,824 --a------ C:\WINDOWS\system32\drivers
ic1394.sys 2007-04-20 20:24 61,440 --a------ C:\WINDOWS\system32emotepg.dll 2007-04-20 20:24 61,440 --a------ C:\WINDOWS\system32asman.dll 2007-04-20 20:24 61,440 --a------ C:\WINDOWS\system32\msvcrt40.dll 2007-04-20 20:24 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2007-04-20 20:24 60,928 --a------ C:\WINDOWS\system32\miglibnt.dll 2007-04-20 20:24 60,800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys 2007-04-20 20:24 60,416 --a------ C:\WINDOWS\system32\ipv6mon.dll 2007-04-20 20:24 6,656 --a------ C:\WINDOWS\system32\sensapi.dll 2007-04-20 20:24 6,656 --a------ C:\WINDOWS\system32\msidle.dll 2007-04-20 20:24 6,656 --a------ C:\WINDOWS\system32\laprxy.dll 2007-04-20 20:24 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-04-20 20:24 593,408 --a------ C:\WINDOWS\system32\wiashext.dll 2007-04-20 20:24 59,904 --a------ C:\WINDOWS\system32egsvc.dll 2007-04-20 20:24 59,904 --a------ C:\WINDOWS\system32\mpr.dll 2007-04-20 20:24 59,904 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys 2007-04-20 20:24 586,240 --a------ C:\WINDOWS\system32\mlang.dll 2007-04-20 20:24 581,120 --a------ C:\WINDOWS\system32pcrt4.dll 2007-04-20 20:24 58,880 --a------ C:\WINDOWS\system32esutils.dll 2007-04-20 20:24 58,880 --a------ C:\WINDOWS\system32astapi.dll 2007-04-20 20:24 58,880 --a------ C:\WINDOWS\system32\packager.exe 2007-04-20 20:24 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-04-20 20:24 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-04-20 20:24 579,072 --a------ C:\WINDOWS\system32\user32.dll 2007-04-20 20:24 574,592 --a------ C:\WINDOWS\system32\drivers
tfs.sys 2007-04-20 20:24 572,928 --a------ C:\WINDOWS\system32\printui.dll 2007-04-20 20:24 57,856 --a------ C:\WINDOWS\system32\synceng.dll 2007-04-20 20:24 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe 2007-04-20 20:24 57,856 --a------ C:\WINDOWS\system32asphone.exe 2007-04-20 20:24 57,856 --a------ C:\WINDOWS\system32\driversedbook.sys 2007-04-20 20:24 57,616 --a------ C:\WINDOWS\system32\odbcji32.dll 2007-04-20 20:24 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys 2007-04-20 20:24 57,344 --a------ C:\WINDOWS\system32\msasn1.dll 2007-04-20 20:24 57,344 --a------ C:\WINDOWS\system32\ipconfig.exe 2007-04-20 20:24 566,784 --a------ C:\WINDOWS\system32\shdoclc.dll 2007-04-20 20:24 562,688 --a------ C:\WINDOWS\system32\qedit.dll 2007-04-20 20:24 56,832 --a------ C:\WINDOWS\system32eg.exe 2007-04-20 20:24 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-04-20 20:24 553,472 --a------ C:\WINDOWS\system32\oleaut32.dll 2007-04-20 20:24 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll 2007-04-20 20:24 55,936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys 2007-04-20 20:24 55,808 --a------ C:\WINDOWS\system32\secur32.dll 2007-04-20 20:24 55,296 --a------ C:\WINDOWS\system32\sendmail.dll 2007-04-20 20:24 55,296 --a------ C:\WINDOWS\system32
pptools.dll 2007-04-20 20:24 55,296 --a------ C:\WINDOWS\system32\iesetup.dll 2007-04-20 20:24 54,784 --a------ C:\WINDOWS\system32
arrator.exe 2007-04-20 20:24 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll 2007-04-20 20:24 54,784 --a------ C:\WINDOWS\system32\ixsso.dll 2007-04-20 20:24 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-04-20 20:24 53,760 --a------ C:\WINDOWS\system32\winsta.dll 2007-04-20 20:24 53,760 --a------ C:\WINDOWS\system32\ipv6.exe 2007-04-20 20:24 53,760 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys 2007-04-20 20:24 53,632 --a------ C:\WINDOWS\system32\drivers\volsnap.sys 2007-04-20 20:24 53,279 --a------ C:\WINDOWS\system32\msjter40.dll 2007-04-20 20:24 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys 2007-04-20 20:24 515,072 --a------ C:\WINDOWS\system32\logonui.exe 2007-04-20 20:24 512,029 --a------ C:\WINDOWS\system32\msexch40.dll 2007-04-20 20:24 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll 2007-04-20 20:24 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll 2007-04-20 20:24 51,712 --a------ C:\WINDOWS\system32\msident.dll 2007-04-20 20:24 51,328 --a------ C:\WINDOWS\system32\driversasl2tp.sys 2007-04-20 20:24 51,200 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-04-20 20:24 506,368 --a------ C:\WINDOWS\system32\msxml.dll 2007-04-20 20:24 504,832 --a------ C:\WINDOWS\system32\winlogon.exe 2007-04-20 20:24 50,688 --a------ C:\WINDOWS\system32\smss.exe 2007-04-20 20:24 50,688 --a------ C:\WINDOWS\system32\proquota.exe 2007-04-20 20:24 50,688 --a------ C:\WINDOWS\system32\mmcshext.dll 2007-04-20 20:24 50,176 --a------ C:\WINDOWS\system32\utilman.exe 2007-04-20 20:24 50,176 --a------ C:\WINDOWS\system32\inetres.dll 2007-04-20 20:24 5,632 --a------ C:\WINDOWS\system32\wmi.dll 2007-04-20 20:24 5,632 --a------ C:\WINDOWS\system32\winver.exe 2007-04-20 20:24 5,632 --a------ C:\WINDOWS\system32\security.dll 2007-04-20 20:24 5,120 --a------ C:\WINDOWS\system32\sfc.dll 2007-04-20 20:24 495,104 --a------ C:\WINDOWS\system32
tmsmgr.dll 2007-04-20 20:24 49,664 --a------ C:\WINDOWS\system32egapi.dll 2007-04-20 20:24 49,664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys 2007-04-20 20:24 49,536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys 2007-04-20 20:24 49,152 --a------ C:\WINDOWS\system32\wdigest.dll 2007-04-20 20:24 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-04-20 20:24 48,384 --a------ C:\WINDOWS\system32\driversaspptp.sys 2007-04-20 20:24 48,128 --a------ C:\WINDOWS\system32\msprivs.dll 2007-04-20 20:24 48,128 --a------ C:\WINDOWS\system32\mshtmler.dll 2007-04-20 20:24 47,616 --a------ C:\WINDOWS\system32\ssmypics.scr 2007-04-20 20:24 47,616 --a------ C:\WINDOWS\system32\iyuv_32.dll 2007-04-20 20:24 464,896 --a------ C:\WINDOWS\system32\wiadefui.dll 2007-04-20 20:24 46,592 --a------ C:\WINDOWS\system32	cpmonui.dll 2007-04-20 20:24 46,592 --a------ C:\WINDOWS\system32\drivers\p3.sys 2007-04-20 20:24 46,080 --a------ C:\WINDOWS\system32	cpmon.dll 2007-04-20 20:24 453,120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys 2007-04-20 20:24 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-04-20 20:24 45,568 --a------ C:\WINDOWS\system32\mshta.exe 2007-04-20 20:24 45,056 --a------ C:\WINDOWS\system32\ftp.exe 2007-04-20 20:24 442,368 --a------ C:\WINDOWS\system32\sqlsrv32.dll 2007-04-20 20:24 440,320 --a------ C:\WINDOWS\system32\shimgvw.dll 2007-04-20 20:24 44,544 --a------ C:\WINDOWS\system32	scupgrd.exe 2007-04-20 20:24 44,032 --a------ C:\WINDOWS\system32tutils.dll 2007-04-20 20:24 437,248 --a------ C:\WINDOWS\system32
tmssvc.dll 2007-04-20 20:24 436,736 --a------ C:\WINDOWS\system32\wiaacmgr.exe 2007-04-20 20:24 430,592 --a------ C:\WINDOWS\system32\vssapi.dll 2007-04-20 20:24 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-04-20 20:24 43,520 --a------ C:\WINDOWS\system32acpldlg.dll 2007-04-20 20:24 43,520 --a------ C:\WINDOWS\system32\pstorec.dll 2007-04-20 20:24 43,520 --a------ C:\WINDOWS\system32
tlanman.dll 2007-04-20 20:24 429,056 --a------ C:\WINDOWS\system32\samsrv.dll 2007-04-20 20:24 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-20 20:24 424,448 --a------ C:\WINDOWS\system32\licdll.dll 2007-04-20 20:24 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll 2007-04-20 20:24 420,864 --a------ C:\WINDOWS\system32
tvdm.exe 2007-04-20 20:24 42,537 --a------ C:\WINDOWS\system32\keyboard.sys 2007-04-20 20:24 42,496 --a------ C:\WINDOWS\system32\wsnmp32.dll 2007-04-20 20:24 42,496 --a------ C:\WINDOWS\system32\shmgrate.exe 2007-04-20 20:24 42,496 --a------ C:\WINDOWS\system32
et.exe 2007-04-20 20:24 42,240 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys 2007-04-20 20:24 413,696 --a------ C:\WINDOWS\system32\vbscript.dll 2007-04-20 20:24 413,696 --a------ C:\WINDOWS\system32\msvcp60.dll 2007-04-20 20:24 412,160 --a------ C:\WINDOWS\system32\mstsc.exe 2007-04-20 20:24 41,856 --a------ C:\WINDOWS\system32\drivers\imapi.sys 2007-04-20 20:24 41,472 --a------ C:\WINDOWS\system32\perfctrs.dll 2007-04-20 20:24 41,472 --a------ C:\WINDOWS\system32\driversaspppoe.sys 2007-04-20 20:24 41,088 --a------ C:\WINDOWS\system32\drivers\amdk6.sys 2007-04-20 20:24 407,040 --a------ C:\WINDOWS\system32
etlogon.dll 2007-04-20 20:24 406,528 --a------ C:\WINDOWS\system32\usp10.dll 2007-04-20 20:24 40,960 --a------ C:\WINDOWS\system32
tmsapi.dll 2007-04-20 20:24 40,960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-04-20 20:24 40,960 --a------ C:\WINDOWS\system32\licmgr10.dll 2007-04-20 20:24 40,840 --a------ C:\WINDOWS\system32\drivers	ermdd.sys 2007-04-20 20:24 40,576 --a------ C:\WINDOWS\system32\drivers\crusoe.sys 2007-04-20 20:24 40,448 --a------ C:\WINDOWS\system32shx32.dll 2007-04-20 20:24 40,320 --a------ C:\WINDOWS\system32\drivers
mnt.sys 2007-04-20 20:24 4,608 --a------ C:\WINDOWS\system32\msimg32.dll 2007-04-20 20:24 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-04-20 20:24 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll 2007-04-20 20:24 4,096 --a------ C:\WINDOWS\system32
ddeapir.exe 2007-04-20 20:24 399,872 --a------ C:\WINDOWS\system32\lmrt.dll 2007-04-20 20:24 399,360 --a------ C:\WINDOWS\system32egwizc.dll 2007-04-20 20:24 399,360 --a------ C:\WINDOWS\system32\cmd.exe 2007-04-20 20:24 397,824 --a------ C:\WINDOWS\system32pcss.dll 2007-04-20 20:24 396,528 --a------ C:\WINDOWS\system32\wmadmod.dll 2007-04-20 20:24 393,216 --a------ C:\WINDOWS\system32\ssflwbox.scr 2007-04-20 20:24 390,144 --a------ C:\WINDOWS\system32	hemeui.dll 2007-04-20 20:24 39,424 --a------ C:\WINDOWS\system32\drivers\processr.sys 2007-04-20 20:24 386,048 --a------ C:\WINDOWS\system32\ipsmsnap.dll 2007-04-20 20:24 385,536 --a------ C:\WINDOWS\system32\qdvd.dll

ace_quorthon · Answer

2007-04-20 21:37 d-------- C:\WINDOWS\system32\3076 2007-04-20 21:37 d-------- C:\WINDOWS\system32\2052 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1054 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1043 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1042 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1041 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1037 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1033 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1031 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1028 2007-04-20 21:37 d-------- C:\WINDOWS\system32\1025 2007-04-20 21:37 d-------- C:\WINDOWS\system32 2007-04-20 21:37 d-------- C:\WINDOWS\system 2007-04-20 21:37 d-------- C:\WINDOWS\security 2007-04-20 21:37 d-------- C:\WINDOWS\Resources 2007-04-20 21:37 d-------- C:\WINDOWSepair 2007-04-20 21:37 d-------- C:\WINDOWS\OemDir 2007-04-20 21:37 d-------- C:\WINDOWS\mui 2007-04-20 21:37 d-------- C:\WINDOWS\msapps 2007-04-20 21:37 d-------- C:\WINDOWS\msagent 2007-04-20 21:37 d-------- C:\WINDOWS\Media 2007-04-20 21:37 d-------- C:\WINDOWS\ime 2007-04-20 21:37 d-------- C:\WINDOWS\Help 2007-04-20 21:37 d-------- C:\WINDOWS\Driver Cache 2007-04-20 21:37 d-------- C:\WINDOWS\Debug 2007-04-20 21:37 d-------- C:\WINDOWS\Cursors 2007-04-20 21:37 d-------- C:\WINDOWS\Connection Wizard 2007-04-20 21:37 d-------- C:\WINDOWS\Config 2007-04-20 21:37 d-------- C:\WINDOWS\AppPatch 2007-04-20 21:37 d-------- C:\WINDOWS\addins 2007-04-20 21:37 d-------- C:\WINDOWS 2007-04-20 21:23 d--h----- C:\WINDOWS\$hf_mig$ 2007-04-20 21:23 d-------- C:\WINDOWS\system32\PreInstall 2007-04-20 21:06 d-------- C:\DOCUME~1\LOCALS~1\Menu Start 2007-04-20 20:27 d-------- C:\WINDOWS\provisioning 2007-04-20 20:27 d-------- C:\WINDOWS\peernet 2007-04-20 20:25 98,304 --a------ C:\WINDOWS\system32\cscript.exe 2007-04-20 20:25 98,304 --a------ C:\WINDOWS\system32\ahui.exe 2007-04-20 20:25 97,280 --a------ C:\WINDOWS\system32\dpcdll.dll 2007-04-20 20:25 96,768 --a------ C:\WINDOWS\system32\drmstor.dll 2007-04-20 20:25 95,744 --a------ C:\WINDOWS\system32\mqsec.dll 2007-04-20 20:25 93,184 --a------ C:\WINDOWS\system32\dskquota.dll 2007-04-20 20:25 9,728 --a------ C:\WINDOWS\system32\proxycfg.exe 2007-04-20 20:25 9,344 --a------ C:\WINDOWS\system32\framebuf.dll 2007-04-20 20:25 89,088 --a------ C:\WINDOWS\system32\mqlogmgr.dll 2007-04-20 20:25 88,576 --a------ C:\WINDOWS\system32\fldrclnr.dll 2007-04-20 20:25 85,504 --a------ C:\WINDOWS\system32\diantz.exe 2007-04-20 20:25 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-04-20 20:25 85,504 --a------ C:\WINDOWS\system32\cabview.dll 2007-04-20 20:25 85,504 --a------ C:\WINDOWS\system32\avifil32.dll 2007-04-20 20:25 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-04-20 20:25 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-04-20 20:25 822,784 --a------ C:\WINDOWS\system32\comres.dll 2007-04-20 20:25 82,432 --a------ C:\WINDOWS\system32\dmscript.dll 2007-04-20 20:25 82,432 --a------ C:\WINDOWS\system32\dfrgfat.exe 2007-04-20 20:25 80,896 --a------ C:\WINDOWS\system32\faultrep.dll 2007-04-20 20:25 80,384 --a------ C:\WINDOWS\system32\iccvid.dll 2007-04-20 20:25 8,704 --a------ C:\WINDOWS\system32\dciman32.dll 2007-04-20 20:25 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-04-20 20:25 8,704 --a------ C:\WINDOWS\system32\asferror.dll 2007-04-20 20:25 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-04-20 20:25 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-04-20 20:25 79,872 --a------ C:\WINDOWS\system32	lntsess.exe 2007-04-20 20:25 78,336 --a------ C:\WINDOWS\system32\browsewm.dll 2007-04-20 20:25 77,824 --a------ C:\WINDOWS\system32\cliconfg.dll 2007-04-20 20:25 77,312 --a------ C:\WINDOWS\system32\browser.dll 2007-04-20 20:25 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll 2007-04-20 20:25 75,776 --a------ C:\WINDOWS\system32\cryptdlg.dll 2007-04-20 20:25 74,752 --a------ C:\WINDOWS\system32	lntsvr.exe 2007-04-20 20:25 74,752 --a------ C:\WINDOWS\system32\fdeploy.dll 2007-04-20 20:25 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-04-20 20:25 72,960 --a------ C:\WINDOWS\system32\drivers\mqac.sys 2007-04-20 20:25 72,192 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-04-20 20:25 71,680 --a------ C:\WINDOWS\system32\admparse.dll 2007-04-20 20:25 70,656 --a------ C:\WINDOWS\system32\amstream.dll 2007-04-20 20:25 7,168 --a------ C:\WINDOWS\system32	lntsvrp.dll 2007-04-20 20:25 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-04-20 20:25 69,632 --a------ C:\WINDOWS\system32\openfiles.exe 2007-04-20 20:25 69,120 --a------ C:\WINDOWS\system32\ciodm.dll 2007-04-20 20:25 68,608 --a------ C:\WINDOWS\system32\digest.dll 2007-04-20 20:25 68,096 --a------ C:\WINDOWS\system32\adsmsext.dll 2007-04-20 20:25 67,584 --a------ C:\WINDOWS\system32\browselc.dll 2007-04-20 20:25 660,992 --a------ C:\WINDOWS\system32\mqqm.dll 2007-04-20 20:25 65,536 --a------ C:\WINDOWS\system32
wwks.dll 2007-04-20 20:25 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-04-20 20:25 65,024 --a------ C:\WINDOWS\system32\cleanmgr.exe 2007-04-20 20:25 65,024 --a------ C:\WINDOWS\system32\asycfilt.dll 2007-04-20 20:25 640,000 --a------ C:\WINDOWS\system32\dbghelp.dll 2007-04-20 20:25 64,512 --a------ C:\WINDOWS\system32\cmstp.exe 2007-04-20 20:25 63,488 --a------ C:\WINDOWS\system32\cryptnet.dll 2007-04-20 20:25 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-04-20 20:25 62,976 --a------ C:\WINDOWS\system32	lntadmn.exe 2007-04-20 20:25 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-04-20 20:25 614,912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-04-20 20:25 610,816 --a------ C:\WINDOWS\system32\autofmt.exe 2007-04-20 20:25 61,440 --a------ C:\WINDOWS\system32\logman.exe 2007-04-20 20:25 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-04-20 20:25 609,280 --a------ C:\WINDOWS\system32\wsecedit.dll 2007-04-20 20:25 601,088 --a------ C:\WINDOWS\system32\crypt32.dll 2007-04-20 20:25 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-04-20 20:25 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll 2007-04-20 20:25 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2007-04-20 20:25 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-04-20 20:25 59,904 --a------ C:\WINDOWS\system32\devenum.dll 2007-04-20 20:25 59,904 --a------ C:\WINDOWS\system32\cabinet.dll 2007-04-20 20:25 58,880 --a------ C:\WINDOWS\system32\atl.dll 2007-04-20 20:25 572,928 --a------ C:\WINDOWS\system32\gpedit.dll 2007-04-20 20:25 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-04-20 20:25 57,856 --a------ C:\WINDOWS\system32\clusapi.dll 2007-04-20 20:25 57,856 --a------ C:\WINDOWS\system32\cipher.exe 2007-04-20 20:25 56,832 --a------ C:\WINDOWS\system32\authz.dll 2007-04-20 20:25 55,808 --a------ C:\WINDOWS\system32\eventlog.dll 2007-04-20 20:25 55,296 --a------ C:\WINDOWS\system32\dmutil.dll 2007-04-20 20:25 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-20 20:25 54,784 --a------ C:\WINDOWS\system32\dataclen.dll 2007-04-20 20:25 54,784 --a------ C:\WINDOWS\system32\cryptext.dll 2007-04-20 20:25 53,920 --a------ C:\WINDOWS\system32\dosx.exe 2007-04-20 20:25 527,872 --a------ C:\WINDOWS\system32\cryptui.dll 2007-04-20 20:25 52,736 --a------ C:\WINDOWS\system32\basesrv.dll 2007-04-20 20:25 52,224 --a------ C:\WINDOWS\system32\dssec.dll 2007-04-20 20:25 517,632 --a------ C:\WINDOWS\system32\mqsnap.dll 2007-04-20 20:25 51,712 --a------ C:\WINDOWS\system32\eventcreate.exe 2007-04-20 20:25 504,832 --a------ C:\WINDOWS\system32\mqutil.dll 2007-04-20 20:25 502,272 --a------ C:\WINDOWS\system32\drmv2clt.dll 2007-04-20 20:25 50,688 --a------ C:\WINDOWS	wain_32.dll 2007-04-20 20:25 50,688 --a------ C:\WINDOWS\system32\camocx.dll 2007-04-20 20:25 5,632 --a------ C:\WINDOWS\system32\cisvc.exe 2007-04-20 20:25 499,254 --a------ C:\WINDOWS\system32\dxmasf.dll 2007-04-20 20:25 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-04-20 20:25 49,152 --a------ C:\WINDOWS\system32\cnbjmon.dll 2007-04-20 20:25 48,640 --a------ C:\WINDOWS\system32\mqupgrd.dll 2007-04-20 20:25 48,640 --a------ C:\WINDOWS\system32\docprop2.dll 2007-04-20 20:25 47,104 --a------ C:\WINDOWS\system32\mqdscli.dll 2007-04-20 20:25 47,104 --a------ C:\WINDOWS\system32\cmdl32.exe 2007-04-20 20:25 464,896 --a------ C:\WINDOWS\system32\certmgr.dll 2007-04-20 20:25 45,568 --a------ C:\WINDOWS\system32\extrac32.exe 2007-04-20 20:25 45,568 --a------ C:\WINDOWS\system32\dnsrslvr.dll 2007-04-20 20:25 44,544 --a------ C:\WINDOWS\system32\alg.exe 2007-04-20 20:25 437,248 --------- C:\WINDOWS\system32\xpob2res.dll 2007-04-20 20:25 42,496 --a------ C:\WINDOWS\system32\htui.dll 2007-04-20 20:25 42,496 --a------ C:\WINDOWS\system32\audiosrv.dll 2007-04-20 20:25 41,472 --a------ C:\WINDOWS\system32\hhsetup.dll 2007-04-20 20:25 40,448 --a------ C:\WINDOWS\system32\cmutil.dll 2007-04-20 20:25 40,448 --a------ C:\WINDOWS\system32\cmmon32.exe 2007-04-20 20:25 4,608 --a------ C:\WINDOWS\system32\mqsvc.exe 2007-04-20 20:25 4,096 --a------ C:\WINDOWS\system32\actmovie.exe 2007-04-20 20:25 39,424 --a------ C:\WINDOWS\system32\grpconv.exe 2007-04-20 20:25 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-04-20 20:25 386,048 --a------ C:\WINDOWS\system32\fontext.dll 2007-04-20 20:25 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-04-20 20:25 380,957 --a------ C:\WINDOWS\system32\expsrv.dll 2007-04-20 20:25 38,912 --a------ C:\WINDOWS\system32\dfrgsnap.dll 2007-04-20 20:25 375,296 --a------ C:\WINDOWS\system32\dpnet.dll 2007-04-20 20:25 367,616 --a------ C:\WINDOWS\system32\dsound.dll 2007-04-20 20:25 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-04-20 20:25 35,840 --a------ C:\WINDOWS\system32\dmloader.dll 2007-04-20 20:25 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-04-20 20:25 349,184 --a------ C:\WINDOWS\system32\cmdial32.dll 2007-04-20 20:25 347,648 --a------ C:\WINDOWS\system32\hnetcfg.dll 2007-04-20 20:25 344,064 --a------ C:\WINDOWS\system32\filemgmt.dll 2007-04-20 20:25 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll 2007-04-20 20:25 335,360 --a------ C:\WINDOWS\system32\hnetwiz.dll 2007-04-20 20:25 334,848 --a------ C:\WINDOWS\system32\cscui.dll 2007-04-20 20:25 33,280 --a------ C:\WINDOWS\system32\cryptdll.dll 2007-04-20 20:25 33,280 --a------ C:\WINDOWS\system32\clipsrv.exe 2007-04-20 20:25 31,232 --a------ C:\WINDOWS\system32\ddeshare.exe 2007-04-20 20:25 304,128 --a------ C:\WINDOWS\system32\duser.dll 2007-04-20 20:25 300,032 --a------ C:\WINDOWS\system32\appmgr.dll 2007-04-20 20:25 30,720 --a------ C:\WINDOWS\system32\asr_fmt.exe 2007-04-20 20:25 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-04-20 20:25 30,208 --a------ C:\WINDOWS\system32\atmlib.dll 2007-04-20 20:25 3,584 --a------ C:\WINDOWS\system32\icmp.dll 2007-04-20 20:25 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-04-20 20:25 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-04-20 20:25 294,912 --a------ C:\WINDOWS\system32\blackbox.dll 2007-04-20 20:25 287,744 --a------ C:\WINDOWS\system32\devmgr.dll 2007-04-20 20:25 287,232 --a------ C:\WINDOWS\winhlp32.exe 2007-04-20 20:25 285,696 --a------ C:\WINDOWS\system32\atmfd.dll 2007-04-20 20:25 281,600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-04-20 20:25 28,672 --a------ C:\WINDOWS\system32\findstr.exe 2007-04-20 20:25 28,672 --a------ C:\WINDOWS\system32\dmband.dll 2007-04-20 20:25 28,672 --a------ C:\WINDOWS\system32\dfsshlex.dll 2007-04-20 20:25 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll 2007-04-20 20:25 28,672 --a------ C:\WINDOWS\system32\batmeter.dll 2007-04-20 20:25 27,648 --a------ C:\WINDOWS\system32\conime.exe 2007-04-20 20:25 27,136 --a------ C:\WINDOWS\system32\efsadu.dll 2007-04-20 20:25 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-04-20 20:25 266,240 --a------ C:\WINDOWS\system32\ddraw.dll 2007-04-20 20:25 263,680 --a------ C:\WINDOWS\system32\adsnt.dll 2007-04-20 20:25 260,096 --a------ C:\WINDOWS\system32	racerpt.exe 2007-04-20 20:25 26,112 --a------ C:\WINDOWS\system32\at.exe 2007-04-20 20:25 258,296 --a------ C:\WINDOWS\system32\drmclien.dll 2007-04-20 20:25 254,976 --a------ C:\WINDOWS\system32\icm32.dll 2007-04-20 20:25 253,440 --a------ C:\WINDOWS\system32\compatui.dll 2007-04-20 20:25 25,088 --a------ C:\WINDOWS\system32\defrag.exe

ace_quorthon · Answer

Next is the hijackthis log:   Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:31:59, on 29-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\System32
vsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin
vcoas.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN
ipsvc.exe C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Roland vd Linden\Bureaublad\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4EE5DA61-648C-4F53-A140-1BE34F97F2BF} - C:\WINDOWS\system32\gieknt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\kwyyaqlc.dll (file missing) O2 - BHO: (no name) - {E2389A9A-71FE-459A-91EA-5113C88833A9} - C:\WINDOWS\system32\awvtr.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe' O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [InfoData] rundll32.exe 'C:\WINDOWS\system32
xqkwatm.dll',realset O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [DAEMON Tools] 'C:\Program Files\DAEMON Tools\daemon.exe' -lang 1033 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 'C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe' O4 - HKCU\..\Run: [Dtth] 'C:\WINDOWS\system32\FNTS~1
slookup.exe' -vt ndrv O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177092253623 O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin
vcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 6969 bytes

ace_quorthon · Answer

combofixlog: 'Roland vd Linden' - 07-04-29 21:07:05    Service Pack 2 ComboFix 07-04-25.4V - Running from: 'C:\Documents and Settings\Roland vd Linden\Bureaublad\' ((((((((((((((((((((((((((((((((((((((((((((((((((   V Log   ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\kwyyaqlc.dllC:\WINDOWS\system32
nnkjig.dllC:\WINDOWS\system32\yayxxxw.dllC:\WINDOWS\system32\opnkiji.dll * * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\inetget2~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~Folders Quarantined:C:\qoobox\purity\C\Program Files\YSTEM3~1C:\qoobox\purity\C\WINDOWS\system32\FNTS~1C:\qoobox\purity\C\WINDOWS\system32\FNTS~1\F?ntsC:\qoobox\purity\C\WINDOWS\system32\FNTS~1
slookup.exe (((((((((((((((((((((((((((((((   Files Created from 2007-03-28 to 2007-04-29  )))))))))))))))))))))))))))))))))) 2007-04-28 19:31 d-------- C:\Program Files\KONAMI 2007-04-28 17:52 60,928 --a------ C:\WINDOWS\system32\gieknt.dll 2007-04-27 22:58 d-------- C:\Program Files\Bethesda Softworks 2007-04-26 20:19 d-------- C:\Program Files\SubSync 2007-04-26 20:18 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-04-26 20:18 249,856 --------- C:\WINDOWS\Setup1.exe 2007-04-26 12:57 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-04-26 12:57 d-------- C:\Program Files\Alcohol Soft 2007-04-26 10:48 580,571 ---hs---- C:\WINDOWS\system32tvwa.bak2 2007-04-26 09:50 d-------- C:\DOCUME~1\ROLAND~1\APPLIC~1\Azureus 2007-04-26 09:50 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus 2007-04-25 20:10 d-------- C:\DOCUME~1\ROLAND~1\APPLIC~1\vlc 2007-04-25 20:05 d-------- C:\Program Files\VideoLAN 2007-04-25 17:06 87,608 --a------ C:\DOCUME~1\ROLAND~1\APPLIC~1\ezpinst.exe 2007-04-25 16:38 87,608 --a------ C:\DOCUME~1\ROLAND~1\APPLIC~1\inst.exe 2007-04-25 16:38 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-04-25 16:38 47,360 --a------ C:\DOCUME~1\ROLAND~1\APPLIC~1\pcouffin.sys 2007-04-25 16:38 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2007-04-25 16:38 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2007-04-25 16:38 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2007-04-25 16:38 d-------- C:\Program Files\VSO 2007-04-25 16:38 d-------- C:\DOCUME~1\ROLAND~1\APPLIC~1\Vso 2007-04-25 10:48 543,918 ---hs---- C:\WINDOWS\system32tvwa.bak1 2007-04-25 10:47 281,172 ---hs---- C:\WINDOWS\system32\awvtr.dll 2007-04-25 10:44 d-------- C:\WINDOWS\system32\appmgmt 2007-04-25 10:33 45,056 --a------ C:\WINDOWSetadpu2000352.exe 2007-04-25 09:25 d-------- C:\Program Files\MSXML 4.0 2007-04-24 17:40 d-------- C:\DOCUME~1\ROLAND~1\APPLIC~1\Ahead 2007-04-24 17:38 d-------- C:\Program Files\Nero 2007-04-24 15:25 d-------- C:\DOCUME~1\ROLAND~1\APPLIC~1\Command & Conquer 3 Tiberium Wars 2007-04-24 14:56 d-------- C:\Program Files\AVI To VCD SVCD DVD MPEG Converter 2007-04-24 14:40 d-------- C:\Norman 2007-04-24 14:26 d-------- C:\Program Files\Norman 2007-04-24 14:26 d-------- C:\DOCUME~1\ROLAND~1\APPLIC~1\Norman 2007-04-24 13:03 d-------- C:\Program Files\Electronic Arts 2007-04-24 12:54 d-------- C:\Program Files\DAEMON Tools 2007-04-24 12:53 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-04-23 18:37 164,992 --a------ C:\WINDOWS\system32\drivers\athsgt.sys 2007-04-23 18:37 12,544 --a------ C:\WINDOWS\system32\drivers\limsgt.sys 2007-04-23 18:32 d-------- C:\Program Files\Focus 2007-04-23 17:42 d-------- C:\WINDOWS\system32
l-nl 2007-04-23 17:41 d-------- C:\WINDOWS
etwork diagnostic 2007-04-23 17:34 d-------- C:\Program Files\Guitar Pro 5 2007-04-23 17:02 d-------- C:\Program Files\PowerISO 2007-04-23 16:47 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-04-23 16:43 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-04-23 16:43 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-04-23 16:33 149,504 --a------ C:\WINDOWS\UNWISE.EXE 2007-04-23 16:33 d-------- C:\WINDOWS\RegisteredPackages 2007-04-23 16:32 d-------- C:\Program Files\Creative 2007-04-23 15:17 d-------- C:\DOCUME~1\ROLAND~1\APPLIC~1\Hamachi 2007-04-23 15:16 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-04-23 15:16 d-------- C:\Program Files\Hamachi 2007-04-22 17:06 d-------- C:\DOCUME~1\ROLAND~1\APPLIC~1\Help 2007-04-22 17:04 d-------- C:\DOCUME~1\ROLAND~1\Contacts 2007-04-22 16:41 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-04-22 16:41 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-04-22 16:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-04-22 16:41 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-04-22 13:42 d-------- C:\WINDOWS\system32\Lang 2007-04-22 13:39 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-04-22 13:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-04-22 13:39 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-04-22 13:39 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-04-22 13:39 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-04-22 13:39 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-04-22 13:39 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-04-22 13:39 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-04-22 13:39 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-04-22 13:39 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-04-22 13:39 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-04-22 13:39 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-04-22 13:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-04-22 13:38 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2007-04-22 13:28 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-04-22 13:21 d-------- C:\WINDOWS\Prefetch 2007-04-22 13:13 d-------- C:\WINDOWS\ServicePackFiles 2007-04-22 12:56 d-------- C:\Program Files\Azureus 2007-04-20 21:49 5,504 -ra------ C:\WINDOWS\system32\drivers\SiRemFil.sys 2007-04-20 21:49 210,224 -ra------ C:\WINDOWS\system32\drivers\Si3531.sys 2007-04-20 21:49 10,368 -ra------ C:\WINDOWS\system32\drivers\SiWinAcc.sys 2007-04-20 21:45 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-04-20 21:45 d----c--- C:\WINDOWS\system32\DRVSTORE 2007-04-20 21:45 d-------- C:\Program Files\MSN Messenger 2007-04-20 21:44 d-------- C:\Program Files\Microsoft.NET 2007-04-20 21:44 d-------- C:\Program Files\Microsoft Works 2007-04-20 21:43 d-------- C:\WINDOWS\SHELLNEW 2007-04-20 21:42 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-04-20 21:41 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-04-20 21:41 9,040 --a------ C:\WINDOWS\system\VER.DLL 2007-04-20 21:41 86,556 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-04-20 21:41 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-04-20 21:41 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-04-20 21:41 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-04-20 21:41 70,144 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-04-20 21:41 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-04-20 21:41 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-04-20 21:41 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-04-20 21:41 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-04-20 21:41 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-04-20 21:41 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-04-20 21:41 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-04-20 21:41 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-04-20 21:41 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-04-20 21:41 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-04-20 21:41 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-04-20 21:41 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-04-20 21:41 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-04-20 21:41 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-04-20 21:41 33,696 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-04-20 21:41 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-04-20 21:41 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-04-20 21:41 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-04-20 21:41 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-04-20 21:41 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-04-20 21:41 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-04-20 21:41 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-04-20 21:41 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-04-20 21:41 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-04-20 21:41 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-04-20 21:41 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-04-20 21:41 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-04-20 21:41 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-04-20 21:41 15,872 --a------ C:\WINDOWS\TASKMAN.EXE 2007-04-20 21:41 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-04-20 21:41 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-04-20 21:41 126,976 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-04-20 21:41 109,552 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-04-20 21:41 103,936 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-04-20 21:41 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-04-20 21:41 dr------- C:\Program Files 2007-04-20 21:41 dr------- C:\DOCUME~1\DEFAUL~1\Menu Start 2007-04-20 21:41 dr------- C:\DOCUME~1\ALLUSE~1\Menu Start 2007-04-20 21:41 dr------- C:\DOCUME~1\ALLUSE~1\Documenten 2007-04-20 21:41 d--h----- C:\WINDOWS\msdownld.tmp 2007-04-20 21:41 d--h----- C:\DOCUME~1\DEFAUL~1\Sjablonen 2007-04-20 21:41 d--h----- C:\DOCUME~1\DEFAUL~1\Onlangs geopend 2007-04-20 21:41 d--h----- C:\DOCUME~1\DEFAUL~1\Netwerkprinteromgeving 2007-04-20 21:41 d--h----- C:\DOCUME~1\ALLUSE~1\Sjablonen 2007-04-20 21:41 d-------- C:\Program Files\Common Files\SpeechEngines 2007-04-20 21:41 d-------- C:\Program Files\Common Files\ODBC 2007-04-20 21:41 d-------- C:\DOCUME~1\DEFAUL~1\Mijn documenten 2007-04-20 21:41 d-------- C:\DOCUME~1\DEFAUL~1\Favorieten 2007-04-20 21:41 d-------- C:\DOCUME~1\DEFAUL~1\Bureaublad 2007-04-20 21:41 d-------- C:\DOCUME~1\ALLUSE~1\Favorieten 2007-04-20 21:41 d-------- C:\DOCUME~1\ALLUSE~1\Bureaublad 2007-04-20 21:40 d-------- C:\WINDOWS\system32\CatRoot2 2007-04-20 21:40 d-------- C:\WINDOWS\system32\CatRoot 2007-04-20 21:40 d-------- C:\Documents and Settings 2007-04-20 21:39 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe 2007-04-20 21:39 86,016 -r------- C:\WINDOWS\SoundMan.exe 2007-04-20 21:39 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-04-20 21:39 4,225,920 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-04-20 21:39 2,879,488 -r------- C:\WINDOWS\SkyTel.exe 2007-04-20 21:39 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2007-04-20 21:39 2,157,568 -r------- C:\WINDOWS\MicCal.exe 2007-04-20 21:39 16,270,848 -r------- C:\WINDOWS\RTHDCPL.exe 2007-04-20 21:39 1,183,744 -r------- C:\WINDOWS\RtlUpd.exe 2007-04-20 21:39 d-------- C:\WINDOWS\system32\RTCOM 2007-04-20 21:38 499,712 -r------- C:\WINDOWS\RtlExUpd.dll 2007-04-20 21:38 d--h----- C:\Program Files\InstallShield Installation Information 2007-04-20 21:38 d-------- C:\Program Files\Realtek 2007-04-20 21:37 dr-hsc--- C:\WINDOWS\system32\dllcache 2007-04-20 21:37 dr--s---- C:\WINDOWS\Fonts 2007-04-20 21:37 dr------- C:\WINDOWS\Web 2007-04-20 21:37 d--h----- C:\WINDOWS\inf 2007-04-20 21:37 d-------- C:\WINDOWS\WinSxS 2007-04-20 21:37 d-------- C:\WINDOWS	wain_32 2007-04-20 21:37 d-------- C:\WINDOWS\system32\wins 2007-04-20 21:37 d-------- C:\WINDOWS\system32\wbem 2007-04-20 21:37 d-------- C:\WINDOWS\system32\usmt 2007-04-20 21:37 d-------- C:\WINDOWS\system32\spool 2007-04-20 21:37 d-------- C:\WINDOWS\system32\ShellExt 2007-04-20 21:37 d-------- C:\WINDOWS\system32\Setup 2007-04-20 21:37 d-------- C:\WINDOWS\system32as 2007-04-20 21:37 d-------- C:\WINDOWS\system32\oobe 2007-04-20 21:37 d-------- C:\WINDOWS\system32
pp 2007-04-20 21:37 d-------- C:\WINDOWS\system32\mui 2007-04-20 21:37 d-------- C:\WINDOWS\system32\inetsrv 2007-04-20 21:37 d-------- C:\WINDOWS\system32\IME 2007-04-20 21:37 d-------- C:\WINDOWS\system32\icsxml 2007-04-20 21:37 d-------- C:\WINDOWS\system32\ias 2007-04-20 21:37 d-------- C:\WINDOWS\system32\export 2007-04-20 21:37 d-------- C:\WINDOWS\system32\drivers\etc 2007-04-20 21:37 d-------- C:\WINDOWS\system32\drivers\disdn 2007-04-20 21:37 d-------- C:\WINDOWS\system32\drivers 2007-04-20 21:37 d-------- C:\WINDOWS\system32\dhcp 2007-04-20 21:37 d-------- C:\WINDOWS\system32\config 2007-04-20 21:37 d-------- C:\WINDOWS\system32\3com_dmi

ace_quorthon · Answer

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!    *Note* empty entries & legit default entries are not shown   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4EE5DA61-648C-4F53-A140-1BE34F97F2BF} C:\WINDOWS\system32\gieknt.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\kwyyaqlc.dll {E2389A9A-71FE-459A-91EA-5113C88833A9} C:\WINDOWS\system32\awvtr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun] 'NvCplDaemon'='RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup' 'nwiz'='nwiz.exe /install' 'NvMediaCenter'='RunDLL32.exe NvMCTray.dll,NvTaskbarInit' 'SunJavaUpdateSched'='\'C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\'' 'SkyTel'='SkyTel.EXE' 'RTHDCPL'='RTHDCPL.EXE' 'Alcmtr'='ALCMTR.EXE' 'Norman ZANDA'='C:\Norman\bin\ZLH.EXE /LOAD /SPLASH' 'InfoData'='rundll32.exe \'C:\WINDOWS\system32\nxqkwatm.dll\',realset' [HKEY_CURRENT_USER\software\microsoft\windows\currentversionun] 'CTFMON.EXE'='C:\WINDOWS\system32\ctfmon.exe' 'MsnMsgr'='\'C:\Program Files\MSN Messenger\MsnMsgr.Exe\' /background' 'MSMSGS'='\'C:\Program Files\Messenger\msmsgs.exe\' /background' 'Creative Detector'='C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R' 'DAEMON Tools'='\'C:\Program Files\DAEMON Tools\daemon.exe\' -lang 1033' 'BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}'='\'C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe\'' 'Dtth'='\'C:\WINDOWS\system32\FNTS~1\nslookup.exe\' -vt ndrv' HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\awvtr HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wineil32 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa    Authentication Packages REG_MULTI_SZ    msv1_0\0\0    Security Packages REG_MULTI_SZ    kerberos\0msv1_0\0schannel\0wdigest\0\0    Notification Packages REG_MULTI_SZ    \0scecli\0scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ    Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ    DnsCache\0\0 rpcss REG_MULTI_SZ    RpcSs\0\0 imgsvc REG_MULTI_SZ    StiSvc\0\0 termsvcs REG_MULTI_SZ    TermService\0\0 HTTPFilter REG_MULTI_SZ    HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ    DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J] Shell\AutoRun\command J:\autorun6e.exe ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, www.gmer. net Rootkit scan 2007-04-29 21:12:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-29 21:13:36 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-29 21:13

ace_quorthon · Answer

2007-04-20 20:25 25,088 --a------ C:\WINDOWS\system32\davclnt.dll 2007-04-20 20:25 243,200 --a------ C:\WINDOWS\system32\es.dll 2007-04-20 20:25 240,128 --a------ C:\WINDOWS\system32\dsquery.dll 2007-04-20 20:25 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll 2007-04-20 20:25 24,064 --a------ C:\WINDOWS\system32\pidgen.dll 2007-04-20 20:25 24,064 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-04-20 20:25 24,064 --a------ C:\WINDOWS\system32\dmserver.dll 2007-04-20 20:25 230,400 --a------ C:\WINDOWS\system32\compstui.dll 2007-04-20 20:25 23,040 --a------ C:\WINDOWS\system32\ersvc.dll 2007-04-20 20:25 229,888 --a------ C:\WINDOWS\system32\dplayx.dll 2007-04-20 20:25 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-04-20 20:25 225,280 --a------ C:\WINDOWS\system32\mqoa.dll 2007-04-20 20:25 225,280 --a------ C:\WINDOWS\system32\dmadmin.exe 2007-04-20 20:25 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-20 20:25 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-04-20 20:25 21,504 --a------ C:\WINDOWS\system32\fontview.exe 2007-04-20 20:25 21,504 --a------ C:\WINDOWS\system32\feclient.dll 2007-04-20 20:25 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-04-20 20:25 200,704 --a------ C:\WINDOWS\system32\dmdskmgr.dll 2007-04-20 20:25 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll 2007-04-20 20:25 200,192 --a------ C:\WINDOWS\system32\gptext.dll 2007-04-20 20:25 20,992 --a------ C:\WINDOWS\system32\hid.dll 2007-04-20 20:25 20,480 --a------ C:\WINDOWS\system32\cliconfg.exe 2007-04-20 20:25 2,067,968 --a------ C:\WINDOWS\system32\cdosys.dll 2007-04-20 20:25 197,632 --a------ C:\WINDOWS\system32\certcli.dll 2007-04-20 20:25 194,560 --a------ C:\WINDOWS\system32\eudcedit.exe 2007-04-20 20:25 194,048 --a------ C:\WINDOWS\system32\activeds.dll 2007-04-20 20:25 19,968 --a------ C:\WINDOWS\system32\mqbkup.exe 2007-04-20 20:25 19,456 --a------ C:\WINDOWS\system32\dswave.dll 2007-04-20 20:25 188,928 --a------ C:\WINDOWS\system32\cmprops.dll 2007-04-20 20:25 187,392 --a------ C:\WINDOWS\system32\accwiz.exe 2007-04-20 20:25 186,880 --a------ C:\WINDOWS\system32\mqtrig.dll 2007-04-20 20:25 186,880 --a------ C:\WINDOWS\system32\dinput8.dll 2007-04-20 20:25 186,368 --a------ C:\WINDOWS\system32\els.dll 2007-04-20 20:25 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll 2007-04-20 20:25 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-04-20 20:25 181,248 --a------ C:\WINDOWS\system32\dmime.dll 2007-04-20 20:25 180,224 --a------ C:\WINDOWS\system32\dwwin.exe 2007-04-20 20:25 18,944 --a------ C:\WINDOWS\system32\secedit.exe 2007-04-20 20:25 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-04-20 20:25 177,152 --a------ C:\WINDOWS\system32\mqrt.dll 2007-04-20 20:25 175,616 --a------ C:\WINDOWS\system32\appmgmts.dll 2007-04-20 20:25 175,616 --a------ C:\WINDOWS\system32\adsldp.dll 2007-04-20 20:25 17,920 --a------ C:\WINDOWS\system32\dvdupgrd.exe 2007-04-20 20:25 17,408 --a------ C:\WINDOWS\system32\corpol.dll 2007-04-20 20:25 17,408 --a------ C:\WINDOWS\system32\bidispl.dll 2007-04-20 20:25 17,408 --a------ C:\WINDOWS\system32\alrsvc.dll 2007-04-20 20:25 167,424 --a------ C:\WINDOWS\system32\diskpart.exe 2007-04-20 20:25 164,864 --a------ C:\WINDOWS\system32\credui.dll 2007-04-20 20:25 164,864 --a------ C:\WINDOWS\system32\cewmdm.dll 2007-04-20 20:25 164,352 --a------ C:\WINDOWS\system32\dinput.dll 2007-04-20 20:25 163,584 --a------ C:\WINDOWS\system32\drivers
wrdr.sys 2007-04-20 20:25 16,896 --a------ C:\WINDOWS\system32\mqise.dll 2007-04-20 20:25 16,896 --a------ C:\WINDOWS\system32\cfgmgr32.dll 2007-04-20 20:25 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll 2007-04-20 20:25 153,088 --a------ C:\WINDOWSegedit.exe 2007-04-20 20:25 15,872 --a------ C:\WINDOWS\system32\dmremote.exe 2007-04-20 20:25 15,872 --a------ C:\WINDOWS\system32\cmcfg32.dll 2007-04-20 20:25 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2007-04-20 20:25 146,944 --a------ C:\WINDOWS\system32\hotplug.dll 2007-04-20 20:25 145,408 --a------ C:\WINDOWS\system32\dsprop.dll 2007-04-20 20:25 143,360 --a------ C:\WINDOWS\system32\adsldpc.dll 2007-04-20 20:25 14,336 --a------ C:\WINDOWS\system32\drprov.dll 2007-04-20 20:25 138,240 --a------ C:\WINDOWS\system32\mqad.dll 2007-04-20 20:25 137,216 --a------ C:\WINDOWS\system32\dssenh.dll 2007-04-20 20:25 126,976 --a------ C:\WINDOWS\system32\apphelp.dll 2007-04-20 20:25 125,952 --a------ C:\WINDOWS\system32\schtasks.exe 2007-04-20 20:25 123,904 --a------ C:\WINDOWS\system32\dfrgui.dll 2007-04-20 20:25 123,392 --a------ C:\WINDOWS\system32\mqrtdep.dll 2007-04-20 20:25 123,392 --a------ C:\WINDOWS\system32\glu32.dll 2007-04-20 20:25 121,856 --a------ C:\WINDOWS\system32\idq.dll 2007-04-20 20:25 121,856 --a------ C:\WINDOWS\system32\gpresult.exe 2007-04-20 20:25 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll 2007-04-20 20:25 120,320 --a------ C:\WINDOWS\system32\aclui.dll 2007-04-20 20:25 119,808 --a------ C:\WINDOWS\system32\iasrad.dll 2007-04-20 20:25 117,248 --a------ C:\WINDOWS\system32\mqtgsvc.exe 2007-04-20 20:25 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-04-20 20:25 113,664 --a------ C:\WINDOWS\system32\dsuiext.dll 2007-04-20 20:25 110,592 --a------ C:\WINDOWS\system32\dbnetlib.dll 2007-04-20 20:25 110,080 --a------ C:\WINDOWS\system32\dgnet.dll 2007-04-20 20:25 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-20 20:25 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-04-20 20:25 11,264 --a------ C:\WINDOWS\system32\autolfn.exe 2007-04-20 20:25 11,264 --a------ C:\WINDOWS\system32\atmadm.exe 2007-04-20 20:25 107,520 --a------ C:\WINDOWS\system32snotify.exe 2007-04-20 20:25 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-04-20 20:25 104,448 --a------ C:\WINDOWS\system32\dmusic.dll 2007-04-20 20:25 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-04-20 20:25 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-04-20 20:25 102,400 --a------ C:\WINDOWS\system32\cscdll.dll 2007-04-20 20:25 101,888 --a------ C:\WINDOWS\system32\actxprxy.dll 2007-04-20 20:25 100,352 --a------ C:\WINDOWS\system32\6to4svc.dll 2007-04-20 20:25 10,752 --a------ C:\WINDOWS\system32\dumprep.exe 2007-04-20 20:25 10,752 --a------ C:\WINDOWS\hh.exe 2007-04-20 20:25 10,240 --a------ C:\WINDOWS\system32\gpkrsrc.dll 2007-04-20 20:25 1,788 --a------ C:\WINDOWS\system32\dcache.bin 2007-04-20 20:25 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-04-20 20:25 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-04-20 20:25 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-04-20 20:25 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-04-20 20:25 1,219,072 --a------ C:\WINDOWS\system32
tbackup.exe 2007-04-20 20:25 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll 2007-04-20 20:25 1,092,096 --a------ C:\WINDOWS\system32\esent.dll 2007-04-20 20:25 1,035,776 --a------ C:\WINDOWS\explorer.exe 2007-04-20 20:24 999,936 --a------ C:\WINDOWS\system32\setupapi.dll 2007-04-20 20:24 999,424 --a------ C:\WINDOWS\system32\msgina.dll 2007-04-20 20:24 993,280 --a------ C:\WINDOWS\system32\syssetup.dll 2007-04-20 20:24 99,840 --a------ C:\WINDOWS\system32\winscard.dll 2007-04-20 20:24 99,328 --a------ C:\WINDOWS\system32\loadperf.dll 2007-04-20 20:24 981,760 --a------ C:\WINDOWS\system32\mfc42u.dll 2007-04-20 20:24 98,304 --a------ C:\WINDOWS\system32\slbiop.dll 2007-04-20 20:24 98,304 --a------ C:\WINDOWS\system32\scardsvr.exe 2007-04-20 20:24 98,304 --a------ C:\WINDOWS\system32\psbase.dll 2007-04-20 20:24 98,304 --a------ C:\WINDOWS\system32\odbcint.dll 2007-04-20 20:24 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll 2007-04-20 20:24 96,768 --a------ C:\WINDOWS\system32\logagent.exe 2007-04-20 20:24 96,256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys 2007-04-20 20:24 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-20 20:24 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys 2007-04-20 20:24 94,208 --a------ C:\WINDOWS\system32	scfgwmi.dll 2007-04-20 20:24 93,696 --a------ C:\WINDOWS\system32\wlnotify.dll 2007-04-20 20:24 92,384 --a------ C:\WINDOWS\system32\krnl386.exe 2007-04-20 20:24 92,168 --a------ C:\WINDOWS\system32dpdd.dll 2007-04-20 20:24 92,160 --a------ C:\WINDOWS\system32\smlogsvc.exe 2007-04-20 20:24 92,160 --a------ C:\WINDOWS\system32
tprint.dll 2007-04-20 20:24 92,032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys 2007-04-20 20:24 91,776 --a------ C:\WINDOWS\system32\drivers
diswan.sys 2007-04-20 20:24 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll 2007-04-20 20:24 91,136 --a------ C:\WINDOWS\system32\mydocs.dll 2007-04-20 20:24 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-04-20 20:24 90,624 --a------ C:\WINDOWS\system32	rkwks.dll 2007-04-20 20:24 9,216 --a------ C:\WINDOWS\system32\scrnsave.scr 2007-04-20 20:24 895,736 --a------ C:\WINDOWS\system32\wmvdmod.dll 2007-04-20 20:24 89,088 --a------ C:\WINDOWS\system32asauto.dll 2007-04-20 20:24 884,736 --a------ C:\WINDOWS\system32\msimsg.dll 2007-04-20 20:24 881,152 --a------ C:\WINDOWS\system32
etplwiz.dll 2007-04-20 20:24 88,576 --a------ C:\WINDOWS\system32
etsh.exe 2007-04-20 20:24 88,448 --a------ C:\WINDOWS\system32\drivers
wlnkipx.sys 2007-04-20 20:24 87,176 --a------ C:\WINDOWS\system32dpwsx.dll 2007-04-20 20:24 87,040 --a------ C:\WINDOWS\system32\mprapi.dll 2007-04-20 20:24 86,016 --a------ C:\WINDOWS\system32\msapsspc.dll 2007-04-20 20:24 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-04-20 20:24 859,648 --a------ C:\WINDOWS\system32	api3.dll 2007-04-20 20:24 85,504 --a------ C:\WINDOWS\system32\makecab.exe 2007-04-20 20:24 84,992 --a------ C:\WINDOWS\system32\mciavi32.dll 2007-04-20 20:24 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll 2007-04-20 20:24 83,456 --a------ C:\WINDOWS\system32\olepro32.dll 2007-04-20 20:24 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll 2007-04-20 20:24 815,104 --a------ C:\WINDOWS\system32\mmc.exe 2007-04-20 20:24 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-04-20 20:24 81,408 --a------ C:\WINDOWS\system32
etui0.dll 2007-04-20 20:24 800,000 --a------ C:\WINDOWS\system32\drivers\dmboot.sys 2007-04-20 20:24 80,384 --a------ C:\WINDOWS\system32\drivers\parport.sys 2007-04-20 20:24 8,192 --a------ C:\WINDOWS\system32
tlsapi.dll 2007-04-20 20:24 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll 2007-04-20 20:24 79,744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys 2007-04-20 20:24 79,360 --a------ C:\WINDOWS\system32	elnet.exe 2007-04-20 20:24 78,848 --a------ C:\WINDOWS\system32\msiexec.exe 2007-04-20 20:24 78,336 --a------ C:\WINDOWS\system32\unimdmat.dll 2007-04-20 20:24 78,336 --a------ C:\WINDOWS\system32\shrpubw.exe 2007-04-20 20:24 78,336 --a------ C:\WINDOWS\system32\sdbinst.exe 2007-04-20 20:24 78,336 --a------ C:\WINDOWS\system32tcshare.exe 2007-04-20 20:24 774,904 --a------ C:\WINDOWS\system32\wmsdmod.dll 2007-04-20 20:24 772,608 --a------ C:\WINDOWS\system32\winntbbu.dll 2007-04-20 20:24 76,800 --a------ C:\WINDOWS\system32
slookup.exe 2007-04-20 20:24 76,288 --a------ C:\WINDOWS\system32\usbui.dll 2007-04-20 20:24 76,288 --a------ C:\WINDOWS\system32\storprop.dll 2007-04-20 20:24 76,288 --a------ C:\WINDOWS\system32\mmcbase.dll 2007-04-20 20:24 75,776 --a------ C:\WINDOWS\system32\wiascr.dll 2007-04-20 20:24 75,264 --a------ C:\WINDOWS\system32\locator.exe 2007-04-20 20:24 75,264 --a------ C:\WINDOWS\system32\inetpp.dll 2007-04-20 20:24 74,752 --a------ C:\WINDOWS\system32\spoolss.dll 2007-04-20 20:24 74,752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys 2007-04-20 20:24 74,240 --a------ C:\WINDOWS\system32\mscms.dll 2007-04-20 20:24 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-04-20 20:24 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-04-20 20:24 73,216 --a------ C:\WINDOWS\system32\magnify.exe 2007-04-20 20:24 729,088 --a------ C:\WINDOWS\system32
tdll.dll 2007-04-20 20:24 728,576 --a------ C:\WINDOWS\system32\userenv.dll 2007-04-20 20:24 727,040 --a------ C:\WINDOWS\system32\lsasrv.dll 2007-04-20 20:24 72,704 --a------ C:\WINDOWS\system32\msw3prt.dll 2007-04-20 20:24 716,288 --a------ C:\WINDOWS\system32\wmadmoe.dll 2007-04-20 20:24 714,752 --a------ C:\WINDOWS\system32\sxs.dll 2007-04-20 20:24 713,728 --a------ C:\WINDOWS\system32\opengl32.dll 2007-04-20 20:24 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll 2007-04-20 20:24 71,680 --a------ C:\WINDOWS\system32\msacm32.dll 2007-04-20 20:24 71,552 --a------ C:\WINDOWS\system32\drivers\bridge.sys 2007-04-20 20:24 71,168 --a------ C:\WINDOWS\system32\sigverif.exe 2007-04-20 20:24 71,040 --a------ C:\WINDOWS\system32\drivers\dxg.sys 2007-04-20 20:24 708,608 --a------ C:\WINDOWS\system32\ss3dfo.scr 2007-04-20 20:24 701,440 --a------ C:\WINDOWS\system32\msxml2.dll 2007-04-20 20:24 70,656 --a------ C:\WINDOWS\system32\scarddlg.dll 2007-04-20 20:24 70,192 --a------ C:\WINDOWS\system32\mmsystem.dll 2007-04-20 20:24 70,192 --a------ C:\WINDOWS\system\mmsystem.dll 2007-04-20 20:24 70,144 --a------ C:\WINDOWS\system32
otepad.exe 2007-04-20 20:24 70,144 --a------ C:\WINDOWS
otepad.exe 2007-04-20 20:24 7,424 --a------ C:\WINDOWS\system32\kd1394.dll 2007-04-20 20:24 69,632 --a------ C:\WINDOWS\system32aschap.dll 2007-04-20 20:24 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe 2007-04-20 20:24 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-04-20 20:24 69,120 --a------ C:\WINDOWS\system32\msctfp.dll 2007-04-20 20:24 69,120 --a------ C:\WINDOWS\system32\drivers\psched.sys 2007-04-20 20:24 684,032 --a------ C:\WINDOWS\system32\sstext3d.scr 2007-04-20 20:24 684,032 --a------ C:\WINDOWS\system32\advapi32.dll 2007-04-20 20:24 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys 2007-04-20 20:24 68,096 --a------ C:\WINDOWS\system32\webclnt.dll 2007-04-20 20:24 68,096 --a------ C:\WINDOWS\system32\shgina.dll 2007-04-20 20:24 68,096 --a------ C:\WINDOWS\system32\osuninst.dll 2007-04-20 20:24 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-20 20:24 676,864 --a------ C:\WINDOWS\system32asdlg.dll 2007-04-20 20:24 67,584 --a------ C:\WINDOWS\system32\sti.dll

ace_quorthon · Answer

Did you see the annoying !!!!!!!!!!!! - line in the post above? that's because I couldnt place the last piece of the log. When I tried to post it, it said there was 's o l' in it which is prohibited. I saved that piece of info which I couldnt place.

ace_quorthon · Answer

2007-04-20 20:24 38,912 --a------ C:\WINDOWS\system32\sens.dll 2007-04-20 20:24 379,392 --a------ C:\WINDOWS\system32\wzcdlg.dll 2007-04-20 20:24 37,888 --a------ C:\WINDOWS\system32
etstat.exe 2007-04-20 20:24 368,128 --a------ C:\WINDOWS\system32\smlogcfg.dll 2007-04-20 20:24 364,784 --a------ C:\WINDOWS\system32\MSSCP.dll 2007-04-20 20:24 36,921 --a------ C:\WINDOWS\system32\imeshare.dll 2007-04-20 20:24 36,864 --a------ C:\WINDOWS\system32\mscpxl32.dll 2007-04-20 20:24 36,352 --a------ C:\WINDOWS\system32\umandlg.dll 2007-04-20 20:24 36,352 --a------ C:\WINDOWS\system32
cobjapi.dll 2007-04-20 20:24 36,352 --a------ C:\WINDOWS\system32\imgutil.dll 2007-04-20 20:24 36,352 --a------ C:\WINDOWS\system32\drivers\disk.sys 2007-04-20 20:24 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys 2007-04-20 20:24 359,936 --a------ C:\WINDOWS\system32\wzcsvc.dll 2007-04-20 20:24 359,808 --a------ C:\WINDOWS\system32\drivers	cpip.sys 2007-04-20 20:24 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll 2007-04-20 20:24 358,912 --a------ C:\WINDOWS\system32	ermmgr.dll 2007-04-20 20:24 356,352 --a------ C:\WINDOWS\system32\ipsecsnp.dll 2007-04-20 20:24 352,768 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-04-20 20:24 35,840 --a------ C:\WINDOWS\system32cimlby.exe 2007-04-20 20:24 35,648 --a------ C:\WINDOWS\system32
tio411.sys 2007-04-20 20:24 35,424 --a------ C:\WINDOWS\system32
tio412.sys 2007-04-20 20:24 35,328 --a------ C:\WINDOWS\system32\pid.dll 2007-04-20 20:24 35,328 --a------ C:\WINDOWS\system32\perfproc.dll 2007-04-20 20:24 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-04-20 20:24 35,072 --a------ C:\WINDOWS\system32\drivers\msgpc.sys 2007-04-20 20:24 349,184 --a------ C:\WINDOWS\system32\ippromon.dll 2007-04-20 20:24 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll 2007-04-20 20:24 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll 2007-04-20 20:24 347,648 --a------ C:\WINDOWS\system32	ourstart.exe 2007-04-20 20:24 345,600 --a------ C:\WINDOWS\system32\mspaint.exe 2007-04-20 20:24 343,040 --a------ C:\WINDOWS\system32\msvcrt.dll 2007-04-20 20:24 343,040 --a------ C:\WINDOWS\system32\localspl.dll 2007-04-20 20:24 340,480 --a------ C:\WINDOWS\system32\zipfldr.dll 2007-04-20 20:24 34,816 --a------ C:\WINDOWS\system32\ssdpapi.dll 2007-04-20 20:24 34,560 --a------ C:\WINDOWS\system32
tio804.sys 2007-04-20 20:24 34,560 --a------ C:\WINDOWS\system32
tio404.sys 2007-04-20 20:24 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-04-20 20:24 34,560 --a------ C:\WINDOWS\system32\drivers\wanarp.sys 2007-04-20 20:24 34,560 --a------ C:\WINDOWS\system32\drivers
etbios.sys 2007-04-20 20:24 34,304 --a------ C:\WINDOWS\system32\pstorsvc.dll 2007-04-20 20:24 332,928 --a------ C:\WINDOWS\system32\drivers\srv.sys 2007-04-20 20:24 332,800 --a------ C:\WINDOWS\system32
etsetup.exe 2007-04-20 20:24 332,288 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-04-20 20:24 33,920 --a------ C:\WINDOWS\system32
tio.sys 2007-04-20 20:24 33,792 --a------ C:\WINDOWS\system32\WMDMPS.dll 2007-04-20 20:24 33,792 --a------ C:\WINDOWS\system32undll32.exe 2007-04-20 20:24 33,792 --a------ C:\WINDOWS\system32\msgsvc.dll 2007-04-20 20:24 33,280 --a------ C:\WINDOWS\system32\inetmib1.dll 2007-04-20 20:24 324,096 --a------ C:\WINDOWS\system32\scesrv.dll 2007-04-20 20:24 32,768 --a------ C:\WINDOWS\system32\wpnpinst.exe 2007-04-20 20:24 32,768 --a------ C:\WINDOWS\system32\winipsec.dll 2007-04-20 20:24 32,768 --a------ C:\WINDOWS\system32\sethc.exe 2007-04-20 20:24 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe 2007-04-20 20:24 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-04-20 20:24 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-04-20 20:24 32,768 --a------ C:\WINDOWS\system32\csrsrv.dll 2007-04-20 20:24 32,256 --a------ C:\WINDOWS\system32\wpabaln.exe 2007-04-20 20:24 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll 2007-04-20 20:24 316,416 --a------ C:\WINDOWS\system32\untfs.dll 2007-04-20 20:24 315,904 --a------ C:\WINDOWS\system32\MSWMDM.dll 2007-04-20 20:24 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll 2007-04-20 20:24 31,744 --a------ C:\WINDOWS\system32tipxmib.dll 2007-04-20 20:24 306,176 --a------ C:\WINDOWS\system32\slbcsp.dll 2007-04-20 20:24 305,664 --a------ C:\WINDOWS\system32\ulib.dll 2007-04-20 20:24 303,616 --a------ C:\WINDOWS\system32\wmstream.dll 2007-04-20 20:24 30,848 --a------ C:\WINDOWS\system32\drivers
pfs.sys 2007-04-20 20:24 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll 2007-04-20 20:24 30,720 --a------ C:\WINDOWS\system32\xcopy.exe 2007-04-20 20:24 30,336 --a------ C:\WINDOWS\system32\drivers\modem.sys 2007-04-20 20:24 30,208 --a------ C:\WINDOWS\system32\mspatcha.dll 2007-04-20 20:24 30,080 --a------ C:\WINDOWS\system32\driversndismp.sys 2007-04-20 20:24 3,584 --a------ C:\WINDOWS\system32\msafd.dll 2007-04-20 20:24 3,352 --a------ C:\WINDOWS\system32edir.exe 2007-04-20 20:24 297,472 --a------ C:\WINDOWS\system32	ermsrv.dll 2007-04-20 20:24 295,936 --a------ C:\WINDOWS\system32\kerberos.dll 2007-04-20 20:24 294,400 --a------ C:\WINDOWS\system32\msctf.dll 2007-04-20 20:24 293,376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-04-20 20:24 292,864 --a------ C:\WINDOWS\system32\vssvc.exe 2007-04-20 20:24 290,816 --a------ C:\WINDOWS\system32\msnsspc.dll 2007-04-20 20:24 29,696 --a------ C:\WINDOWS\system32\sendcmsg.dll 2007-04-20 20:24 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-04-20 20:24 287,744 --a------ C:\WINDOWS\system32\objsel.dll 2007-04-20 20:24 285,184 --a------ C:\WINDOWS\system32\pdh.dll 2007-04-20 20:24 281,088 --a------ C:\WINDOWS\system32\comdlg32.dll 2007-04-20 20:24 28,672 --a------ C:\WINDOWS\system32\wshcon.dll 2007-04-20 20:24 28,672 --a------ C:\WINDOWS\system32
mmkcert.dll 2007-04-20 20:24 28,160 --a------ C:\WINDOWS\system32\WMDMLOG.dll 2007-04-20 20:24 28,160 --a------ C:\WINDOWS\system32\shscrap.dll 2007-04-20 20:24 279,040 --a------ C:\WINDOWS\system32\qdv.dll 2007-04-20 20:24 278,559 --a------ C:\WINDOWS\system32\odbcjt32.dll 2007-04-20 20:24 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-04-20 20:24 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-04-20 20:24 271,360 --a------ C:\WINDOWS\system32\msihnd.dll 2007-04-20 20:24 27,648 --a------ C:\WINDOWS\system32\profmap.dll 2007-04-20 20:24 27,392 --a------ C:\WINDOWS\system32\drivers\fdc.sys 2007-04-20 20:24 27,136 --a------ C:\WINDOWS\system32\perfdisk.dll 2007-04-20 20:24 267,264 --a------ C:\WINDOWS\system32\oakley.dll 2007-04-20 20:24 264,704 --a------ C:\WINDOWS\system32\wow32.dll 2007-04-20 20:24 26,112 --a------ C:\WINDOWS\system32\vdmdbg.dll 2007-04-20 20:24 26,112 --a------ C:\WINDOWS\system32\skeys.exe 2007-04-20 20:24 26,112 --a------ C:\WINDOWS\system32\perfos.dll 2007-04-20 20:24 258,077 --a------ C:\WINDOWS\system32\mstext40.dll 2007-04-20 20:24 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-04-20 20:24 251,904 --a------ C:\WINDOWS\system32\msieftp.dll 2007-04-20 20:24 250,368 --a------ C:\WINDOWS\system32
ewdev.dll 2007-04-20 20:24 25,600 --a------ C:\WINDOWS\system32\udhisapi.dll 2007-04-20 20:24 25,600 --a------ C:\WINDOWS\system32\slayerxp.dll 2007-04-20 20:24 25,600 --a------ C:\WINDOWS\system32\mslbui.dll 2007-04-20 20:24 25,472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys 2007-04-20 20:24 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys 2007-04-20 20:24 25,088 --a------ C:\WINDOWS\system32\shfolder.dll 2007-04-20 20:24 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys 2007-04-20 20:24 249,856 --a------ C:\WINDOWS\system32\odbc32.dll 2007-04-20 20:24 249,344 --a------ C:\WINDOWS\system32	apisrv.dll 2007-04-20 20:24 247,296 --a------ C:\WINDOWS\system32\mswsock.dll 2007-04-20 20:24 246,814 --a------ C:\WINDOWS\system32\strmdll.dll 2007-04-20 20:24 245,760 --a------ C:\WINDOWS\system32
etui1.dll 2007-04-20 20:24 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll 2007-04-20 20:24 241,152 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-20 20:24 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll 2007-04-20 20:24 24,960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys 2007-04-20 20:24 24,576 --a------ C:\WINDOWS\system32\wsock32.dll 2007-04-20 20:24 24,576 --a------ C:\WINDOWS\system32\userinit.exe 2007-04-20 20:24 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll 2007-04-20 20:24 24,576 --a------ C:\WINDOWS\system32\msorc32r.dll 2007-04-20 20:24 24,064 --a------ C:\WINDOWS\system32\ipxroute.exe 2007-04-20 20:24 239,616 --a------ C:\WINDOWS\system32\upnpui.dll 2007-04-20 20:24 236,544 --a------ C:\WINDOWS\system32asapi32.dll 2007-04-20 20:24 23,552 --a------ C:\WINDOWS\system32\mciwave.dll 2007-04-20 20:24 23,552 --a------ C:\WINDOWS\system32\drivers\mouclass.sys 2007-04-20 20:24 23,040 --a------ C:\WINDOWS\system32\setup.exe 2007-04-20 20:24 23,040 --a------ C:\WINDOWS\system32\psapi.dll 2007-04-20 20:24 23,040 --a------ C:\WINDOWS\system32\mciseq.dll 2007-04-20 20:24 225,792 --a------ C:\WINDOWS\system32\localsec.dll 2007-04-20 20:24 225,664 --a------ C:\WINDOWS\system32\drivers	cpip6.sys 2007-04-20 20:24 224,768 --a------ C:\WINDOWS\system32\wmasf.dll 2007-04-20 20:24 221,184 --a------ C:\WINDOWS\system32\qasf.dll 2007-04-20 20:24 220,672 --a------ C:\WINDOWS\system32\logon.scr 2007-04-20 20:24 22,528 --a------ C:\WINDOWS\system32\mfcsubs.dll 2007-04-20 20:24 22,016 --a------ C:\WINDOWS\system32cp.exe 2007-04-20 20:24 22,016 --a------ C:\WINDOWS\system32\lpk.dll 2007-04-20 20:24 219,136 --a------ C:\WINDOWS\system32\uxtheme.dll 2007-04-20 20:24 216,064 --a------ C:\WINDOWS\system32\osk.exe 2007-04-20 20:24 216,064 --a------ C:\WINDOWS\system32\moricons.dll 2007-04-20 20:24 213,023 --a------ C:\WINDOWS\system32\msltus40.dll 2007-04-20 20:24 21,896 --a------ C:\WINDOWS\system32\drivers	dtcp.sys 2007-04-20 20:24 21,504 --a------ C:\WINDOWS\system32\sclgntfy.dll 2007-04-20 20:24 209,408 --a------ C:\WINDOWS\system32\drivers\update.sys 2007-04-20 20:24 208,896 --a------ C:\WINDOWS\system32\mobsync.dll 2007-04-20 20:24 206,336 --a------ C:\WINDOWS\system32asppp.dll 2007-04-20 20:24 204,800 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-04-20 20:24 20,992 --a------ C:\WINDOWS\system32\ssmarque.scr 2007-04-20 20:24 20,992 --a------ C:\WINDOWS\system32\shutdown.exe 2007-04-20 20:24 20,992 --a------ C:\WINDOWS\system32\drivers\vga.sys 2007-04-20 20:24 20,992 --a------ C:\WINDOWS\system32\drivers\ipinip.sys 2007-04-20 20:24 20,511 --a------ C:\WINDOWS\system32\odtext32.dll 2007-04-20 20:24 20,511 --a------ C:\WINDOWS\system32\oddbse32.dll 2007-04-20 20:24 20,510 --a------ C:\WINDOWS\system32\odpdx32.dll 2007-04-20 20:24 20,510 --a------ C:\WINDOWS\system32\odfox32.dll 2007-04-20 20:24 20,510 --a------ C:\WINDOWS\system32\odexl32.dll 2007-04-20 20:24 20,480 --a------ C:\WINDOWS\system32\wmpui.dll 2007-04-20 20:24 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll 2007-04-20 20:24 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll 2007-04-20 20:24 20,480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-04-20 20:24 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys 2007-04-20 20:24 2,965,504 --a------ C:\WINDOWS\system32\wmploc.dll 2007-04-20 20:24 2,890,240 --a------ C:\WINDOWS\system32\msi.dll 2007-04-20 20:24 197,632 --a------ C:\WINDOWS\system32
etman.dll 2007-04-20 20:24 196,864 --a------ C:\WINDOWS\system32\driversdpdr.sys 2007-04-20 20:24 195,584 --a------ C:\WINDOWS\system32\msutb.dll 2007-04-20 20:24 195,072 --a------ C:\WINDOWS\system32\syncui.dll 2007-04-20 20:24 192,512 --a------ C:\WINDOWS\system32\qcap.dll 2007-04-20 20:24 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-04-20 20:24 19,968 --a------ C:\WINDOWS\system32\wshtcpip.dll 2007-04-20 20:24 19,968 --a------ C:\WINDOWS\system32\ws2help.dll 2007-04-20 20:24 19,968 --a------ C:\WINDOWS\system32\ssbezier.scr 2007-04-20 20:24 19,968 --a------ C:\WINDOWS\system32dpsnd.dll 2007-04-20 20:24 19,968 --a------ C:\WINDOWS\system32\linkinfo.dll 2007-04-20 20:24 19,456 --a------ C:\WINDOWS\system32
ddenb32.dll 2007-04-20 20:24 19,072 --a------ C:\WINDOWS\system32\drivers\msfs.sys 2007-04-20 20:24 188,544 --a------ C:\WINDOWS\system32\drivers\acpi.sys 2007-04-20 20:24 185,344 --a------ C:\WINDOWS\system32\upnphost.dll 2007-04-20 20:24 184,832 --a------ C:\WINDOWS\system32\scecli.dll 2007-04-20 20:24 184,320 --a------ C:\WINDOWS\system32\ipsecsvc.dll 2007-04-20 20:24 183,296 --a------ C:\WINDOWS\system32\snmpsnap.dll 2007-04-20 20:24 182,912 --a------ C:\WINDOWS\system32\drivers
dis.sys 2007-04-20 20:24 181,760 --a------ C:\WINDOWS\system32	api32.dll 2007-04-20 20:24 181,248 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys 2007-04-20 20:24 180,800 --a------ C:\WINDOWS\system32\sqlunirl.dll 2007-04-20 20:24 18,944 --a------ C:\WINDOWS\system32\version.dll 2007-04-20 20:24 18,944 --a------ C:\WINDOWS\system32\ssmyst.scr 2007-04-20 20:24 18,944 --a------ C:\WINDOWS\system32\snmpapi.dll 2007-04-20 20:24 18,944 --a------ C:\WINDOWS\system32\seclogon.dll 2007-04-20 20:24 18,944 --a------ C:\WINDOWS\system32smps.dll 2007-04-20 20:24 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-20 20:24 18,944 --a------ C:\WINDOWS\system32\ping.exe 2007-04-20 20:24 18,944 --a------ C:\WINDOWS\system32\midimap.dll 2007-04-20 20:24 18,560 --a------ C:\WINDOWS\system32\drivers	di.sys 2007-04-20 20:24 18,432 --a------ C:\WINDOWS\system32\wtsapi32.dll 2007-04-20 20:24 18,432 --a------ C:\WINDOWS\system32\ups.exe 2007-04-20 20:24 179,712 --a------ C:\WINDOWS\system32
tmsdba.dll 2007-04-20 20:24 179,200 --a------ C:\WINDOWS\system32\winmm.dll 2007-04-20 20:24 176,640 --a------ C:\WINDOWS\system32\wintrust.dll 2007-04-20 20:24 176,159 --a------ C:\WINDOWS\system32\msjint40.dll 2007-04-20 20:24 175,736 --a------ C:\WINDOWS\system32\xenroll.dll 2007-04-20 20:24 175,616 --a------ C:\WINDOWS\system32\w32time.dll 2007-04-20 20:24 174,592 --a------ C:\WINDOWS\system32\driversdbss.sys 2007-04-20 20:24 173,568 --a------ C:\WINDOWS\system32\MsPMSP.dll 2007-04-20 20:24 172,544 --a------ C:\WINDOWS\system32\wldap32.dll 2007-04-20 20:24 172,032 --a------ C:\WINDOWS\system32\photowiz.dll 2007-04-20 20:24 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll 2007-04-20 20:24 170,496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-04-20 20:24 17,920 --a------ C:\WINDOWS\system32
ddeapi.dll 2007-04-20 20:24 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-04-20 20:24 17,664 --a------ C:\WINDOWS\system32\watchdog.sys 2007-04-20 20:24 17,408 --a------ C:\WINDOWS\system32\powrprof.dll 2007-04-20 20:24 17,408 --a------ C:\WINDOWS\system32\msyuv.dll 2007-04-20 20:24 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2007-04-20 20:24 169,984 --a------ C:\WINDOWS\system32\sccbase.dll 2007-04-20 20:24 162,816 --a------ C:\WINDOWS\system32\drivers
etbt.sys 2007-04-20 20:24 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-20 20:24 16,896 --a------ C:\WINDOWS\system32\winrnr.dll 2007-04-20 20:24 16,896 --a------ C:\WINDOWS\system32\usbmon.dll 2007-04-20 20:24 16,896 --a------ C:\WINDOWS\system32\upnpcont.exe 2007-04-20 20:24 16,896 --a------ C:\WINDOWS\system32assapi.dll 2007-04-20 20:24 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll 2007-04-20 20:24 16,000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys 2007-04-20 20:24 159,744 --a------ C:\WINDOWS\system32\scrobj.dll 2007-04-20 20:24 159,232 --a------ C:\WINDOWS\system32\msimtf.dll 2007-04-20 20:24 155,136 --a------ C:\WINDOWS\system32\itircl.dll 2007-04-20 20:24 154,624 --a------ C:\WINDOWS\system32\shmedia.dll 2007-04-20 20:24 154,112 --a------ C:\WINDOWS\system32\keymgr.dll 2007-04-20 20:24 153,856 --a------ C:\WINDOWS\system32\drivers\dmio.sys 2007-04-20 20:24 152,576 --a------ C:\WINDOWS\system32saenh.dll 2007-04-20 20:24 151,552 --a------ C:\WINDOWS\system32\scrrun.dll 2007-04-20 20:24 151,552 --a------ C:\WINDOWS\system32\msdart.dll 2007-04-20 20:24 150,016 --a------ C:\WINDOWS\system32\imapi.exe 2007-04-20 20:24 15,872 --a------ C:\WINDOWS\system32sh.exe 2007-04-20 20:24 15,872 --a------ C:\WINDOWS\system32\perfmon.exe 2007-04-20 20:24 15,872 --a------ C:\WINDOWS\system32\inetppui.dll 2007-04-20 20:24 15,488 --a------ C:\WINDOWS\system32\drivers\serenum.sys 2007-04-20 20:24 15,360 --a------ C:\WINDOWS\system32\pjlmon.dll 2007-04-20 20:24 15,360 --a------ C:\WINDOWS\system32\msisip.dll 2007-04-20 20:24 147,968 --a------ C:\WINDOWS\system32dchost.dll 2007-04-20 20:24 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll 2007-04-20 20:24 147,456 --a------ C:\WINDOWS\system32\initpki.dll 2007-04-20 20:24 145,920 --a------ C:\WINDOWS\system32\modemui.dll 2007-04-20 20:24 145,408 --a------ C:\WINDOWS\system32
tshrui.dll 2007-04-20 20:24 144,896 --a------ C:\WINDOWS\system32\schannel.dll 2007-04-20 20:24 144,384 --a------ C:\WINDOWS\system32
wprovau.dll 2007-04-20 20:24 144,384 --a------ C:\WINDOWS\system32\mobsync.exe 2007-04-20 20:24 144,384 --a------ C:\WINDOWS\system32\imagehlp.dll 2007-04-20 20:24 143,360 --a------ C:\WINDOWS\system32\msorcl32.dll 2007-04-20 20:24 143,360 --a------ C:\WINDOWS\system32\drivers\fastfat.sys 2007-04-20 20:24 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys 2007-04-20 20:24 142,848 --a------ C:\WINDOWS\system32
etid.dll 2007-04-20 20:24 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-04-20 20:24 142,336 --a------ C:\WINDOWS\system32\msnetobj.dll 2007-04-20 20:24 141,824 --a------ C:\WINDOWS\system32\sfc_os.dll 2007-04-20 20:24 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-04-20 20:24 140,800 --a------ C:\WINDOWS\system32	askmgr.exe 2007-04-20 20:24 14,976 --a------ C:\WINDOWS\system32\drivers	ape.sys 2007-04-20 20:24 14,848 --a------ C:\WINDOWS\system32	cpmib.dll

Bugbatter · Answer

Yes, that is caused by the forum software's smut filter. Dell is looking into that. We'll have to work around it. Please print the text of these instructions so you can refer to them easily without going back online between steps. Until you are clean, the infection may be regenerating each time you go online. Please download the Killbox by Option^Explicit. If not available, here is an alternate link for the download: Killbox by Option^Explicit. Note: In the event you already have Killbox, this is a new version that I need you to download Save it to your Desktop. Do not run Killbox yet. Please download the latest version of VundoFix.exe to your desktop. (If you have an earlier version, delete it and its old log here: C:\ vundofix.txt.) Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from 'Click the Scan for Vundo button.' when VundoFix appears at reboot. ** If you get a warning about updating Java, do not do so until I can give you further instructions. Please launch HijackThis and place a checkmark next to these entries if they still exist: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO2 - BHO: (no name) - {4EE5DA61-648C-4F53-A140-1BE34F97F2BF} - C:\WINDOWS\system32\gieknt.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\kwyyaqlc.dll (file missing)O2 - BHO: (no name) - {E2389A9A-71FE-459A-91EA-5113C88833A9} - C:\WINDOWS\system32\awvtr.dllO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [InfoData] rundll32.exe 'C:\WINDOWS\system32
xqkwatm.dll',realsetO4 - HKCU\..\Run: [Dtth] 'C:\WINDOWS\system32\FNTS~1
slookup.exe' -vt ndrvO20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing) Close all windows except HijackThis and click 'Fix Checked'. Close HijackThis. Please double-click Killbox.exe to run it. Select: Delete on Reboot Click on the All Files button. Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\gieknt.dllC:\WINDOWS\system32\awvtr.dllC:\WINDOWS\system32
xqkwatm.dllC:\WINDOWS\system32\FNTS~1
slookup.exe Return to Killbox, go to the File menu, and choose Paste from Clipboard. Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message.). If your computer does not restart automatically, please restart it manually into normal mode. [Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

ace_quorthon · Answer

Thank you for your help sofar, the instructions are very clear. Here is the VunduFix log:

VundoFix V6.3.21

Checking Java version...

Scan started at 17:29:41 30-4-2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\kwyyaqlc.dll
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Killbox instructions citate: *Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message.).*

-I couldn't get the 4 files to be deleted at the same time. After copying it from Notepad or Word and going to the "File - paste from clipboard" they simply didn't show up (also after a couple of tries). So I did them one by one, the computer didn't reboot automaticly anyway even after clicking 'yes' when asked to reboot. So I removed them one by one and then rebooted manually. After deleting the files I indeed received the PendingFileRenameOperations prompt 4 times (after every deletion).

ace_quorthon · Answer

Oh, and ofcourse the new HijackThis log:   Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:57:52, on 30-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\System32
vsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\bin
vcoas.exe C:\Norman\Nvc\BIN
ipsvc.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Documents and Settings\Roland vd Linden\Bureaublad\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {A6041DFA-F580-4741-9898-B894BCD70E5A} - C:\WINDOWS\system32\awvtr.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe' O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [DAEMON Tools] 'C:\Program Files\DAEMON Tools\daemon.exe' -lang 1033 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 'C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe' O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177092253623 O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN
ipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin
vcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 6391 bytes

Bugbatter · Answer

It looks to me as if the critter doesn't want to leave.
I will need to post a script that will edit your registry and delete the bad files.
Unfortunately, as I am previewing my post, I see that the Dell software will not accept the text as is and we need to make sure it is posted EXACTLY as is and that you copy it correctly.

Please go to CastleCops and register there with your same username as here. Then post your HijackThis log the Hijackthis forum at CastleCops:
http://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Title your topic " ATTN: Bugbatter Log from Dell". I'll pick it up over there.
I don't like to inconvenience you, but we have to get this right.
Thank you so much.

ace_quorthon · Answer

Ah! trying to recruit new members at Castlecops right? ;)   I did as asked and started the topic at castlecops.

Bugbatter · Answer

Not really looking for recruits, but when we have forum software issues here and cannot post the text needed for fixes, we have no choice but to send people to a forum that will accept the text as formatted.

I've replied to your post over there, and we'll discontinue this thread. If you would like to receive email notifications of replies to your post there, click on "Watch this topic for replies" at the bottom of the thread.

The text I posted formatted correctly over there, so carry on! :)

Virus & Spyware

Was this post helpful?