My system is infected, plz help.

Baabiouz · Oct 24, 2008

It's ok.

HijackThis log looks fine.

Do you have any problems or questions?

deepak4490 · Oct 24, 2008

Thanks a lot buddy

resent:, now when i open a webpage - it is now showing that link in status bar.

What i have to do if the same problem again occurs in the future ?

Baabiouz · Oct 24, 2008

You're welcome.

Update and run Mbam first. If that doesn't help, post HijackThis log here forum

deepak4490 · Oct 24, 2008

Thanks a lot, now am not facing any problem.

Bro what i have to do if i wanna donate some money to Spybot.info

Baabiouz · Oct 25, 2008

Hi

You're Welcome.

Here is link to Donate to Spybot:
http://www.spybot.info/en/donate/index.html

deepak4490 · Oct 27, 2008

Bro i didnt use any pendrive, now i download any file from internet. Same problem occured again.
after seing last Hijachthis log u said the system is lookin ok, then from where this trojan comes again.

HijackThis Log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:49 AM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Deepak\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viruslist.com/en/advisories/29321
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DEFE24-3973-444A-8971-2DF474663929}: NameServer = 172.16.0.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3479 bytes

Baabiouz · Oct 28, 2008

Kaspersky is warning you about that website. What you did that this notice came up?

deepak4490 · Oct 28, 2008

kaspersky automatically deny it.

deepak4490 · Oct 28, 2008

I dont open any porn or warez site, next time i'll check which sites show this message and will tell u, u check at ur pc that these sites contain malicious script or not.

Baabiouz · Oct 28, 2008

Okay

deepak4490 · Oct 31, 2008

I get this message from kaspersky everytime when i open a website like yahoo, spybot.info and others.

"Internet Explorer:Loading object http://y.ads009.info/14.htm,containing trojan program Exploit.JS.RealPlr.nl. Detected."

Please bro help me in removing this trojan.

Baabiouz · Nov 1, 2008

Hi

It may be False Positive, so you don't need to be worried

Installing MVPS Hosts file may help to fix the problem

deepak4490 · Nov 1, 2008

What is this false positive, can u plz describe it.

Also my other pc is working fine, but the net is very slow, take years to download even a 1mb file.
Downloads freezes in between - is there any virus or trojan responsible for that.

Baabiouz · Nov 1, 2008

Hi

Here is good text about False Positive.

Post HijackThis log of your other computer here so we can try fix the problem

deepak4490 · Nov 1, 2008

HiJackThis Log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:10 AM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08531EC-97A6-4CF6-9E7A-C2ECD31E6A5E}: NameServer = 192.168.222.4,202.88.149.6

--
End of file - 1553 bytes

Baabiouz · Nov 1, 2008

Hi

Click Start | My Computer | Local Disk (C: ) .
In the menu bar at the top, go to File | New | Folder.
That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\HijackThis.
Now get your HijackThis.exe file and place it in your folder.

Rename HiJackThis
There may be some infection hiding in your log.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right-click on HijackThis.exe & select Rename to
Rename to something like deepak.exe
Double click on deepak.exe to run the program then post back a new Hijackthis log.

Post a fresh HijackThis log (deepak.exe) back here

deepak4490 · Nov 1, 2008

HiJackThis Log - fresh

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:22 AM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\deepak.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08531EC-97A6-4CF6-9E7A-C2ECD31E6A5E}: NameServer = 192.168.222.4,202.88.149.6

--
End of file - 1514 bytes

Baabiouz · Nov 2, 2008

Hi

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post Mbam results and Rsit logs back here

deepak4490 · Nov 3, 2008

MalwareBytes Logfile

Malwarebytes' Anti-Malware 1.30
Database version: 1358
Windows 5.1.2600 Service Pack 2

11/3/2008 10:54:46 PM
mbam-log-2008-11-03 (22-54-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 69009
Time elapsed: 15 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-03 23:13:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (82%) free of 19 GB
Total RAM: 1015 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:41 PM, on 11/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Documents and Settings\Administrator\Desktop\Administrator.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08531EC-97A6-4CF6-9E7A-C2ECD31E6A5E}: NameServer = 192.168.222.4,202.88.149.6

--
End of file - 1536 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-03-11 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-03-11 114688]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
24Online Client.lnk - C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-03 23:13:33 ----D---- C:\rsit
2008-11-02 01:26:36 ----D---- C:\HijackThis
2008-11-01 20:07:21 ----RA---- C:\WINDOWS\system32\igfxres.dll
2008-11-01 20:05:22 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-01 20:05:17 ----D---- C:\Program Files\Realtek Sound Manager
2008-11-01 20:05:14 ----N---- C:\WINDOWS\avrack.ini
2008-11-01 20:05:14 ----D---- C:\Program Files\AvRack
2008-11-01 20:05:13 ----A---- C:\WINDOWS\system32\Audio3D.dll
2008-11-01 20:05:13 ----A---- C:\WINDOWS\system32\a3d.dll
2008-11-01 20:05:11 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-11-01 20:05:07 ----N---- C:\WINDOWS\alcupd.exe
2008-11-01 20:05:07 ----N---- C:\WINDOWS\alcrmv.exe
2008-11-01 20:05:03 ----D---- C:\WINDOWS\OPTIONS
2008-11-01 20:04:57 ----D---- C:\Program Files\Gigabyte
2008-11-01 20:04:55 ----A---- C:\WINDOWS\IsUninst.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxress.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxhk.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxext.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxexps.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxeud.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxdo.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxdiag.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxdgps.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmrnt5.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmrem.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmgicd.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmgdev.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmdnt5.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmdev5.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\ialmdd5.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\iAlmCoIn_v13.dll
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2008-11-01 20:04:19 ----RA---- C:\WINDOWS\system32\hccutils.dll
2008-11-01 20:04:08 ----D---- C:\WINDOWS\Drivers
2008-11-01 20:03:48 ----A---- C:\WINDOWS\system32\IPrtCnst.dll
2008-11-01 20:02:12 ----D---- C:\Program Files\Intel
2008-11-01 20:01:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 20:01:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-01 20:01:31 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-31 22:50:12 ----SHD---- C:\RECYCLER
2008-10-31 18:06:16 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-25 02:46:28 ----A---- C:\IPList.txt
2008-10-24 14:21:32 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-24 14:21:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 14:21:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-24 14:03:35 ----SHD---- C:\WINDOWS\CSC
2008-10-24 14:03:28 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-23 12:56:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-10-23 12:56:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-10-16 19:49:33 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-16 19:46:35 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-16 19:45:30 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 19:45:27 ----SHD---- C:\WINDOWS\Installer
2008-10-16 19:45:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-16 19:45:26 ----D---- C:\Program Files\Common Files\ODBC
2008-10-16 19:45:26 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-16 19:45:23 ----RD---- C:\Program Files
2008-10-16 19:45:23 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-16 19:45:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-16 19:45:23 ----D---- C:\Program Files\Common Files
2008-10-16 19:45:21 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-16 19:45:21 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-16 19:45:21 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-16 19:45:19 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-16 19:45:18 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-16 19:45:17 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-16 19:45:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-16 19:45:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-16 19:45:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-16 19:45:13 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-16 19:45:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-16 19:45:12 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-16 19:45:11 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-16 19:45:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-16 19:45:11 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-16 19:45:10 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-16 19:45:07 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-16 19:44:59 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-16 19:43:17 ----RA---- C:\WINDOWS\SET8.tmp
2008-10-16 19:43:14 ----RA---- C:\WINDOWS\SET4.tmp
2008-10-16 19:43:13 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-16 19:43:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-16 19:43:07 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-16 19:43:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-16 19:40:51 ----A---- C:\WINDOWS\setuplog.txt
2008-10-16 19:40:48 ----D---- C:\Documents and Settings
2008-10-16 19:40:47 ----SHD---- C:\System Volume Information
2008-10-16 19:37:16 ----SH---- C:\boot.ini
2008-10-16 19:33:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-16 19:33:35 ----RSD---- C:\WINDOWS\Fonts
2008-10-16 19:33:35 ----RD---- C:\WINDOWS\Web
2008-10-16 19:33:35 ----HD---- C:\WINDOWS\inf
2008-10-16 19:33:35 ----D---- C:\WINDOWS\WinSxS
2008-10-16 19:33:35 ----D---- C:\WINDOWS\twain_32
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Temp
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\wins
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\wbem
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\usmt
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\spool
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\Setup
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\ras
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\oobe
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\npp
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\mui
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\IME
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\icsxml
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\ias
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\export
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\drivers
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\dhcp
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\config
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\3076
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\2052
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1054
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1042
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1041
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1037
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1033
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1031
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1028
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32\1025
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system32
2008-10-16 19:33:35 ----D---- C:\WINDOWS\system
2008-10-16 19:33:35 ----D---- C:\WINDOWS\security
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Resources
2008-10-16 19:33:35 ----D---- C:\WINDOWS\repair
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Provisioning
2008-10-16 19:33:35 ----D---- C:\WINDOWS\PeerNet
2008-10-16 19:33:35 ----D---- C:\WINDOWS\pchealth
2008-10-16 19:33:35 ----D---- C:\WINDOWS\mui
2008-10-16 19:33:35 ----D---- C:\WINDOWS\msapps
2008-10-16 19:33:35 ----D---- C:\WINDOWS\msagent
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Media
2008-10-16 19:33:35 ----D---- C:\WINDOWS\java
2008-10-16 19:33:35 ----D---- C:\WINDOWS\ime
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Help
2008-10-16 19:33:35 ----D---- C:\WINDOWS\ehome
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Driver Cache
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Debug
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Cursors
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Connection Wizard
2008-10-16 19:33:35 ----D---- C:\WINDOWS\Config
2008-10-16 19:33:35 ----D---- C:\WINDOWS\AppPatch
2008-10-16 19:33:35 ----D---- C:\WINDOWS\addins
2008-10-16 19:33:35 ----D---- C:\WINDOWS
2008-10-16 16:07:35 ----D---- C:\Program Files\Maxotek
2008-10-16 16:04:56 ----RSD---- C:\WINDOWS\assembly
2008-10-16 16:04:28 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-16 16:03:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-16 16:03:37 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-16 14:39:58 ----A---- C:\WINDOWS\UnGins.exe
2008-10-16 14:39:57 ----D---- C:\Program Files\eLitecore
2008-10-16 14:35:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2008-10-16 14:35:33 ----HD---- C:\Program Files\Uninstall Information
2008-10-16 14:35:15 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-10-16 14:35:14 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-10-16 14:35:05 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-16 14:35:04 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-16 14:35:04 ----D---- C:\WINDOWS\Prefetch
2008-10-16 14:35:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-16 14:28:24 ----D---- C:\WINDOWS\system32\xircom
2008-10-16 14:28:24 ----D---- C:\Program Files\xerox
2008-10-16 14:28:24 ----D---- C:\Program Files\microsoft frontpage
2008-10-16 14:27:56 ----A---- C:\WINDOWS\control.ini
2008-10-16 14:27:56 ----A---- C:\AUTOEXEC.BAT
2008-10-16 14:27:39 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-16 14:27:34 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-16 14:26:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-16 14:26:33 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-16 14:26:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-16 14:26:25 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-16 14:26:20 ----HD---- C:\Program Files\WindowsUpdate
2008-10-16 14:26:01 ----D---- C:\WINDOWS\system32\DirectX
2008-10-16 14:25:45 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-16 14:25:43 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-16 14:25:43 ----A---- C:\WINDOWS\desktop.ini
2008-10-16 14:25:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-16 14:25:37 ----D---- C:\Program Files\Common Files\Services
2008-10-16 14:25:37 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-16 14:25:35 ----SD---- C:\WINDOWS\Tasks
2008-10-16 14:25:35 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-16 14:25:34 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-16 14:25:31 ----D---- C:\WINDOWS\srchasst
2008-10-16 14:25:30 ----D---- C:\WINDOWS\system32\Macromed
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:25:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:25:27 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-16 14:25:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-16 14:25:27 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-16 14:25:27 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-16 14:25:24 ----D---- C:\Program Files\Movie Maker
2008-10-16 14:25:21 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-16 14:25:21 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-16 14:25:21 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-16 14:25:21 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-16 14:25:18 ----D---- C:\WINDOWS\system32\Restore
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-16 14:25:18 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-16 14:25:17 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-16 14:25:15 ----D---- C:\Program Files\NetMeeting
2008-10-16 14:25:15 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-16 14:25:15 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-16 14:25:14 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-16 14:25:14 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-16 14:25:12 ----D---- C:\Program Files\Outlook Express
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-16 14:25:12 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-16 14:25:07 ----D---- C:\Program Files\Internet Explorer
2008-10-16 14:25:07 ----D---- C:\Program Files\Common Files\System
2008-10-16 14:24:28 ----D---- C:\Program Files\ComPlus Applications
2008-10-16 14:24:26 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-16 14:24:26 ----A---- C:\WINDOWS\vb.ini
2008-10-16 14:24:22 ----D---- C:\WINDOWS\Registration
2008-10-16 14:24:14 ----D---- C:\Program Files\Windows Media Player
2008-10-16 14:24:14 ----D---- C:\Program Files\Online Services
2008-10-16 14:24:08 ----D---- C:\Program Files\Messenger
2008-10-16 14:24:05 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-16 14:24:05 ----A---- C:\WINDOWS\system32\write.exe
2008-10-16 14:23:58 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-16 14:23:57 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-16 14:23:52 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-16 14:23:52 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-16 14:23:51 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-16 14:23:50 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-16 14:23:49 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-16 14:23:48 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-16 14:23:48 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-16 14:23:44 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-16 14:23:36 ----D---- C:\Program Files\MSN
2008-10-16 14:23:35 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-16 14:23:35 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-16 14:23:35 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-16 14:23:35 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-16 14:23:34 ----D---- C:\Program Files\Windows NT
2008-10-16 14:23:34 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-16 14:23:34 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-16 14:23:34 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-16 14:23:33 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-16 14:23:32 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-16 14:23:32 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-16 14:23:31 ----D---- C:\WINDOWS\system32\Com
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-16 14:23:31 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-16 14:23:30 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-16 14:23:29 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-16 14:23:25 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-16 14:23:24 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-16 14:23:24 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-16 14:23:24 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2008-10-16 19:45:22 ----A---- C:\WINDOWS\system.ini
2008-10-16 14:27:56 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-03-13 90395]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2001-08-23 25434]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

Info.txt

info.txt logfile of random's system information tool 1.04 2008-11-03 23:13:43

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Cyberoam Client for 24Online-->C:\WINDOWS\UnGins.exe "C:\Program Files\eLitecore\Cyberoam Client for 24Online\install.log"
Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Pika Bot-->MsiExec.exe /I{D7383415-2CD0-4C0A-A239-28D1A43E10F2}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RTLSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Baabiouz · Nov 3, 2008

Hello

Rsit logs are fine.

You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:

Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
(At installing Zonealarm, please uncheck this option "include a ZoneAlarm Spy Blocker...". The Toolbar is not recommended... You can read more about it here.)
2) Agnitum
3) Sunbelt/Kerio
4) Comodo
(at installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage")

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Post a fresh HijackThis log here

My system is infected, plz help.

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team